VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.27280ADV-2008-015128485linux-directory-security-bypass(39672)20080117 rPSA-2008-0021-1 kernel28558FEDORA-2008-0748RHSA-2008:00892862828664DSA-1479RHSA-2008:0055USN-574-12862628748SUSE-SA:2008:00628706101928928806MDVSA-2008:044USN-578-128971SUSE-SA:2008:0132864329245Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.20080208 CVE-2008-0002: Tomcat information disclosure vulnerability27703ADV-2008-048828834FEDORA-2008-1467FEDORA-2008-160328915GLSA-200804-10297113638Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.RHSA-2008:000228338openpegasus-pambasic-bo(39527)FEDORA-2008-0506FEDORA-2008-057220080115 vuldb confusion between OpenPegasus issues284622717227188ADV-2008-00631019159ADV-2008-063829056[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasusADV-2008-123429785HPSBMA02331ADV-2008-139129986mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.28471MDVSA-2008:0162852628607USN-575-128749FEDORA-2008-1695FEDORA-2008-17112897720080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerabilityapache-modproxyftp-utf7-xss(39615)20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS VulnerabilityMDVSA-2008:014MDVSA-2008:015RHSA-2008:0004RHSA-2008:0005RHSA-2008:0006RHSA-2008:0007RHSA-2008:000827234101918528467GLSA-200803-1929348APPLE-SA-2008-03-18ADV-2008-0924294203526SUSE-SA:2008:02129640RHSA-2008:0009Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.GLSA-200801-09MDVSA-2008:021MDVSA-2008:022MDVSA-2008:0242827328500285922857128621xorg-pcffont-bo(39767)20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs28718[4.1] 20080208 012: SECURITY FIX: February 8, 2008[4.2] 20080208 006: SECURITY FIX: February 8, 200828843ADV-2008-04972888520123028941[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server10319227336RHSA-2008:0029RHSA-2008:0030RHSA-2008:0064SUSE-SA:2008:003USN-571-127352ADV-2008-0179ADV-2008-0184101923228532285352853628540285422854428550FEDORA-2008-0760FEDORA-2008-0794FEDORA-2008-0831FEDORA-2008-0891ADV-2008-070329139APPLE-SA-2008-03-18ADV-2008-092429420SUSE-SR:2008:00829622GLSA-200804-0529707GLSA-200805-0730161Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.[linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)SUSE-SA:2008:006ADV-2008-04452880620080208 rPSA-2008-0048-1 kernelMDVSA-2008:0442768627705101935728826DSA-1503DSA-150429058MDVSA-2008:072SUSE-SA:2008:01729570RHSA-2008:0211RHSA-2008:0233RHSA-2008:0237The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.DSA-1476MDVSA-2008:027ADV-2008-028328608pulseaudio-padroproot-privilege-escalation(39992)USN-573-128738FEDORA-2008-0963FEDORA-2008-09942744928623GLSA-200802-0728952The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereferenceFEDORA-2008-1422FEDORA-2008-142327704ADV-2008-0487288352889627799The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.509320080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereferenceDSA-1494FEDORA-2008-1422FEDORA-2008-142327704ADV-2008-048728835288752889627796Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."MS08-033TA08-162B29581ADV-2008-1780102022230579SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.20080213 SQL injection in Cisco Unified Communications Manager27775ADV-2008-0542289321019404cucm-interface-sql-injection(40484)Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow27313cisco-cucm-ctl-bo(39704)ADV-2008-01711019223285303551Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.20080123 Cisco PIX and ASA Time-to-Live Vulnerability27418ADV-2008-02591019262101926328625pix-asa-ttl-dos(39862)Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.20080123 Default Passwords in the Application Velocity System27421ADV-2008-02601019259ciscoavs-default-password-admin-account(39860)Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.APPLE-SA-2008-01-15TA08-016AADV-2008-0148101922128502quicktime-sorenson-code-execution(39695)27298Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption VulnerabilityAPPLE-SA-2008-01-15TA08-016AADV-2008-0148101922128502quicktime-macintosh-code-execution(39696)27301Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.APPLE-SA-2008-01-1520080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption VulnerabilityTA08-016AADV-2008-0148101922128502quicktime-idsc-code-execution(39697)27299Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.APPLE-SA-2008-01-1527297ADV-2008-0147101921928497iphone-passcode-lock-security-bypass(39701)Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.APPLE-SA-2008-01-1527296ADV-2008-0147101922028497iphone-ipod-foundation-code-execution(39700)APPLE-SA-2008-02-11TA08-043BADV-2008-049528891Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.ADV-2008-0148101922128502quicktime-pict-bo(39698)27300APPLE-SA-2008-01-15TA08-016AX11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.APPLE-SA-2008-02-11TA08-043B27736ADV-2008-0495101936528891Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.APPLE-SA-2008-02-11TA08-043B27736ADV-2008-0495101936028891Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.APPLE-SA-2008-02-11TA08-043B27736ADV-2008-0495101936128891Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.APPLE-SA-2008-02-11TA08-043B27736ADV-2008-0495101936228891Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.APPLE-SA-2008-02-11TA08-043B27736ADV-2008-0495101936328891Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.APPLE-SA-2008-02-11TA08-043BVU#77434527736ADV-2008-0495101936428891Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.APPLE-SA-2008-02-05ADV-2008-042810193072880527636Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.APPLE-SA-2008-03-18283201019640TA08-079A28304ADV-2008-092429420Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.APPLE-SA-2008-03-18101964228323TA08-079A28304ADV-2008-092429420The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.APPLE-SA-2008-03-181019658TA08-079A2830428368ADV-2008-092429420Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.APPLE-SA-2008-03-1820080318 