Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Wed, 31 Dec 08
flatnux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5761
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.
Wed, 31 Dec 08
kerio_mailserver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5760
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
Wed, 31 Dec 08
flatnux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5759
Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 31 Dec 08
phparanoid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5758
Cross-site request forgery (CSRF) vulnerability in PHParanoid before 0.5 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors related to private messages.
Wed, 31 Dec 08
textpattern
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5757
Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.
Wed, 31 Dec 08
hex_workshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5756
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
Wed, 31 Dec 08
intellitamper
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5755
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
Wed, 31 Dec 08
bulletproof_ftp_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5754
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
Wed, 31 Dec 08
bulletproof_ftp_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5753
Stack-based buffer overflow in BulletProof FTP Client 2.63 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name.
Wed, 31 Dec 08
page_flip_image_gallery_plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5752
Directory traversal vulnerability in getConfig.php in the Page Flip Image Gallery plugin 0.2.2 and earlier for WordPress, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the book_id parameter. NOTE: some of these details are obtained from third party information.
Wed, 31 Dec 08
web_email_script_enterprise
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5751
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
Wed, 31 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5750
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
Wed, 31 Dec 08
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5749
** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission."
Wed, 31 Dec 08
bloofoxcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5748
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Wed, 31 Dec 08
f-prot_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5747
F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor.
Wed, 31 Dec 08
snmp_management_agent
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5746
Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files.
Wed, 31 Dec 08
windows_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5745
Integer overflow in Microsoft Windows Media Player 9, 10, and 11 allows remote attackers to execute arbitrary code via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: it is not clear whether this vulnerability is related to CVE-2008-4927 or CVE-2008-2253.
Wed, 31 Dec 08
kvm, qemu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4539
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
Tue, 30 Dec 08
zaptel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5744
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.
Tue, 30 Dec 08
pdfjam
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5743
pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack.
Tue, 30 Dec 08
netcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5742
Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the redirect parameter in a logoff action to modules/auth/index.php or (2) the url parameter to modules/linkmanager/redirect.php. NOTE: this was reported within an "HTTP Response Splitting" section in the original disclosure.
Tue, 30 Dec 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5498
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument (aka the bgd_color or clrBack argument) for an indexed image.
Tue, 30 Dec 08
pligg_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5739
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
Tue, 30 Dec 08
mysql_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5738
Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass authentication and gain administrative access by setting the nodstrumCalendarV2 cookie to 1. NOTE: some of these details are obtained from third party information.
Tue, 30 Dec 08
mysql_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5737
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Tue, 30 Dec 08
freebsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5736
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.
Tue, 30 Dec 08
coolplayer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5735
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
Tue, 30 Dec 08
merak_mail_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5734
Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.
Tue, 30 Dec 08
team_impact_ti_blog_system_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5733
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 30 Dec 08
kafooeyblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5732
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Tue, 30 Dec 08
desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5731
The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a "Driver Collapse." NOTE: some of these details are obtained from third party information.
Tue, 30 Dec 08
netcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5730
Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified vectors involving (1) a sequence in a cookie and (2) the add.php file.
Tue, 30 Dec 08
netcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5729
Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.
Tue, 30 Dec 08
netcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5728
Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the system parameter in modules/netshop/post.php; and the INCLUDE_FOLDER parameter in (2) auth.inc.php, (3) banner.inc.php, (4) blog.inc.php, and (5) forum.inc.php in modules/.
Tue, 30 Dec 08
netcat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5727
SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string.
Tue, 30 Dec 08
stormboards
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5726
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Tue, 30 Dec 08
powerstrip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5725
The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in EnTech Taiwan PowerStrip 3.84 and earlier allows local users to gain privileges via certain IRP parameters in an IOCTL request to \Device\Powerstrip1 that overwrites portions of memory.
Tue, 30 Dec 08
smart_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5724
The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ESET Smart Security 3.0.672 and earlier allows local users to gain privileges via a crafted IRP in a certain METHOD_NEITHER IOCTL request to \Device\Epfw that overwrites portions of memory.
Tue, 30 Dec 08
kannibbs2000, kannibbs2000i
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5723
Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka KanniBBS2000i, MiniBBS2000, and MiniBBS2000i) before 1.03 allows remote attackers to read arbitrary files via unspecified vectors.
Tue, 30 Dec 08
sawstudio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5722
Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file.
Tue, 30 Dec 08
blackjumbodog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5721
SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
Tue, 30 Dec 08
mayaa
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5720
Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.
Tue, 30 Dec 08
CVE-2008-5719 (groupmax_web_workflow_sdk_set_for_active_server_pages, groupmax_workflow_to_devel...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5719
Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Tue, 30 Dec 08
netatalk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5718
The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers to execute arbitrary commands via shell metacharacters in a print request. NOTE: some of these details are obtained from third party information.
