VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. 27280 FEDORA-2008-0748 https://issues.rpath.com/browse/RPL-2146 linux-directory-security-bypass(39672) ADV-2008-0151 USN-578-1 USN-574-1 20080117 rPSA-2008-0021-1 kernel RHSA-2008:0089 MDVSA-2008:112 MDVSA-2008:044 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14 DSA-1479 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021 1019289 29245 28971 28806 28748 28706 28664 28643 28628 28626 28558 28485 RHSA-2008:0055 oval:org.mitre.oval:def:9709 SUSE-SA:2008:013 SUSE-SA:2008:006 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. FEDORA-2008-1603 FEDORA-2008-1467 ADV-2009-3316 ADV-2008-2780 ADV-2008-0488 http://www.vmware.com/security/advisories/VMSA-2009-0016.html 31681 27703 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components 20080208 CVE-2008-0002: Tomcat information disclosure vulnerability http://tomcat.apache.org/security-6.html http://support.apple.com/kb/HT3216 3638 GLSA-200804-10 37460 32222 29711 28915 28834 SUSE-SR:2009:004 APPLE-SA-2008-10-09 Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. 27188 RHSA-2008:0002 FEDORA-2008-0572 FEDORA-2008-0506 https://bugzilla.redhat.com/show_bug.cgi?id=426578 openpegasus-pambasic-bo(39527) http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 ADV-2008-1391 ADV-2008-1234 ADV-2008-0638 ADV-2008-0063 27172 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus 20080115 vuldb confusion between OpenPegasus issues 1019159 29986 29785 29056 28462 28338 oval:org.mitre.oval:def:10282 40082 [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus SSRT080000 HPSBMA02331 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. FEDORA-2008-1695 FEDORA-2008-1711 apache-modproxyftp-utf7-xss(39615) ADV-2008-1875 ADV-2008-0924 USN-575-1 1019185 27234 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability RHSA-2008:0009 RHSA-2008:0008 RHSA-2008:0007 RHSA-2008:0006 RHSA-2008:0005 RHSA-2008:0004 MDVSA-2008:016 MDVSA-2008:015 MDVSA-2008:014 http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm 3526 20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability GLSA-200803-19 35650 30732 29640 29420 29348 28977 28749 28607 28526 28471 28467 oval:org.mitre.oval:def:10812 SSRT090208 HPSBOV02683 HPSBUX02465 HPSBUX02465 HPSBUX02431 HPSBUX02431 [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server SUSE-SA:2008:021 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. 27336 103192 [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server FEDORA-2008-0891 FEDORA-2008-0831 FEDORA-2008-0794 FEDORA-2008-0760 https://bugzilla.redhat.com/show_bug.cgi?id=428044 xorg-pcffont-bo(39767) ADV-2008-3000 ADV-2008-0924 ADV-2008-0703 ADV-2008-0497 ADV-2008-0184 ADV-2008-0179 USN-571-1 27352 RHSA-2008:0064 RHSA-2008:0030 RHSA-2008:0029 MDVSA-2008:024 MDVSA-2008:022 MDVSA-2008:021 http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm 1019232 GLSA-200801-09 32545 28621 28592 28571 28550 28544 28542 28540 28536 28535 28532 28500 28273 oval:org.mitre.oval:def:10021 SUSE-SA:2008:003 JVNDB-2008-001043 JVN#88935101 HPSBUX02381 HPSBUX02381 http://bugs.gentoo.org/show_bug.cgi?id=204362 https://issues.rpath.com/browse/RPL-2010 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs [4.2] 20080208 006: SECURITY FIX: February 8, 2008 [4.1] 20080208 012: SECURITY FIX: February 8, 2008 GLSA-200805-07 http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm 201230 GLSA-200804-05 30161 29707 29622 29420 29139 28941 28885 28843 28718 SUSE-SR:2008:008 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. ADV-2008-2222 ADV-2008-0445 USN-618-1 RHSA-2008:0787 MDVSA-2008:174 MDVSA-2008:112 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17 DSA-1565 33280 31246 30769 30116 30112 30110 30018 oval:org.mitre.oval:def:9412 [linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix SUSE-SA:2008:006 27705 27686 20080208 rPSA-2008-0048-1 kernel RHSA-2008:0237 RHSA-2008:0233 RHSA-2008:0211 MDVSA-2008:072 MDVSA-2008:044 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 DSA-1504 DSA-1503 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048 1019357 29570 29058 28826 28806 SUSE-SA:2008:017 The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. FEDORA-2008-0994 FEDORA-2008-0963 https://bugzilla.redhat.com/show_bug.cgi?id=425481 https://bugzilla.novell.com/show_bug.cgi?id=347822 pulseaudio-padroproot-privilege-escalation(39992) ADV-2008-0283 