Multiple Vendor CUPS CGI Heap Overflow VulnerabilitySUSE-SA:2008:01528307ADV-2008-092110196462943129448DSA-1530TA08-079AADV-2008-09242942029485GLSA-200804-01RHSA-2008:019229634MDVSA-2008:081USN-598-1295732960329655FEDORA-2008-2131FEDORA-2008-289729750Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.APPLE-SA-2008-03-18101964728388TA08-079A28304ADV-2008-092429420AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.APPLE-SA-2008-03-18101964728340TA08-079A28304ADV-2008-092429420CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.APPLE-SA-2008-03-181019655TA08-079A2829028356ADV-2008-0920ADV-2008-092429420Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.APPLE-SA-2008-03-181019670TA08-079A2830428375ADV-2008-092429420CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.APPLE-SA-2008-03-181019671TA08-079A2830428384ADV-2008-092429420Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.APPLE-SA-2008-03-18283341019672TA08-079A28304ADV-2008-092429420GLSA-200804-01RHSA-2008:0192RHSA-2008:020629634MDVSA-2008:081USN-598-129573296032963029655FEDORA-2008-289729750SUSE-SA:2008:02029659Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.APPLE-SA-2008-03-18101964928341TA08-079A28304ADV-2008-092429420Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.APPLE-SA-2008-03-18101964928343TA08-079A28304ADV-2008-092429420Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.APPLE-SA-2008-03-181019649TA08-079A2830428357ADV-2008-092429420Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.APPLE-SA-2008-03-181019648TA08-079A2830428358ADV-2008-0924Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.APPLE-SA-2008-03-181019650TA08-079A2830428359ADV-2008-092429420Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."APPLE-SA-2008-03-181019650TA08-079A2830428367ADV-2008-092429420Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.APPLE-SA-2008-03-181019657TA08-079A2830428371ADV-2008-092429420MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."DSA-144527124ADV-2008-00262832928334GLSA-200801-1628650KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdcAPPLE-SA-2008-03-18VU#895609MDVSA-2008:070MDVSA-2008:071SUSE-SA:2008:016USN-587-1ADV-2008-0922294282943820080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstationDSA-1524FEDORA-2008-2637FEDORA-2008-2647GLSA-200803-31MDVSA-2008:069RHSA-2008:0164RHSA-2008:0180RHSA-2008:018128303ADV-2008-09241019626294202943529450294512945729464294232946229516ADV-2008-11022966329424RHSA-2008:018220080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issuesADV-2008-174430535The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdcAPPLE-SA-2008-03-18MDVSA-2008:070MDVSA-2008:071SUSE-SA:2008:016USN-587-1ADV-2008-0922294282943820080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstationDSA-1524FEDORA-2008-2637FEDORA-2008-2647GLSA-200803-31MDVSA-2008:069RHSA-2008:0164RHSA-2008:0180RHSA-2008:018128303ADV-2008-09241019627294202943529450294512945729464294232946229516ADV-2008-11022966329424RHSA-2008:018220080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issuesADV-2008-174430535Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.283262871027514ADV-2008-0328ADV-2008-0329Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.ADV-2008-018327865winamp-inmp3-bo(39778)27344Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.28454ADV-2008-1153ADV-2008-115628140282092821020080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows1019843autonomy-keyview-html-multiple-bo(41724)Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and possibly other versions allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.20080414 Secunia Research: HP OpenView Network Node Manager OpenView5.exeDirectory Traversal28745ADV-2008-1214443591019838297961019839Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.ADV-2008-104429620534628579xnview-slideshow-bo(41542)Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.28431ADV-2008-098428203orb-dimensions-bo(41410)The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP 29661ADV-2008-1808ADV-2008-180910202662870330605Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.RHSA-2008:01783043730491DSA-1512RHSA-2008:0177USN-583-128102ADV-2008-076829057FEDORA-2008-2290FEDORA-2008-2292GLSA-200803-12MDVSA-2008:06310195402916329210292442925829264evolution-emfmultipart-format-string(41011)SUSE-SA:2008:01429317VU#512491Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.28312ADV-2008-092328694FEDORA-2008-2569101968229472DSA-1536SSA:2008-089-03SUSE-SR:2008:007293922957829601DSA-1543FEDORA-2008-29452976629740GLSA-200804-2529800SUSE-SR:2008:012Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.TA08-043C27101ADV-2008-0507101938428849HPSBST02314oval:org.mitre.oval:def:5389Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.TA08-043C27676ADV-2008-0508101938528893HPSBST02314oval:org.mitre.oval:def:5308Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."MS08-010TA08-043C27668ADV-2008-0512101937928903HPSBST02314oval:org.mitre.oval:def:5487Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."MS08-010TA08-043C27666ADV-2008-051210193802890320080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution VulnerabilityVU#228569HPSBST02314oval:org.mitre.oval:def:5396Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."MS08-010TA08-043C27689ADV-2008-0512101938128903HPSBST02314oval:org.mitre.oval:def:4904Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.MS08-007TA08-043C27670ADV-2008-0509101937228894HPSBST02314oval:org.mitre.oval:def:5381Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.27305ADV-2008-01461019200microsoft-excel-unspecified-code-execution(39699)28506MS08-014ADV-2008-0846HPSBST02320TA08-071Aoval:org.mitre.oval:def:5546An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.MS08-05030551ADV-2008-2354102068131446The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.MS08-02228551ADV-2008-1146101979929712TA08-099AHPSBST02329Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.Apply patches. Windows Vista: http://www.microsoft.com/downloads/de...=8ce9608b-7049-47cd-adc4-22a803877d33 Windows Vista x64 Edition: http://www.microsoft.com/downloads/de...=d7b9c3d1-9c23-4e05-bac6-d0b327feaf53TA08-043C27634ADV-2008-0506101938328828HPSBST02314oval:org.mitre.oval:def:5240Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.MS08-040Buffer overflow in the convert function in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted SQL expression.MS08-040The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.MS08-02028553ADV-2008-1144101980229696TA08-099AHPSBST02329Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.MS08-003TA08-043C27638ADV-2008-0505101938228764HPSBST02314oval:org.mitre.oval:def:5181SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.483027108clipshare-uprofile-sql-injection(39364)A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.482927106divxwebplayer-npUpload-dos(39386)Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.482820080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible27092ADV-2008-005128309agency4net-download2-directory-traversal(39343)Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.20080101 Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search2709028303phpwebsite-search-xss(39391)3511Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.2833127130eticket-name-subject-xss(39400)Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.20080102 MODx CMS Source code disclosure, local file inclusion2709627097282203522The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.20080102 AST-2008-001: Crash from transfer using BYE with Also header27110ADV-2008-00191019152283123520Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003283073517Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003283073517Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.[Dailydave] 20080101 0day RealPlayer exploit demo27091ADV-2008-0016282761019153Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.4831Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.20080102 Buffer-overflow and format string in White_Dune 0.29beta79127102282873516Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.20080102 Buffer-overflow and format string in White_Dune 0.29beta79127102282873516Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."MS08-012TA08-043C27739ADV-2008-0514101937628906HPSBST02314oval:org.mitre.oval:def:5305Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."MS08-013TA08-043C27738ADV-2008-0515101937528909HPSBST02314oval:org.mitre.oval:def:5407Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."MS08-012TA08-043C27740ADV-2008-0514101937728906HPSBST02314oval:org.mitre.oval:def:4547Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."MS08-011TA08-043C27658ADV-2008-0513101938728904HPSBST02314oval:org.mitre.oval:def:5009Buffer overflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via a crafted insert statement.MS08-040Integer underflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data Engine (MSDE) 1.0 SP4, SQL Server 2000 Desktop Engine (MSDE 2000) SP4, and 2005 Express Edition SP2 allows remote authenticated users to execute arbitrary code via an on-disk file with a crafted record size value, which triggers a buffer overflow, aka "SQL Server Memory Corruption Vulnerability."MS08-040Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."MS08-011TA08-043C27659ADV-2008-051310193882890420080208 Microsoft Office Works Converter Stack-based Buffer Overflow VulnerabilityHPSBST023145107oval:org.mitre.oval:def:5202Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.MS08-009TA08-043CVU#69241727656ADV-2008-051110193742890120080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet ForticlientHPSBST02314oval:org.mitre.oval:def:5073Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.MS08-015TA08-071AVU#39330528147ADV-2008-0847293201019579HPSBST02320oval:org.mitre.oval:def:5278Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."MS08-014TA08-071A28094ADV-2008-08461019582HPSBST02320oval:org.mitre.oval:def:5114Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."MS08-014TA08-071A28095ADV-2008-08461019583HPSBST02320oval:org.mitre.oval:def:5284Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."MS08-016TA08-071AADV-2008-084829321101957820080311 ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption VulnerabilityHPSBST02320oval:org.mitre.oval:def:5421Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.MS08-014TA08-071A28166ADV-2008-08461019584HPSBST02320oval:org.mitre.oval:def:5456Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."MS08-014281671019585TA08-071AADV-2008-0846HPSBST02320oval:org.mitre.oval:def:5512Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."MS08-014TA08-071A28168ADV-2008-0846101958620080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption VulnerabilityHPSBST02320oval:org.mitre.oval:def:5212Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."MS08-014TA08-071A28170ADV-2008-08461019587HPSBST02320oval:org.mitre.oval:def:5508Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."MS08-016TA08-071A28146ADV-2008-0848293211019578HPSBST02320oval:org.mitre.oval:def:5190Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."MS08-02729158ADV-2008-1505102001530150TA08-134AHPSBST02336A "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Allocation Vulnerability."MS08-051ADV-2008-235531453A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."MS08-051ADV-2008-235531453Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.FreeBSD-SA-08:0227283101918928367freebsd-inetnetwork-bo(39670)20080124 rPSA-2008-0029-1 bind bind-utilsFEDORA-2008-0903FEDORA-2008-0904VU#203611ADV-2008-0193285792848728429ADV-2008-070329161SUSE-SR:2008:00629323238493ADV-2008-174330538Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.20080111 Cross site scripting (XSS) in Moodle 1.8.320080111 Cross site scripting (XSS) in Moodle 1.8.327259ADV-2008-0164moodle-install-xss(39630)SUSE-SR:2008:00328838Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.28003ADV-2008-0700101950229128serendipity-realname-username-xss(40851)DSA-152829502Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.20080317 Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125282913765The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected27197mcafee-ebusiness-packet-code-execution(39563)mcafee-ebusiness-authentication-packet-dos(39561)4878ADV-2008-00871019170284083530The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests, making it easier for remote attackers to capture this cookie.27365ADV-2008-01922854928552apache-singlesignon-information-disclosure(39804)SUSE-SR:2008:00529242RHSA-2008:0261SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.483227120siteatschool-slideshowfull-sql-injection(39417)SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.28283dating-site-login-sql-injection(39326)Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.28283Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.fortressssh-sshd-dos(39354)20080104 Some DoS in some telnet servers27141Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.48402714928362tribisur-catmain-forum-sql-injection(39443)Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.28284Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.4838ADV-2008-0053snetworks-configinc-file-include(39468)PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.484727155xoops-modgallery-zendhashkey-file-include(39461)Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.48492715728336loudblog-template-code-execution(39445)Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.484620080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability27154actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.483527145webportal-action-weak-security(39486)Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.4835PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.483427137samPHPweb-db-file-include(39397)28355PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.483320080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability28328Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.28318php-glob-openbasedir-security-bypass(39401)SSA:2008-045-0328936Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.20080103 xss in w3-msql error page27116282943521SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.48632718028301smallnuke-index-sql-injection(39525)TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.486128291tutos-cmd-command-execution(39531)TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.486128291Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.20080104 Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-12220727144283573529Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to cause a denial of service (crash) via a Telnet request with long options.20080104 Some DoS in some telnet servers27142282723525SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unpsecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.20080104 Some DoS in some telnet servers2713428316telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.20080104 Some DoS in some telnet servers27143SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.4865Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.4865evilboard-index-xss(39526)Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.20080107 Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.27174milliondollarscript-index-dir-traversal(39492)3524SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.485827164flexbb-flexbbtempid-sql-injection(39475)28373Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.27165shopscript-index-directory-traversal(39449)4855SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.486027168eggblog-eggblogmail-sql-injection(39473)28371misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.DSA-1500279362906429080GLSA-200803-0529190Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.DSA-1494277042887527798linux-kernel-proc-unauth-access(40486)Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.20080313 PR08-02: Plone CMS Security Research - the Art of Plowning29361plone-joinform-csrf(41263)3754Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.DSA-1553ADV-2008-12972990729932ikiwiki-change-password-csrf(41904)OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.DSA-1571USN-612-1USN-612-22917920080515 Debian generated SSH-Keys working exploit56225632DSA-1576USN-612-3USN-612-4USN-612-7VU#9252111020017302203022130231302393024930136openssl-rng-weak-security(42375)5720[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problemThe write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.DSA-157729215ADV-2008-15373008830286gforge-unspecified-symlink(42456)Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.