Tue, 30 Dec 08
jp1_integrated_management_service_support
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5717
Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Fri, 26 Dec 08
libvirt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
Fri, 26 Dec 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5715
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash).
Fri, 26 Dec 08
qemu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5714
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
Fri, 26 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5713
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.
Fri, 26 Dec 08
konqueror
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5712
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
Thu, 25 Dec 08
photouploader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5711
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
Thu, 25 Dec 08
communication_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5710
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1.x, 4.0.3, and 5.x allow remote attackers to read (1) configuration files, (2) log files, (3) binary image files, and (4) help files via unknown vectors.
Thu, 25 Dec 08
communication_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5709
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
Thu, 25 Dec 08
slimcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5708
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
Thu, 25 Dec 08
qemu, kvm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2382
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
Thu, 25 Dec 08
iltaweb_alisveris_sistemi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5707
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
Wed, 24 Dec 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5557
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
Wed, 24 Dec 08
imap
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5514
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.
Wed, 24 Dec 08
php-collab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4305
Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.
Wed, 24 Dec 08
phpcollab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4304
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSL_CLIENT_CERT environment variable. NOTE: in some environments, SSL_CLIENT_CERT always has a base64-encoded string value, which may impose constraints on injection for typical shells.
Wed, 24 Dec 08
php-collab
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4303
Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.
Wed, 24 Dec 08
housecall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2435
Use-after-free vulnerability in the Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to execute arbitrary code via a crafted notifyOnLoadNative callback function.
Wed, 24 Dec 08
housecall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2434
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Tue, 23 Dec 08
verlihub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5706
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file.
Tue, 23 Dec 08
verlihub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5705
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
Tue, 23 Dec 08
gpsdrive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5704
src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might allow local users to overwrite arbitrary files via a symlink attack on the /tmp/gpsdrive-unit-test/proc temporary file, a different vector than CVE-2008-4959 and CVE-2008-5380.
Tue, 23 Dec 08
gpsdrive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5703
gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/.smswatch or (b) /tmp/gpsdrivepos temporary file, related to (1) examples/gpssmswatch and (2) src/splash.c, different vectors than CVE-2008-4959 and CVE-2008-5380.
Tue, 23 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5702
Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c in the Linux kernel before 2.6.28-rc1 might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
Tue, 23 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5701
Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attempted read operation outside the bounds of the syscall table.
Tue, 23 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5700
libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.
Tue, 23 Dec 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5699
The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors.
Tue, 23 Dec 08
konqueror
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5698
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
Tue, 23 Dec 08
skype_extension_for_firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5697
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
Tue, 23 Dec 08
courtier-authlib
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
Tue, 23 Dec 08
netware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5696
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
Tue, 23 Dec 08
wordpress, wordpress_mu
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5695
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.
Tue, 23 Dec 08
sandbox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5694
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
Tue, 23 Dec 08
ws_ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5693
Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other Ipswitch products, might allow remote attackers to read the contents of custom ASP files in WSFTPSVR/ via a request with an appended dot character.
Tue, 23 Dec 08
ws_ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5692
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.
Tue, 23 Dec 08
flashax
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5691
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
Tue, 23 Dec 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5690
The Kerberos credential renewal feature in Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unknown vectors related to incorrect cache file permissions.
Tue, 23 Dec 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5689
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
Tue, 23 Dec 08
mediawiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5688
MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.
Tue, 23 Dec 08
mediawiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5687
MediaWiki 1.11 through 1.13.3 does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.
Tue, 23 Dec 08
tivoli_provisioning_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5686
IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as demonstrated by running provisioning workflows.
Tue, 23 Dec 08
scapp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5685
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
Mon, 22 Dec 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5684
Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session).
Mon, 22 Dec 08
mediawiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5252
Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.
Mon, 22 Dec 08
mediawiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5250
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.
Sat, 20 Dec 08
mediawiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5249
Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 20 Dec 08
libvirt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5086
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions.
Sat, 20 Dec 08
escript
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5078
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
Sat, 20 Dec 08
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4122
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Sat, 20 Dec 08
barracuda_spam_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1094
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
Sat, 20 Dec 08
CVE-2008-0971 (barracuda_im_firewall, barracuda_load_balancer, barracuda_message_archiver, barra...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0971
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retentio...
Sat, 20 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5683
Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors.
Sat, 20 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5682
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
Sat, 20 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5681
Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.
Sat, 20 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5680
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL.
Sat, 20 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5679
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
Sat, 20 Dec 08
olib7_webview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5678
Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) text.ini files.
Sat, 20 Dec 08
kwalbum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5677
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
Sat, 20 Dec 08
modsecurity
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5676
Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
Sat, 20 Dec 08
websphere_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5675
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
Sat, 20 Dec 08
webcam_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5674
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
Sat, 20 Dec 08
phparanoid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5673
PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors.