USN-573-1 27449 MDVSA-2008:027 DSA-1476 GLSA-200802-07 28952 28738 28623 28608 http://pulseaudio.org/changeset/2100 http://bugs.gentoo.org/show_bug.cgi?id=207214 The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. https://bugzilla.redhat.com/show_bug.cgi?id=431206 ADV-2008-0487 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt FEDORA-2008-1423 FEDORA-2008-1422 27799 27704 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference 28896 28835 The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. ADV-2008-0487 5093 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt FEDORA-2008-1423 FEDORA-2008-1422 27796 27704 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference DSA-1494 28896 28875 28835 Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." TA08-162B 29581 MS08-033 1020222 30579 ADV-2008-1780 oval:org.mitre.oval:def:5236 SSRT080087 SSRT080087 Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. VU#768681 application-rpc-config1-bo(39918) ADV-2008-3127 32261 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) 32618 http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. VU#768681 application-rpc-config2-bo(39919) ADV-2008-3127 32261 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) 32618 http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. VU#768681 application-rpc-config3-bo(39920) ADV-2008-3127 32261 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) 32618 http://blogs.iss.net/archive/trend.html Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." TA09-223A TA09-195A TA09-187A VU#180513 ADV-2009-2232 1022514 35585 35558 MS09-037 MS09-032 http://www.microsoft.com/technet/security/advisory/972890.mspx 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799 36187 oval:org.mitre.oval:def:7436 oval:org.mitre.oval:def:6363 oval:org.mitre.oval:def:6333 55651 http://isc.sans.org/diary.html?storyid=6733 http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. https://bugzilla.mozilla.org/show_bug.cgi?id=443288 FEDORA-2008-8429 FEDORA-2008-8401 https://bugzilla.mozilla.org/show_bug.cgi?id=451617 ADV-2009-0977 ADV-2008-2661 USN-645-2 USN-645-1 1020913 31397 RHSA-2008:0908 RHSA-2008:0882 http://www.mozilla.org/security/announce/2008/mfsa2008-37.html MDVSA-2008:206 MDVSA-2008:205 DSA-1697 DSA-1696 DSA-1669 DSA-1649 256408 SSA:2008-270-01 SSA:2008-269-01 SSA:2008-269-02 34501 33434 33433 32845 32196 32185 32144 32092 32082 32044 32042 32012 32010 31985 31984 oval:org.mitre.oval:def:11579 SUSE-SA:2008:050 http://download.novell.com/Download?buildid=WZXONb-tqBw~ The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. TA08-319A FEDORA-2008-9669 FEDORA-2008-9667 https://bugzilla.mozilla.org/show_bug.cgi?id=443299 ADV-2009-0977 ADV-2008-3146 1021185 32281 RHSA-2008:0978 RHSA-2008:0977 http://www.mozilla.org/security/announce/2008/mfsa2008-54.html MDVSA-2008:230 MDVSA-2008:228 20081113 Mozilla Unchecked Allocation Remote Code Execution DSA-1697 DSA-1671 DSA-1669 USN-667-1 256408 34501 33433 32853 32845 32778 32721 32714 32713 32695 32694 32693 32684 oval:org.mitre.oval:def:11005 SUSE-SA:2008:055 Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. TA09-223A ADV-2009-2232 MS09-037 1022712 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities 36187 oval:org.mitre.oval:def:5850 http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. cucm-interface-sql-injection(40484) ADV-2008-0542 1019404 27775 20080213 SQL injection in Cisco Unified Communications Manager 28932 Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. 20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow cisco-cucm-ctl-bo(39704) ADV-2008-0171 27313 20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 1019223 3551 28530 Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. pix-asa-ttl-dos(39862) ADV-2008-0259 1019263 1019262 27418 20080123 Cisco PIX and ASA Time-to-Live Vulnerability 28625 Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. ADV-2008-0260 20080123 Default Passwords in the Application Velocity System ciscoavs-default-password-admin-account(39860) 1019259 27421 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. TA08-016A ADV-2008-0148 APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307301 quicktime-sorenson-code-execution(39695) 1019221 27298 28502 Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. TA08-016A 