[oss-security] 20080531 Re: CVE id request: ikiwikiADV-2008-17103046829479ikiwiki-openid-passwordauth-auth-bypass(42798)regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.28705285112852720080213 rPSA-2008-0063-1 boostGLSA-200802-082894328860SUSE-SR:2008:00629323USN-570-127325FEDORA-2008-0880ADV-2008-024928545MDVSA-2008:032The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.USN-570-127325FEDORA-2008-0880ADV-2008-024928545MDVSA-2008:03228705285112852720080213 rPSA-2008-0063-1 boostGLSA-200802-082894328860SUSE-SR:2008:00629323SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.DSA-145927266ADV-2008-01152839528451gforge-multiple-sql-injection(39666)GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication VulnerabilityVU#180876101927320080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability3590Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and ExecutionVU#3393452744610192742867820080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and ExecutionADV-2008-03073591Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.20080125 C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap OverflowVU#30855627447101927528663ADV-2008-030620080129 Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow3592The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.VU#110947276422878828816ADV-2008-04411019314FreeBSD-SA-08:0428979ADV-2008-0688291305191APPLE-SA-2008-05-28TA08-150AADV-2008-169730430Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.VU#3260652754728742Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.VU#8882092755028742Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.VU#7324492754628742Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.VU#2178252755428742Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.VU#76782528742Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.20080108 sysHotel On Line Remote File Disclosure Vulnerability.271843528SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).48522832820080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.485220080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)28369SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.483627147sambroadcaster-songinfo-sql-injection(39463)** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none.Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest27125awesometemplateengine-multiple-xss(39396)3539WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digestwordpress-p-path-disclosure(39423)3539Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.20080103 securityvulns.com russian vulnerabilities digest27123wordpress-popuptitle-xss(39426)3539Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest27123DSA-1502290143539Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digestDSA-1502290143539WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest3539Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.20080103 securityvulns.com russian vulnerabilities digest20080103 securityvulns.com russian vulnerabilities digest27126283353539Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.28284Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.484627154Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.HPSBGN02305284941019729ADV-2008-1042compaq-businessnotebook-pcbios-dos(41520)ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.HPSBMA023072762920080204 Hewlett-Packard Network Node Manager Topology Manager Service DoS VulnerabilityADV-2008-0424101930628798Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors.HPSBGN023101019311Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.In order to download the patch, user must login.HPSBMA0230927667ADV-2008-0472101932228844Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.HPSBST0230227643ADV-2008-0440101931228813The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.FreeBSD-SA-08:0127284101919128498freebsd-ptsname-information-disclosure(39667)The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.FreeBSD-SA-08:0127284101919128498freebsd-openpty-information-disclosure(39665)Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.27189icewarpmailserver-index-xss(39564)ADV-2008-013528460SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.48672719226821Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.20080109 Gateway WebLaunch ActiveX Control Insecure Method4869VU#73544127193ADV-2008-007728379Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.20080109 Gateway WebLaunch ActiveX Control Insecure Method4869ADV-2008-007728379Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.484427151wordpress-wpfilemanager-file-upload(39462)Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.27153ADV-2008-004528275justsystems-jsfc-bo(39501)1019168SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.48452715228340runcms-newbb-client-sql-injection(39478)Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.28384FEDORA-2008-07182719828489ADV-2008-0163MDVSA-2008:020SUSE-SR:2008:002GLSA-200801-122863628674DSA-147228507MDVSA-2008:04528955Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.20080104 