Sat, 20 Dec 08
phparanoid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5672
Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to perform unspecified actions as authenticated users via (1) unknown vectors involving admin.php and (2) unknown vectors related to private messages.
Sat, 20 Dec 08
joomla
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5671
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Sat, 20 Dec 08
textpattern
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5670
Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session.
Sat, 20 Dec 08
textpattern
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5669
index.php in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter.
Sat, 20 Dec 08
textpattern
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5668
Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.
Sat, 20 Dec 08
vba32_personal_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5667
The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive.
Sat, 20 Dec 08
winftp_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5666
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
Sat, 20 Dec 08
xoops
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5665
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
Sat, 20 Dec 08
realtek_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5664
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
Sat, 20 Dec 08
kusaba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5663
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
Fri, 19 Dec 08
flash_playe_for_linux, flash_player_for_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5499
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
Fri, 19 Dec 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5513
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5512
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5508
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Fri, 19 Dec 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5505
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Fri, 19 Dec 08
firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5504
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5503
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5502
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5501
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
Fri, 19 Dec 08
firefox, seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5500
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reahable assertion or (2) an integer overflow.
Fri, 19 Dec 08
java_wireless_toolkit_for_cldc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5662
Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.
Fri, 19 Dec 08
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5661
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.
Fri, 19 Dec 08
vinagre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5660
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via a crafted URI or VNC server response.
Fri, 19 Dec 08
classpath
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Fri, 19 Dec 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5658
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
Fri, 19 Dec 08
quassel_core
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5657
CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.
Fri, 19 Dec 08
typo3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5656
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Fri, 19 Dec 08
easybookmarker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5655
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Fri, 19 Dec 08
easycalendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5654
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
Fri, 19 Dec 08
ajaxportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5653
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
Fri, 19 Dec 08
easybookmarker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5652
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
Fri, 19 Dec 08
easybookmarker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5651
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
Fri, 19 Dec 08
webhost_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5650
SQL injection vulnerability in the login directory in AlstraSoft Web Host Directory allows remote attackers to execute arbitrary SQL commands via the pwd parameter.
Fri, 19 Dec 08
article_manager_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5649
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Fri, 19 Dec 08
php_shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5648
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
trac
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.
Thu, 18 Dec 08
trac
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5646
Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."
Thu, 18 Dec 08
orb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5645
Directory traversal vulnerability in the media server in Orb Networks Orb before 2.01.0022 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP GET request.
Thu, 18 Dec 08
typo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5644
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Thu, 18 Dec 08
com_books
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5643
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
Thu, 18 Dec 08
cms_made_simple
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5642
Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a cms_language cookie.
Thu, 18 Dec 08
active_photo_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5641
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Thu, 18 Dec 08
active_bids
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5640
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Thu, 18 Dec 08
txtblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5639
Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha allows remote attackers to read arbitrary files via a .. (dot dot) in the m parameter.
Thu, 18 Dec 08
active_price_comparison
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5638
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
Thu, 18 Dec 08
parsblogger
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5637
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
Thu, 18 Dec 08
lito_lite_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5636
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Thu, 18 Dec 08
active_membership
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5635
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
active_force_matrix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5634
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
activevotes
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5633
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
active_time_billing
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5632
SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
active_ewebquiz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5631
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
post_affiliate_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5630
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
Thu, 18 Dec 08
turnkey_arcade_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5629
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
Thu, 18 Dec 08
little_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5628
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
Thu, 18 Dec 08
active_trade
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5627
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
xm_easy_personal_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5626
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Thu, 18 Dec 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5625
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
Thu, 18 Dec 08
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5624
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.
Thu, 18 Dec 08
asterisk_business_edition, open_source
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5558
Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.
Thu, 18 Dec 08
phpmyadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5622
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allow remote attackers to conduct SQL injection attacks via unknown vectors related to the table parameter, a different vector than CVE-2008-5621.
Thu, 18 Dec 08
phpmyadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5621
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.
Thu, 18 Dec 08
roundcube_webmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5620
RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.
Thu, 18 Dec 08
roundcube_webmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5619
html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Thu, 18 Dec 08
rsyslog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5618
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.
Thu, 18 Dec 08
rsyslog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5617
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
Thu, 18 Dec 08
avahi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5081
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
Thu, 18 Dec 08
mplayer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5616
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Thu, 18 Dec 08
commerce_extension
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5609
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4237
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4236
Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4234
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4224
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
Thu, 18 Dec 08
mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4223
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4222
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4221
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4220
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4219
The kernel in Apple Mac OS X before 10.5.6 allows local users to cause a denial of service (infinite loop and system halt) by running an application that is dynamically linked to libraries on an NFS server, related to occurrence of an exception in this application.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4218
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
Thu, 18 Dec 08
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4217
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
Thu, 18 Dec 08
asp_autodealer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5608
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
Thu, 18 Dec 08
jmovies
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5607
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Thu, 18 Dec 08
qmail_mailing_list_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5606
Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.