20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability ADV-2008-0148 APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307301 quicktime-macintosh-code-execution(39696) 1019221 27301 28502 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. TA08-016A quicktime-idsc-code-execution(39697) ADV-2008-0148 1019221 27299 20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability 28502 APPLE-SA-2008-01-15 http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 http://docs.info.apple.com/article.html?artnum=307301 Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. ADV-2008-0147 APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307302 iphone-passcode-lock-security-bypass(39701) 1019219 27297 28497 Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. TA08-043B iphone-ipod-foundation-code-execution(39700) ADV-2008-0495 ADV-2008-0147 1019220 27296 28891 28497 APPLE-SA-2008-01-15 APPLE-SA-2008-02-11 http://docs.info.apple.com/article.html?artnum=307430 http://docs.info.apple.com/article.html?artnum=307302 Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. TA08-016A ADV-2008-2064 ADV-2008-0148 31034 APPLE-SA-2008-01-15 APPLE-SA-2008-07-10 http://docs.info.apple.com/article.html?artnum=307301 quicktime-pict-bo(39698) 1019221 27300 28502 X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. TA08-043B APPLE-SA-2008-02-11 ADV-2008-0495 1019365 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. TA08-043B APPLE-SA-2008-02-11 ADV-2008-0495 1019360 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. TA08-043B APPLE-SA-2008-02-11 ADV-2008-0495 1019361 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. TA08-043B APPLE-SA-2008-02-11 ADV-2008-0495 1019362 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. TA08-043B APPLE-SA-2008-02-11 ADV-2008-0495 1019363 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. TA08-043B VU#774345 APPLE-SA-2008-02-11 ADV-2008-0495 1019364 27736 28891 http://docs.info.apple.com/article.html?artnum=307430 Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. APPLE-SA-2008-02-05 ADV-2008-0428 1019307 28805 http://docs.info.apple.com/article.html?artnum=307398 27636 Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. TA08-079A APPLE-SA-2008-03-18 macos-afpclient-bo(41319) ADV-2008-0924 1019640 28320 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. TA08-079A APPLE-SA-2008-03-18 macos-afpserver-security-bypass(41318) ADV-2008-0924 1019642 28323 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. TA08-079A APPLE-SA-2008-03-18 macos-applicationfirewall-weak-security(41317) ADV-2008-0924 1019658 28368 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. TA08-079A APPLE-SA-2008-03-18 FEDORA-2008-2897 FEDORA-2008-2131 ADV-2008-0924 ADV-2008-0921 USN-598-1 1019646 28307 RHSA-2008:0192 MDVSA-2008:081 DSA-1530 GLSA-200804-01 29750 29655 29634 29603 29573 29485 29448 29431 29420 oval:org.mitre.oval:def:10085 SUSE-SA:2008:015 20080318 Multiple Vendor CUPS CGI Heap Overflow Vulnerability http://docs.info.apple.com/article.html?artnum=307562 Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. TA08-079A APPLE-SA-2008-03-18 macos-appkit-nsdocument-bo(41315) ADV-2008-0924 1019647 28388 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. TA08-079A APPLE-SA-2008-03-18 macos-appkit-code-execution(41314) ADV-2008-0924 1019647 http://docs.info.apple.com/article.html?artnum=307562 28340 28304 29420 CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. TA08-079A APPLE-SA-2008-03-18 macos-cfnetwork-502badgateway-spoofing(41313) ADV-2008-2094 ADV-2008-0924 ADV-2008-0920 1019655 31074 APPLE-SA-2008-07-11 http://docs.info.apple.com/article.html?artnum=307563 http://docs.info.apple.com/article.html?artnum=307562 28356 28290 29420 Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. TA08-079A APPLE-SA-2008-03-18 macos-corefoundation-timezone-code-execution(41310) ADV-2008-0924 1019670 28375 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. TA08-079A APPLE-SA-2008-03-18 macos-coreservices-weak-security(41312) ADV-2008-0924 1019671 28384 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. TA08-079A APPLE-SA-2008-03-18 FEDORA-2008-2897 macos-cups-inputvalidation-unspecified(41272) ADV-2008-0924 USN-598-1 1019672 28334 28304 RHSA-2008:0206 RHSA-2008:0192 MDVSA-2008:081 DSA-1625 GLSA-200804-01 31324 29750 29659 29655 29634 29630 29603 29573 29420 oval:org.mitre.oval:def:10356 SUSE-SA:2008:020 