Multiple vulnerabilities in yaSSL 1.7.520080104 Pre-auth buffer-overflow in mySQL through yaSSL271402832428419DSA-147828597ADV-2008-0560USN-588-1294433531yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.20080104 Multiple vulnerabilities in yaSSL 1.7.52714028324DSA-147828597ADV-2008-0560USN-588-1294433531Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.20080107 Linksys WRT54 GL - Session riding (CSRF)28364linksys-apply-csrf(39502)20080115 Re: Linksys WRT54 GL - Session riding (CSRF)3534The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.20080108 Level-One WBR-3460A Grants Root Access271831019162283973533PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.27208osdate-php121db-file-include(39567)487028420Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.20080109 LFI in Tuned Studios Templates27196tunedstudiostemplates-index-file-include(39555)48763532Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.27186zerocms-index-sql-injection(39530)4864Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.4864Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.20080110 Buffer-overflow in Quicktime Player 7.3.1.7020080110 Re: Buffer-overflow in Quicktime Player 7.3.1.704885VU#1121792722520080111 Re: Buffer-overflow in Quicktime Player 7.3.1.7020080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.7020080112 Re: Buffer-overflow in Quicktime Player 7.3.1.7020080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.7020080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.704906ADV-2008-0107101917828423quicktime-rtsp-responses-bo(39601)APPLE-SA-2008-02-063537The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.27199microsoft-vfpoleserver-command-execution(39559)487528417An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.27205microsoft-foxserver-command-execution(39558)487328417The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.27201microsoft-richtextbox-file-overwrite(39557)4874Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Please see the following link for more information regarding the exploit: http://aluigi.altervista.org/adv/xinermffhof-adv.txt28384MDVSA-2008:020GLSA-200801-1228674MDVSA-2008:04528955Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager10318027214ADV-2008-008928356sun-identity-lang-xss(39581)sun-identity-login-xss(39580)sun-identity-main-xss(39583)sun-identity-resultsform-xss(39582)10191752005583535/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager10318027214ADV-2008-008928356sun-identity-index-frame-injection(39586)2005583535Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 to allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager10318027214ADV-2008-008928356sun-identity-login-security-bypass(39590)2005583535Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.10316527253ADV-2008-0131101918728493solaris-libdevinfo-privilege-escalation(39629)200641oval:org.mitre.oval:def:5211Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.27215ADV-2008-008628411lotus-domino-unspecified-dos(39588)SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07487727206ADV-2008-0104101917128409maxdb-system-command-execution(39573)3536admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.487127203uploadimage-admin-command-execution(39571)admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.487127203uploadscript-admin-command-execution(39570)Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.27235ADV-2008-010628440ibm-tsmexpressserver-bo(39604)101918220080114 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow VulnerabilityBuffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow489427247streamaudio-chaincastproxymanager-bo(39622)ADV-2008-013328461PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.487227202phpwebquest-backup-information-disclosure(39572)Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.48922725028482visualinterdev-sln-project-bo(41826)Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.28430vbgallery-unspecified-code-execution(39621)Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.ADV-2008-00392835420080124 rPSA-2008-0030-1 CherryPy2718128611GLSA-200801-1128620DSA-148128769SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.49042726420080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabilybinnsbuilder-fulltext-sql-injection(39634)SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.49012726328446tutorialcms-activate-sql-injection(39642)SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.48862723028426igamingcms-archive-sql-injection(39598)Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.49002726228447aspphotogallery-multiple-sql-injection(39646)Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2846527269dansiesearchengine-search-xss(39636)Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.2726828474phprunningmanagement-index-xss(39639)Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.49022726528391minimalgallery-mgthumbs-file-include(39649)minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.490228391Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.2723928392mambo-search-dos(39613)SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.4898490527258agares-articleblock-sql-injection(39641)The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.27222ADV-2008-01081019176101917728394Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.ADV-2008-012928478drupal-metatags-code-execution(39638)Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.20080114 