Thu, 18 Dec 08
aspportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5605
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
Thu, 18 Dec 08
my_simple_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5604
Directory traversal vulnerability in index.php in My Simple Forum 3.0 and 4.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
Thu, 18 Dec 08
aspticker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5603
ASPTicker 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for news.mdb.
Thu, 18 Dec 08
natterchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5602
Natterchat 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for natterchat112.mdb.
Thu, 18 Dec 08
asp_user_engine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5601
User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.
Thu, 18 Dec 08
teamworx_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5600
Merlix Teamworx Server stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for teamworx.mdb.
Thu, 18 Dec 08
teamworx_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5599
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
Thu, 18 Dec 08
phpmygallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5598
Directory traversal vulnerability in index.php in PHPmyGallery 1.51 gold allows remote attackers to list arbitrary directories via a .. (dot dot) in the group parameter.
Thu, 18 Dec 08
cold_bbs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5597
Cold BBS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for db/cforum.mdb.
Thu, 18 Dec 08
ikon_admanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5596
Ikon AdManager 2.1 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for ikonBAnner_AdManager.mdb.
Wed, 17 Dec 08
asp_autodealer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5595
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Wed, 17 Dec 08
mini_blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5594
Multiple directory traversal vulnerabilities in index.php in Mini Blog 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
Wed, 17 Dec 08
mini_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5593
Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters.
Wed, 17 Dec 08
nightfall_personal_diary
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5592
Nightfall Personal Diary 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users-zza21.mdb.
Wed, 17 Dec 08
nightfall_personal_diary
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5591
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
Wed, 17 Dec 08
product_sale_framework
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5590
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
Wed, 17 Dec 08
rankem
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5589
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
Wed, 17 Dec 08
rankem
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5588
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
Wed, 17 Dec 08
phppgadmin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5587
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.
Wed, 17 Dec 08
check_new
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5586
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
Wed, 17 Dec 08
lcxbbportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5585
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
Wed, 17 Dec 08
projectpier
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5584
Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a message, (2) a milestone, or (3) a display name in a profile, or the (4) a or (5) c parameter to index.php.
Wed, 17 Dec 08
projectpier
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5583
Cross-site request forgery (CSRF) vulnerability in index.php in ProjectPier 0.8 and earlier allows remote attackers to perform actions as an administrator via the query string, as demonstrated by a delete project action.
Wed, 17 Dec 08
nukedit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5582
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
Wed, 17 Dec 08
mini-pub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5581
PHP remote file inclusion vulnerability in mini-pub.php/front-end/img.php in mini-pub 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the sFileName parameter.
Wed, 17 Dec 08
mini-pub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5580
mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the sFileName argument.
Wed, 17 Dec 08
mini-pub
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5579
Absolute path traversal vulnerability in mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers to read arbitrary files via a full pathname in the sFileName parameter.
Wed, 17 Dec 08
scssboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5578
Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.
Wed, 17 Dec 08
scssboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5577
PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.
Wed, 17 Dec 08
scssboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5576
admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to bypass authentication and gain administrative access via a large value of the current_user[users_level] parameter.
Wed, 17 Dec 08
pro_clan_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5575
Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
Wed, 17 Dec 08
webmaster_marketplace
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5574
SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.
Wed, 17 Dec 08
poll_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5573
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
Wed, 17 Dec 08
professional_download_assistant
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5572
Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb.
Wed, 17 Dec 08
professional_download_assistant
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5571
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
Wed, 17 Dec 08
php_multiple_newsletters
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5570
Directory traversal vulnerability in index.php in PHP Multiple Newsletters 2.7, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
Wed, 17 Dec 08
phpeppershop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5569
Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop 1.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php or (2) shop/kontakt.php, or (3) shop_kunden_mgmt.php or (4) SHOP_KONFIGURATION.php in shop/Admin/.
Wed, 17 Dec 08
ipn_pro_3
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5568
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.
Wed, 17 Dec 08
bonza_cart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5567
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Wed, 17 Dec 08
phpmultiplenewsletters
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5566
Cross-site scripting (XSS) vulnerability in index.php in Triangle Solutions PHP Multiple Newsletters 2.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Wed, 17 Dec 08
dl_paycart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5565
Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Wed, 17 Dec 08
orb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5564
Unspecified vulnerability in the media server in Orb Networks Orb before 2.01.0025 allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
Wed, 17 Dec 08
aruba_mobility_controller, aruba_mobility_controllers
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5563
Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, and 3.3.2.x allows remote attackers to cause a denial of service (device crash) via a malformed Extensible Authentication Protocol (EAP) frame.