http://docs.info.apple.com/article.html?artnum=307562 Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. TA08-079A APPLE-SA-2008-03-18 macos-nsselectorfromstring-code-execution(41355) ADV-2008-0924 1019649 28341 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. TA08-079A APPLE-SA-2008-03-18 macos-nsfilemanager-priv-escalation(41299) ADV-2008-0924 1019649 28343 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. TA08-079A APPLE-SA-2008-03-18 macos-foundation-nsfilemanager-bo(41309) ADV-2008-0924 1019649 28357 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. TA08-079A APPLE-SA-2008-03-18 macos-appkit-parser-bo(41298) ADV-2008-0924 1019648 28358 28304 http://docs.info.apple.com/article.html?artnum=307562 Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. TA08-079A APPLE-SA-2008-03-18 macos-foundation-nsurl-code-execution(41297) ADV-2008-0924 1019650 28359 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." TA08-079A APPLE-SA-2008-03-18 macos-foundation-code-execution(41296) ADV-2008-0924 1019650 28367 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. TA08-079A APPLE-SA-2008-03-18 macos-helpviewer-code-execution(41295) ADV-2008-0924 1019657 28371 28304 29420 http://docs.info.apple.com/article.html?artnum=307562 MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records." ADV-2008-0026 http://www.maradns.org/changelog.html http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html 27124 DSA-1445 GLSA-200801-16 28650 28334 28329 http://bugs.gentoo.org/show_bug.cgi?id=204351 KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. VU#895609 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt krb5-kdc-code-execution(41275) ADV-2008-1744 ADV-2008-1102 ADV-2008-0924 ADV-2008-0922 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc oval:org.mitre.oval:def:9496 SSRT100495 HPSBOV02682 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 FEDORA-2008-2647 FEDORA-2008-2637 http://www.vmware.com/security/advisories/VMSA-2008-0009.html USN-587-1 1019626 28303 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation RHSA-2008:0182 RHSA-2008:0181 RHSA-2008:0180 RHSA-2008:0164 MDVSA-2008:071 MDVSA-2008:070 MDVSA-2008:069 GLSA-200803-31 DSA-1524 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 http://wiki.rpath.com/Advisories:rPSA-2008-0112 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html 30535 29663 29516 29464 29462 29457 29451 29450 29438 29435 29428 29424 29423 29420 SUSE-SA:2008:016 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt FEDORA-2008-2647 FEDORA-2008-2637 krb5-kdc-kerberos4-info-disclosure(41277) ADV-2008-1744 ADV-2008-1102 ADV-2008-0924 ADV-2008-0922 http://www.vmware.com/security/advisories/VMSA-2008-0009.html USN-587-1 1019627 28303 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc RHSA-2008:0182 RHSA-2008:0181 RHSA-2008:0180 RHSA-2008:0164 MDVSA-2008:071 MDVSA-2008:070 MDVSA-2008:069 GLSA-200803-31 DSA-1524 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 http://wiki.rpath.com/Advisories:rPSA-2008-0112 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html 30535 29663 29516 29464 29462 29457 29451 29450 29438 29435 29428 29424 29423 29420 oval:org.mitre.oval:def:8916 SUSE-SA:2008:016 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. 28326 ADV-2008-0329 ADV-2008-0328 27514 http://secunia.com/secunia_research/2008-1/advisory 28710 Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. http://www.winamp.com/player/version-history ADV-2008-0183 http://secunia.com/secunia_research/2008-2/advisory/ 27865 winamp-inmp3-bo(39778) 27344 Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. autonomy-keyview-html-multiple-bo(41724) ADV-2008-1156 ADV-2008-1153 1019843 28454 20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 http://secunia.com/secunia_research/2008-3/advisory/ 28210 28209 28140 Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. 33147 20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities 1021521 8307 4885 http://secunia.com/secunia_research/2008-13/ 28074 SSRT080144 SSRT080144 Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. hpopenview-openview5-directory-traversal(41790) ADV-2008-1214 28745 20080414 Secunia Research: HP OpenView Network Node Manager OpenView5.exeDirectory Traversal 20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 3814 HPSBMA02349 HPSBMA02349 http://aluigi.altervista.org/adv/closedviewx-adv.txt 1019839 1019838 44359 http://secunia.com/secunia_research/2008-4/advisory/ 29796 Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. 