F5 BIG-IP Web Management List Search XSS272721019190f5bigip-searchstring-xss(39632)ADV-2008-0181285053545Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.20080106 eTicket 1.5.5.2 Multiple Vulnerabilities2717328331eticket-admin-csrf(39490)3542Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.20080106 eTicket 1.5.5.2 Multiple Vulnerabilities2717328331eticket-search-sql-injection(39489)3542Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.20080106 eTicket 1.5.5.2 Multiple Vulnerabilities2717328331eticket-view-xss(39488)3542Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.10318827260ADV-2008-0130101918628491solaris-dotoprocs-dos(39631)201513oval:org.mitre.oval:def:5400SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.48992725728448taskfreak-index-sql-injection(39645)The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.28418drupal-bueditor-csrf(39614)ADV-2008-0128Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.2723828422drupal-aggregator-csrf(39617)ADV-2008-0127Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.2723828422drupal-utf8-xss(39619)ADV-2008-0127Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.2723828422drupal-theme-xss(39605)ADV-2008-0127The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.drupal-atom-security-bypass(39607)Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.drupal-devel-variable-xss(39606)Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.drupal-fileshare-code-execution(39609)SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.490727277x7chatday-sql-injection(39656)28503SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.490827278xforum-liretopic-sql-injection(39654)SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.20080110 MTCMS <=2.0 SQL Injection Vulnerbility488227224mtcms-a-sql-injection(39597)284283544SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC))20080110 ID-Commerce Security Advisory - SLR-2007-00120080110 ID-Commerce Security Advisory - SLR-2007-00127220idcommerce-liste-sql-injection(39594)SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.48802721228393domphp-inscription-sql-injection(39593)PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.488327226Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilitiessimplemachinesforum-itemid-xss(39585)3540ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.2842527318GLSA-200801-1328673SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.20080115 Article DashBoard all version SQL Injection Vulnerability27286articledashboard-login-sql-injection(39657)20080116 Re: Article DashBoard all version SQL Injection Vulnerability284953546PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.48892723128424vcart-checkout-index-file-include(39616)Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.20080111 ImageAlbum Remote SQL Injection Vulnerabilities4895272403548PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."20080111 Member Area System (MAS) Remote File Include Vulnerability (view_func.php)27244mas-viewfunc-file-include(39611)20080118 Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php)3547Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.488727232digitalhive-base-sql-injection(39602)SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.49102728120080116 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit2731028449richstrongcms-showproduct-sql-injection(39668)Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.28501dansiephotoalbum-photoalbum-xss(39664)Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.28459freeseat-cron-security-bypass(39648)Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.2727028459freeseat-seatlocking-security-bypass(39647)Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.27221ADV-2008-010528383GLSA-200803-1329284DSA-154329766Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.ADV-2008-0105GLSA-200803-1329284DSA-154329766PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.4897photokorn-update3-information-disclosure(39652)KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.20080112 Safari 2 Denial of Service27261safari-khtml-webkit-dos(39635)3549common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.FEDORA-2008-0644FEDORA-2008-0722273072848828510paramiko-randompool-info-disclosure(39749)GLSA-200803-0729168mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.52322819529329mapbender-mapfilter-code-execution(41131)Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.20080311 Advisory: SQL-Injections in Mapbender20080311 Advisory: SQL-Injections in Mapbender52332819329329mapbender-gaz-sql-injection(41139)3728Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.DSA-14652733128513USN-572-128574The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.VU#568073280421019528Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.20080226 Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability28012101950429133FEDORA-2008-2060FEDORA-2008-2118USN-582-129167MDVSA-2008:062SSA:2008-061-01USN-582-2VU#661651290982921130327sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability281851019570ADV-2008-084429312maxdb-sdbstarter-privilege-escalation(41104)Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.20080310 SAP MaxDB Signedness Error Heap Corruption