Wed, 17 Dec 08
aspportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5562
ASPPortal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for xportal.mdb.
Wed, 17 Dec 08
netref
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5561
SQL injection vulnerability in Netref 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) fiche_product.php and (2) presentation.php.
Wed, 17 Dec 08
postecards
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5560
PostEcards stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for postcards.mdb.
Tue, 16 Dec 08
postecards
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5559
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Tue, 16 Dec 08
thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5430
Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5556
** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5555
Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scena...
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5554
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5553
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5552
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
Tue, 16 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5551
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
Tue, 16 Dec 08
java_web_console, solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5550
Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.
Tue, 16 Dec 08
java_system_portal_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5549
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."
Tue, 16 Dec 08
virusbuster
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5548
VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
virobot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5547
HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
vba32_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5546
VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
trend_micro_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5545
Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
the_hacker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5544
Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5543
Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
vipre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5542
Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
anti-virus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5541
Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
secure_web_gateway, webwasher
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5540
Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
rising_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5539
RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
prevx1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5538
Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
pctools_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5537
PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
panda_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5536
Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
norman_antivirus_&_antispyware
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5535
Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
nod32_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5534
ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5533
K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
ikarus_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5532
Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
fortiguard_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5531
Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
ewido_security_suite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5530
Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
etrust_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5529
CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
esafe
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5528
Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
smart_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5527
ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
anti-virus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5526
DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
clamav
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5525
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
cat_quickheal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5524
CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
avast_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5523
avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5522
AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
antivir
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5521
Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Tue, 16 Dec 08
v3_internet_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5520
AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
Sat, 13 Dec 08
bandsite_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5497
BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.
Sat, 13 Dec 08
business_directory_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5496
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Sat, 13 Dec 08
loadprgax_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5495
Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors.
Sat, 13 Dec 08
com_contactinfo
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5494
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Sat, 13 Dec 08
wholesale, wholesales
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5493
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 13 Dec 08
verydoc_pdf_viewer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5492
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
Sat, 13 Dec 08
slimcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5491
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
Sat, 13 Dec 08
yahoo_answers
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5490
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 13 Dec 08
clipshare
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5489
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
Sat, 13 Dec 08
domain_shop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5488
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 13 Dec 08
text_link_sales
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5487
Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Sat, 13 Dec 08
text_link_sales
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5486
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 13 Dec 08
punbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5435
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
Sat, 13 Dec 08
punbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
Sat, 13 Dec 08
punbb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5433
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
Sat, 13 Dec 08
moodle
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5432
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Sat, 13 Dec 08
teamtek_universal_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5431
Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.
Sat, 13 Dec 08
incredimail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5429
Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
opera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5428
Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
norton_internet_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5427
Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
kaspersky_internet_security_suite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5426
Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
nod32_antivirus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5425
ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
outlook_express
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5424
The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.
Sat, 13 Dec 08
ray_server_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.
Sat, 13 Dec 08
ray_server_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
Sat, 13 Dec 08
smsgate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5421
The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header.
Sat, 13 Dec 08
arcserve_backup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5415
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows does not properly verify client data, which allows remote attackers to execute arbitrary code via unspecified vectors.
Sat, 13 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4844
Use-after-free vulnerability in mshtml.dll in Microsoft Internet Explorer 7 on Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a crafted XML document containing nested SPAN elements, as exploited in the wild in December 2008.
Sat, 13 Dec 08
hp-ux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4418
Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.
Sat, 13 Dec 08
teamtek_universal_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7235
Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 13 Dec 08
control_center
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5420
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.
Sat, 13 Dec 08
control_center
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5419
Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests.
Sat, 13 Dec 08
punportal_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5418
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
Sat, 13 Dec 08
decnet_plus_for_openvms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5417
HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.
Sat, 13 Dec 08
sql_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5416
Heap-based buffer overflow in Microsoft SQL Server 2000 8.00.2050, 8.00.2039, and earlier allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of crafted parameters that trigger memory overwrite.
Sat, 13 Dec 08
wordpad
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4841
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
Sat, 13 Dec 08
CVE-2008-4837 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4837
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."
Sat, 13 Dec 08
windows_server_2008, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4269
The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
Sat, 13 Dec 08
windows_server_2008, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4268
The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
Sat, 13 Dec 08
CVE-2008-4266 (office_excel, office_compatibility_pack_for_word_excel_ppt_2007, office_excel_vie...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4266
Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers stack corruption during the loading of records from this spreadsheet, aka "Excel Global Array Memory Corruption Vulnerability."