29620 xnview-slideshow-bo(41542) ADV-2008-1044 28579 5346 http://secunia.com/secunia_research/2008-6/advisory/ Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. orb-dimensions-bo(41410) ADV-2008-0984 28431 http://secunia.com/secunia_research/2008-5/advisory/ 28203 The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. 29661 ADV-2008-1809 ADV-2008-1808 1020265 20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS 5918 1020266 3943 http://secunia.com/secunia_research/2008-7/advisory/ 30605 28703 Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. VU#512491 DSA-1512 FEDORA-2008-2292 FEDORA-2008-2290 https://issues.rpath.com/browse/RPL-2310 evolution-emfmultipart-format-string(41011) ADV-2008-0768 USN-583-1 1019540 28102 20080528 rPSA-2008-0105-1 evolution RHSA-2008:0178 RHSA-2008:0177 MDVSA-2008:063 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105 GLSA-200803-12 http://secunia.com/secunia_research/2008-8/advisory/ 30491 30437 29317 29264 29258 29244 29210 29163 29057 oval:org.mitre.oval:def:10701 SUSE-SA:2008:014 Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. http://xinehq.de/index.php/news http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 xinelib-sdpplinparse-bo(41339) ADV-2008-0985 ADV-2008-0923 USN-635-1 28312 MDVSA-2008:219 MDVSA-2008:178 GLSA-200808-01 http://secunia.com/secunia_research/2008-10/ 31393 31372 30581 29503 28694 FEDORA-2008-2569 FEDORA-2008-2945 http://www.videolan.org/security/sa0803.php SSA:2008-089-03 1019682 DSA-1543 DSA-1536 http://wiki.videolan.org/Changelog/0.8.6f GLSA-200804-25 29800 29766 29740 29601 29578 29472 29392 SUSE-SR:2008:012 SUSE-SR:2008:007 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. TA08-043C ADV-2008-0507 SSRT080016 1019384 27101 28849 HPSBST02314 oval:org.mitre.oval:def:5389 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. TA08-043C ADV-2008-0508 SSRT080016 1019385 27676 28893 HPSBST02314 oval:org.mitre.oval:def:5308 Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." TA08-043C ADV-2008-0512 MS08-010 SSRT080016 1019379 27668 28903 HPSBST02314 oval:org.mitre.oval:def:5487 Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." TA08-043C VU#228569 MS08-010 http://www.zerodayinitiative.com/advisories/ZDI-08-006.html ADV-2008-0512 1019380 27666 20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability 28903 SSRT080016 SSRT080016 20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability oval:org.mitre.oval:def:5396 Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." TA08-043C ADV-2008-0512 MS08-010 SSRT080016 1019381 27689 28903 HPSBST02314 oval:org.mitre.oval:def:4904 Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. TA08-043C ADV-2008-0509 MS08-007 SSRT080016 1019372 27670 28894 HPSBST02314 oval:org.mitre.oval:def:5381 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. TA08-071A 27305 MS08-014 http://www.microsoft.com/technet/security/advisory/947563.mspx microsoft-excel-unspecified-code-execution(39699) ADV-2008-0846 ADV-2008-0146 947563 1019200 28506 SSRT080028 SSRT080028 oval:org.mitre.oval:def:5546 An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. TA08-225A MS08-050 ADV-2008-2354 1020681 30551 20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability 31446 oval:org.mitre.oval:def:5995 HPSBST02360 HPSBST02360 The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. TA08-099A 28551 MS08-022 ADV-2008-1146 1019799 29712 oval:org.mitre.oval:def:5495 SSRT080048 HPSBST02329 Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. Apply patches. Windows Vista: http://www.microsoft.com/downloads/de...=8ce9608b-7049-47cd-adc4-22a803877d33 Windows Vista x64 Edition: http://www.microsoft.com/downloads/de...