Vulnerability281831019571ADV-2008-084429312maxdb-vserver-code-execution(41107)Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).20080226 Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability27911ADV-2008-0680291401019503Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability27913ADV-2008-0680291401019503Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability5355SCOSA-2008.1101978729657sco-unixware-pkgadd-directory-traversal(41759)Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.20080402 Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability28602ADV-2008-1100101978629631starteam-pgmwebhandlerparserequest-bo(41647)Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability28507ADV-2008-107710197511019752101975329660The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability28509ADV-2008-107710197511019752101975329660Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.20080414 ClamAV libclamav PeSpin Heap Overflow VulnerabilityADV-2008-1227DSA-1549VU#85859529863clamav-spin-bo(41823)SUSE-SA:2008:0241019851MDVSA-2008:088287842989129886FEDORA-2008-3358FEDORA-2008-3420FEDORA-2008-3900299753025330328Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.20080212 ClamAV libclamav PE File Integer Overflow VulnerabilityADV-2008-050328907FEDORA-2008-1608FEDORA-2008-162527751101939428913DSA-1497GLSA-200802-09SUSE-SR:2008:004ADV-2008-06062894929001290262906029048APPLE-SA-2008-03-18ADV-2008-092429420MDVSA-2008:088Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.DSA-1547RHSA-2008:0175RHSA-2008:0176ADV-2008-12532986420080417 Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerabilityopenoffice-ole-bo(41860)FEDORA-2008-325129913MDVSA-2008:090231642SUSE-SA:2008:02328819ADV-2008-137510198902985229910298442987129987MDVSA-2008:095The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability29171ADV-2008-1476302031020006win-i2omgmt-code-execution(42358)Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.491127289cisco-vpnclient-cvpndrva-dos(39694)ADV-2008-0170101924028472SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.49162730228522fascriptfapersian-show-sql-injection(39716)SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.49172730228565fascriptfapersianhack-show-sql-injection(39717)SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.49142730228566fascriptfamp3-show-sql-injection(39714)SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.49152730328528fascriptfaname-page-sql-injection(39715)LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.49122729028432lulieblog-admin-security-bypass(39669)Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.2846327306ADV-2008-0598radiator-radius-dos(39730)Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.2808527314x2300-dns-dos(39731)Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.492020080116 [DSECRG-08-002] Local File Include in arias 0.99-627311aria-effect-file-include(39712)Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.49212731228521mailbeewebmail-download-directory-traversal(39724)Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.27282Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.2727528481bugtrackernet-bug-xss(39650)Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.28481bugtrackernet-http-csrf(39651)Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.49232851227319ADV-2008-0176miniweb-mwprocessreadsocket-bo(39718)Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.49232851227319ADV-2008-0176miniweb-mwgetlocal-directory-traversal(39713)Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-01802855620080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPUMultiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.HPSBMA02133TA08-017A27229ADV-2008-0150101921828518ADV-2008-018028556admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.488428427admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.4884The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).4893linux-kernel-ipv6-jumbogram-dos(39643)SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.49252732028516Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim.27316ADV-2008-0168101922427942sametime-client-mouseover-xss(39726)SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.492927326phpechocms-index-sql-injection(39741)Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.ADV-2008-01722850820080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow VulnerabilityVU#412228273291019231Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.49302732728504minifilehost-uploadphp-file-include(39799)SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.492427242284991019238pixelpost-indexphp-sql-injection(39721)Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities49192731728523Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities49192731728523Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.20080116 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit49262732428520gradman-agregarinfo-file-include(39732)3552Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities2733528560clevercopy-gallery-xss(39747)3553Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities2733528560clevercopy-postcomment-sql-injection(39746)3553Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.20080116 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.527321bittorrent-peers-bo(39719)utorrent-peers-bo(39720)28533285373554Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow27341ADV-2008-02421019245coreforce-firewall-registry-bo(39758)3555