Sat, 13 Dec 08
CVE-2008-4265 (office_excel, office_compatibility_pack_for_word_excel_ppt_2007, office_excel_vie...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4265
Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
Sat, 13 Dec 08
CVE-2008-4264 (office_excel, office_compatibility_pack_for_word_excel_ppt_2007, office_excel_vie...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4264
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "F...
Thu, 11 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4261
Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
Thu, 11 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4260
Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
Thu, 11 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4259
Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "HTML Objects Memory Corruption Vulnerability."
Thu, 11 Dec 08
internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4258
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-4256 (office_frontpage, project, visual_basic, visual_foxpro, visual_studio_.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4256
The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-4255 (office_frontpage, project, visual_basic, visual_foxpro, visual_studio_.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4255
The Windows Common ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
Thu, 11 Dec 08
CVE-2008-4254 (office_frontpage, project, visual_basic, visual_foxpro, visual_studio_.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4254
The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-4253 (office_frontpage, project, visual_basic, visual_foxpro, visual_studio_.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4253
The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-4252 (office_frontpage, project, visual_basic, visual_foxpro, visual_studio_.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4252
The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."
Thu, 11 Dec 08
office_sharepoint_server, search_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4032
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
Thu, 11 Dec 08
CVE-2008-4031 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4031
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word...
Thu, 11 Dec 08
CVE-2008-4030 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4030
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than ...
Thu, 11 Dec 08
CVE-2008-4028 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4028
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "W...
Thu, 11 Dec 08
CVE-2008-4027 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4027
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via malformed control words in (1) an RTF file or (2) a rich text e-mail message, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability."
Thu, 11 Dec 08
CVE-2008-4026 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4026
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-4025 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4025
Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed control word in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka...
Thu, 11 Dec 08
CVE-2008-4024 (office, office_compatibility_pack_for_word_excel_ppt_2007, office_word_viewer, op...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4024
Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed record, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."
Thu, 11 Dec 08
CVE-2008-3465 (windows_2000, windows_2003_server, windows_server_2003, windows_server_2008, wind...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3465
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
Thu, 11 Dec 08
windows_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3010
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."
Thu, 11 Dec 08
windows_media_player, windows_media_format_runtime, windows_media_services
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3009
Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
Thu, 11 Dec 08
CVE-2008-2249 (windows_2000, windows_2003_server, windows_server_2003, windows_server_2008, wind...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2249
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
Thu, 11 Dec 08
antivirus, bitdefender, groupware_server, internet_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5409
Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter. NOTE: some of these details are obtained from third party information.
Thu, 11 Dec 08
backup_exec_for_windows_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5408
Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2008-5407.
Thu, 11 Dec 08
backup_exec_for_windows_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5407
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.
Thu, 11 Dec 08
itunes, quicktime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5406
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
Thu, 11 Dec 08
cain_and_abel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5405
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
Thu, 11 Dec 08
flexcell_grid_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5404
Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 11 Dec 08
trillian, trillian_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5403
Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.
Thu, 11 Dec 08
trillian, trillian_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."
Thu, 11 Dec 08
trillian, trillian_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5401
Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."
Thu, 11 Dec 08
mvnforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5400
Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers.
Thu, 11 Dec 08
mvnforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5399
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Thu, 11 Dec 08
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5414
Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."
Thu, 11 Dec 08
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5413
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files.
Thu, 11 Dec 08
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5412
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs.
Thu, 11 Dec 08
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5411
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Thu, 11 Dec 08
solaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5410
The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.
Thu, 11 Dec 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5305
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
Thu, 11 Dec 08
twiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5304
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
Thu, 11 Dec 08
dbus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4311
The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.
Wed, 10 Dec 08
tor
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5398
Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
Wed, 10 Dec 08
tor
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5397
Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.
Wed, 10 Dec 08
zaptel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5396
Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl.
Wed, 10 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5395
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.
Wed, 10 Dec 08
shadow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
Wed, 10 Dec 08
unbuntu_privacy_remix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5393
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.
Wed, 10 Dec 08
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5387
Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.
Wed, 10 Dec 08
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5386
Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.
Wed, 10 Dec 08
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5385
enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.
Wed, 10 Dec 08
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5384
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.
Wed, 10 Dec 08
electronics_workbench
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5383
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.
Wed, 10 Dec 08
hlf-f160, hlf-f250, hlf-f300, hlf-f320
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5382
Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 10 Dec 08
ffdshow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5381
Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL.
Wed, 10 Dec 08
powerdns
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5277
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
Wed, 10 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5079
net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.
Wed, 10 Dec 08
esx, esxi, player, server, vmware_workstation
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4917
Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.
Wed, 10 Dec 08
wvc54gc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4391
Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments.
Wed, 10 Dec 08
wvc54gc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4390
The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.
Wed, 10 Dec 08
ruby
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4310
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
Wed, 10 Dec 08
gpsdrive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5380
gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.