=d7b9c3d1-9c23-4e05-bac6-d0b327feaf53 TA08-043C ADV-2008-0506 SSRT080016 1019383 27634 28828 SSRT080016 oval:org.mitre.oval:def:5240 SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. TA08-190A MS08-040 ADV-2008-2022 http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html 1020441 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 30970 oval:org.mitre.oval:def:14213 Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. TA08-190A ADV-2008-2022 http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html 1020441 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability MS08-040 30970 oval:org.mitre.oval:def:14052 The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. TA08-099A 28553 ADV-2008-1144 http://www.trusteer.com/docs/windowsresolver.html 1019802 20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) MS08-020 29696 oval:org.mitre.oval:def:5314 SSRT080048 HPSBST02329 Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. TA08-043C ADV-2008-0505 MS08-003 SSRT080016 1019382 27638 28764 HPSBST02314 oval:org.mitre.oval:def:5181 SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. 27108 4830 28313 40077 clipshare-uprofile-sql-injection(39364) A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. 27106 4829 divxwebplayer-npUpload-dos(39386) Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. ADV-2008-0051 27092 4828 20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible agency4net-download2-directory-traversal(39343) 28309 Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. 27090 20080101 Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search http://phpwebsite.appstate.edu/blog/2143 phpwebsite-search-xss(39391) 3511 28303 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. http://www.digitrustgroup.com/advisories/web-application-security-eticket.html 28331 eticket-name-subject-xss(39400) 27130 Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. 28220 modx-ajaxsearch-file-include(39352) 27097 27096 20080102 MODx CMS Source code disclosure, local file inclusion http://modxcms.com/forums/index.php/topic,21290.0.html 3522 The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. 27110 28312 http://downloads.digium.com/pub/security/AST-2008-001.html http://bugs.digium.com/view.php?id=11637 FEDORA-2008-0199 FEDORA-2008-0198 asterisk-bye-also-dos(39361) ADV-2008-0019 1019152 20080102 AST-2008-001: Crash from transfer using BYE with Also header 28299 3520 Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password. 27103 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 28307 http://aluigi.altervista.org/adv/gswsshit-adv.txt 3517 Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message. 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 28307 http://aluigi.altervista.org/adv/gswsshit-adv.txt 3517 Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. ADV-2008-0016 http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer 27091 28276 [Dailydave] 20080101 0day RealPlayer exploit demo http://gleg.net/realplayer11.html 1019153 Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. 27118 4831 Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file. 27102 28287 whitedune-sceneerrorf-bo(39385) 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 http://vrml.cip.ica.uni-stuttgart.de/dune/news.html http://aluigi.altervista.org/adv/whitedunboffs-adv.txt 3516 Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file. 27102 28287 whitedune-swdegugf-format-string(39388) 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 http://vrml.cip.ica.uni-stuttgart.de/dune/news.html http://aluigi.altervista.org/adv/whitedunboffs-adv.txt 3516 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." TA08-043C MS08-012 ADV-2008-0514 SSRT080016 1019376 27739 28906 HPSBST02314 oval:org.mitre.oval:def:5305 Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." TA08-043C MS08-013 ADV-2008-0515 SSRT080016 1019375 27738 28909 SSRT080016 oval:org.mitre.oval:def:5407 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." TA08-043C ADV-2008-0514 MS08-012 SSRT080016 1019377 27740 28906 SSRT080016 oval:org.mitre.oval:def:4547 Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." TA08-043C ADV-2008-0513 MS08-011 SSRT080016 1019387 27658 28904 SSRT080016 oval:org.mitre.oval:def:5009 Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. TA08-190A ADV-2008-2022 http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html 1020441 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability MS08-040 30970 oval:org.mitre.oval:def:13785 Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability." TA08-190A MS08-040 ADV-2008-2022 http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html 1020441 30119 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability http://www.insomniasec.com/advisories/ISVA-080709.1.htm 30970 oval:org.mitre.oval:def:13936 20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." TA08-043C ADV-2008-0513 1019388 