Wed, 10 Dec 08
netdisco_mibs_installer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5379
netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.
Wed, 10 Dec 08
arb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5378
arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.
Wed, 10 Dec 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5377
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Wed, 10 Dec 08
crip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5376
editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.
Wed, 10 Dec 08
cmus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5375
cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.
Wed, 10 Dec 08
bash-doc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5374
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Wed, 10 Dec 08
bacula_common
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5373
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Wed, 10 Dec 08
sdm-terminal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5372
sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.
Wed, 10 Dec 08
screenie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5371
screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.
Wed, 10 Dec 08
pvpgn
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5370
pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.
Wed, 10 Dec 08
no-ip2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5369
noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.
Wed, 10 Dec 08
muttprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5368
muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.
Wed, 10 Dec 08
ppp-udeb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5367
ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.
Wed, 10 Dec 08
ppp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5366
The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.
Tue, 9 Dec 08
activevotes
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5365
SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
Tue, 9 Dec 08
acrobat_professional, acrobat_reader, getplus_download_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5364
Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817.
Tue, 9 Dec 08
air, flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5363
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Tue, 9 Dec 08
air, flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5362
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
Tue, 9 Dec 08
air, flash_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5361
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5360
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5359
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via unknown vectors related to "image processing code."
Sat, 6 Dec 08
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5358
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5357
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5356
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5355
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5354
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5353
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects."
Sat, 6 Dec 08
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5352
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5351
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5350
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.
Sat, 6 Dec 08
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5349
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5348
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.
Sat, 6 Dec 08
jdk, jre
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5347
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5346
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5345
Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5344
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5343
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows "hidden code" to make unauthorized network connections and "hijack HTTP sessions using cookies stored in the browser" via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5342
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5341
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5340
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5339
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors.
Sat, 6 Dec 08
jdk, jre, sdk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2086
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion."
Sat, 6 Dec 08
bandsite_portal_system, bandwebsite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5338
Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
Sat, 6 Dec 08
bandsite_portal_system, bandwebsite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5337
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 6 Dec 08
webstudio_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5336
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
Sat, 6 Dec 08
php-fusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
Sat, 6 Dec 08
nitrotech
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5334
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
Sat, 6 Dec 08
nitrotech
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5333
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 6 Dec 08
pie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5332
Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others.
Sat, 6 Dec 08
wiz-ad
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6719
SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 6 Dec 08
acrobat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5331
Adobe Acrobat 9 uses more efficient encryption than previous versions, which makes it easier for attackers to guess a document's password via a brute-force attack.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5330
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in ClearCase RWP server in IBM Rational ClearCase 7.0.0 before 7.0.0.4, and 7.0.1.1-RATL-RCC-IFIX02 and possibly other 7.0.1 versions before 7.0.1.3, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO of a URI associated with a VOB page.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5329
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5328
The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree during an import process.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5327
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before 7.1 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object tree.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5326
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks.
Sat, 6 Dec 08
rational_clearquest
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5325
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 6 Dec 08
CVE-2008-5324
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5324
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Sat, 6 Dec 08
hp-ux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4416
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
Sat, 6 Dec 08
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2379
Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message.
Fri, 5 Dec 08
wysi_wiki_wyg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5323
Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg 1.0 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Fri, 5 Dec 08
wysi_wiki_wyg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5322
Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information via an invalid categup parameter to index.php, which calls the phpinfo function.
Fri, 5 Dec 08
gesgaleri
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5321
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
Fri, 5 Dec 08
e107
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5320
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
Fri, 5 Dec 08
tikiwiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5319
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to tiki-error.php, a different issue than CVE-2008-3653.
Fri, 5 Dec 08
tikiwiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5318
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653.
Fri, 5 Dec 08
awstats
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5080
awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.
Fri, 5 Dec 08
lcms, little_cms_color_engine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5317
Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.
Fri, 5 Dec 08
lcms, little_cms_color_engine
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5316
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than CVE-2007-2741.
Fri, 5 Dec 08
iphone_configuration_web_utility
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5315
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
Fri, 5 Dec 08
clamav
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5314
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
Thu, 4 Dec 08
mailscanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5313
mailscanner 4.68.8 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) WorkArea.pm, and (13) SA.pm script...
Thu, 4 Dec 08
mailscanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5312
mailscanner 4.55.10 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140.
Thu, 4 Dec 08
vlc_media_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5276
Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.
Thu, 4 Dec 08
oempro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3059
member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffing the network, related to the "Settings - Account Information" tab.
Thu, 4 Dec 08
oempro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3058
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
Thu, 4 Dec 08
oempro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3057
Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not set the secure flag for the PHPSESSID cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Wed, 3 Dec 08
blog_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5311
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 3 Dec 08
car_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5310
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 3 Dec 08
real_estate_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5309
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.