27659 5107 MS08-011 28904 SSRT080016 SSRT080016 20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability oval:org.mitre.oval:def:5202 Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. TA08-043C VU#692417 MS08-009 ADV-2008-0511 1019374 27656 20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient 28901 SSRT080016 SSRT080016 oval:org.mitre.oval:def:5073 Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. TA08-071A VU#393305 28147 MS08-015 ADV-2008-0847 1019579 29320 HPSBST02320 HPSBST02320 oval:org.mitre.oval:def:5278 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." TA08-071A 28094 MS08-014 ADV-2008-0846 1019582 SSRT080028 HPSBST02320 oval:org.mitre.oval:def:5114 Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." TA08-071A 28095 MS08-014 ADV-2008-0846 1019583 SSRT080028 HPSBST02320 oval:org.mitre.oval:def:5284 Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." TA08-071A MS08-016 http://www.zerodayinitiative.com/advisories/ZDI-08-008 ADV-2008-0848 1019578 20080311 ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability 29321 HPSBST02320 HPSBST02320 oval:org.mitre.oval:def:5421 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. TA08-071A 28166 MS08-014 ADV-2008-0846 1019584 HPSBST02320 HPSBST02320 oval:org.mitre.oval:def:5456 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." TA08-071A 28167 MS08-014 ADV-2008-0846 1019585 HPSBST02320 HPSBST02320 oval:org.mitre.oval:def:5512 Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." TA08-071A 28168 MS08-014 ADV-2008-0846 1019586 20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability HPSBST02320 HPSBST02320 http://dvlabs.tippingpoint.com/advisory/TPTI-08-03 oval:org.mitre.oval:def:5212 Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." TA08-071A 28170 MS08-014 ADV-2008-0846 1019587 SSRT080028 HPSBST02320 oval:org.mitre.oval:def:5508 Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." TA08-071A 28146 MS08-016 ADV-2008-0848 1019578 29321 HPSBST02320 HPSBST02320 oval:org.mitre.oval:def:5190 Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." TA08-134A MS08-027 ADV-2008-1505 1020015 29158 20080514 Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability 30150 oval:org.mitre.oval:def:5303 HPSBST02336 HPSBST02336 Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." TA08-225A MS08-051 31453 ADV-2008-2355 1020676 30552 oval:org.mitre.oval:def:5768 SSRT080117 SSRT080117 20080812 Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." TA08-225A ADV-2008-2355 1020676 30554 MS08-051 31453 oval:org.mitre.oval:def:5724 HPSBST02360 HPSBST02360 20080812 Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. VU#203611 27283 FreeBSD-SA-08:02 FEDORA-2008-0904 FEDORA-2008-0903 https://issues.rpath.com/browse/RPL-2169 https://bugzilla.redhat.com/show_bug.cgi?id=429149 freebsd-inetnetwork-bo(39670) http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow ADV-2008-1743 ADV-2008-0703 ADV-2008-0193 1019189 20080124 rPSA-2008-0029-1 bind bind-utils RHSA-2008:0300 http://www.isc.org/index.pl?/sw/bind/bind-security.php http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm 238493 30718 30538 30313 29323 29161 28579 28487 28429 28367 oval:org.mitre.oval:def:10190 SUSE-SR:2008:006 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. ADV-2008-0164 http://int21.de/cve/CVE-2008-0123-moodle.html 20080111 Cross site scripting (XSS) in Moodle 1.8.3 moodle-install-xss(39630) 27259 20080111 Cross site scripting (XSS) in Moodle 1.8.3 28838 SUSE-SR:2008:003 Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html serendipity-realname-username-xss(40851) ADV-2008-0700 1019502 28003 DSA-1528 29502 29128 http://int21.de/cve/CVE-2008-0124-s9y.html Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter. phpstats-phpstats-xss(41261) 28291 20080317 Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125 3765 The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. 27197 20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected 20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472 mcafee-ebusiness-packet-code-execution(39563) mcafee-ebusiness-authentication-packet-dos(39561) ADV-2008-0087 4878 1019170 3530 28408 The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 apache-singlesignon-information-disclosure(39804) ADV-2009-0233 ADV-2008-0192 27365 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://security-tracker.debian.net/tracker/CVE-2008-0128 33668 31493 28552 28549 RHSA-2008:0630 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx RHSA-2008:0261 29242 SUSE-SR:2008:005 SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. 