Wed, 3 Dec 08
the_simple_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5308
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
Wed, 3 Dec 08
pg_real_roommate_finder_solution
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5307
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
Wed, 3 Dec 08
pg_real_estate_solution
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5306
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
Wed, 3 Dec 08
CVE-2008-5303 (file::path)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5303
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Wed, 3 Dec 08
CVE-2008-5302 (file::path)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Wed, 3 Dec 08
dovecot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5301
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Wed, 3 Dec 08
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5300
Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.
Wed, 3 Dec 08
chm2pdf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5299
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
Wed, 3 Dec 08
chm2pdf
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5298
chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.
Wed, 3 Dec 08
no-ip_duc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5297
Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote DNS servers to execute arbitrary code via a crafted DNS response, related to a missing length check in the GetNextLine function.
Wed, 3 Dec 08
gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5296
Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative via unspecified cookies. NOTE: some of these details are obtained from third party information.
Wed, 3 Dec 08
jamit_job_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5295
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.
Wed, 3 Dec 08
webstudio_ecatalogue
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5294
SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
Wed, 3 Dec 08
webstudio_ehotel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5293
SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
Wed, 3 Dec 08
videogirls_biz
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5292
SQL injection vulnerability in view_snaps.php in VideoGirls BiZ, allows remote attackers to execute arbitrary SQL commands via the type parameter.
Wed, 3 Dec 08
fuzzylime_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5291
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
Wed, 3 Dec 08
clean_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5290
Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Wed, 3 Dec 08
clean_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5289
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Wed, 3 Dec 08
faq_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5288
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
Wed, 3 Dec 08
faq_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5287
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Wed, 3 Dec 08
cups
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5286
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
Wed, 3 Dec 08
wireshark
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5285
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
Wed, 3 Dec 08
samba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4314
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
Tue, 2 Dec 08
air_marshal, emerald, radius_test_client, radiusnt, radiusx, radlogin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5284
The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other versions before 5.1.44, Emerald 5.0.49 and other versions before 5.0.52, Air Marshal 2.0.4 and other versions before 2.0.8, and Radius test client (aka Radlogin) 4.0.20 and earlier, allows remote attackers to cause a denial of service (crash) via an HTTP Content-Length header with a negative value, which triggers a single byte overwrite of memory using a NULL terminator. NOTE: some of these details are obtained from third p...
Tue, 2 Dec 08
google_hack_honeypot_file_upload_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5283
Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.
Tue, 2 Dec 08
amaya_web_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5282
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
Tue, 2 Dec 08
titan_ftp_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5281
Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE command.
Tue, 2 Dec 08
zim_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5280
The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters.
Tue, 2 Dec 08
zim_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5279
The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging (ZIM) Server 2.1 and earlier allow remote attackers to execute arbitrary code via (1) heap-based buffer overflows involving multiple vectors including a long room name and a long source account, and (2) a stack-based buffer overflow with a long username in an information request. NOTE: some of these details are obtained from third party information.
Tue, 2 Dec 08
wordpress
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5278
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Tue, 2 Dec 08
net2ftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5275
Multiple directory traversal vulnerabilities in the (a) "Unzip archive" and (b) "Upload files and archives" functionality in net2ftp 0.96 stable and 0.97 beta allow remote attackers to create, read, or delete arbitrary files via a .. (dot dot) in a filename within a (1) TAR or (2) ZIP archive. NOTE: this can be leveraged for code execution by creating a .php file.
Tue, 2 Dec 08
todd_woolums_asp_news_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5274
Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 2 Dec 08
todd_woolums_asp_news_management
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5273
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
Tue, 2 Dec 08
syndeocms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5272
Multiple directory traversal vulnerabilities in Fred Stuurman SyndeoCMS 2.6.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the template parameter to (1) starnet/editors/fckeditor/studenteditor.php; (2) starnet/modules/sn_news/edit_content.php, reached through starnet/index.php; and (3) starnet/modules/sn_newsletter/edit_content.php, reached through starnet/index.php.
Tue, 2 Dec 08
syndeocms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5271
Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman SyndeoCMS 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
Tue, 2 Dec 08
yuhhu_superstar_2008
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5270
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
Tue, 2 Dec 08
psys
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5269
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
Tue, 2 Dec 08
aspportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5268
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
Tue, 2 Dec 08
experts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5267
SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.
Tue, 2 Dec 08
glassfish, java_system_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5266
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
Tue, 2 Dec 08
tnt_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5265
Directory traversal vulnerability in index.php in TNT Forum 0.9.4, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the modulo parameter.
Tue, 2 Dec 08
tornado_knowledge_retrieval_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5264
Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action.