4832 siteatschool-slideshowfull-sql-injection(39417) 27120 SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dating-site-login-sql-injection(39326) dating-site-login-sql-injection(39326) 28283 39766 Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27121 28283 Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username. fortressssh-sshd-dos(39354) http://aluigi.org/poc/pragmassh.zip http://aluigi.altervista.org/adv/pragmassh-adv.txt 27141 20080104 Some DoS in some telnet servers Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. 27149 4840 28362 tribisur-catmain-forum-sql-injection(39443) Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. 27162 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt 28284 http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. ADV-2008-0053 4838 snetworks-configinc-file-include(39468) PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. xoops-modgallery-zendhashkey-file-include(39461) 27155 4847 Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. 27157 28336 4849 loudblog-template-code-execution(39445) Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. uebimiau-webmail-error-directory-traversal(39460) 27154 4846 20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. 27145 4835 webportal-action-weak-security(39486) Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. 4835 PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. samPHPweb-db-file-include(39397) http://www.spacialaudio.com/news/index.html 27137 4834 28355 PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. netrisk-index-file-include(39419) 27136 4833 28328 20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. php-glob-openbasedir-security-bypass(39401) ADV-2008-0059 http://www.php.net/releases/4_4_8.php http://www.php.net/ChangeLog-4.php 28318 http://bugs.php.net/bug.php?id=41655 SSA:2008-045-03 28936 Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. 27116 20080103 xss in w3-msql error page 28294 51235 3521 SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. 27180 4863 28301 smallnuke-index-sql-injection(39525) TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. 28291 4861 tutos-cmd-command-execution(39531) TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. 28291 4861 Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. 27144 20080104 Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 http://www.arubanetworks.com/support/alerts/aid-122207.asc 28357 3529 Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. wacserver-option-dos(39427) 27142 20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503 20080104 Some DoS in some telnet servers 3525 28272 http://aluigi.altervista.org/adv/wachof-adv.txt http://aluigi.altervista.org/adv/waccaz-adv.txt SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode. 27134 28316 20080104 Some DoS in some telnet servers http://aluigi.altervista.org/adv/slnetmsg-adv.txt telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference. pragmatelnetserver-telnetd-dos(39353) 27143 20080104 Some DoS in some telnet servers http://aluigi.altervista.org/adv/pragmatel-adv.txt SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. evilboard-index-sql-injection(39529) 27190 4865 Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter. 27190 4865 evilboard-index-xss(39526) Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter. milliondollarscript-index-dir-traversal(39492) 27174 20080107 Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. 3524 SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. flexbb-flexbbtempid-sql-injection(39475) 27164 4858 28373 Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. shopscript-index-directory-traversal(39449) 27165 http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt 4855 SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. eggblog-eggblogmail-sql-injection(39473) 27168 4860 28371 misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. DSA-1500 27936 29080 29064 GLSA-200803-05 29190 Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. DSA-1494 linux-kernel-proc-unauth-access(40486) 27798 27704 28875 Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. Must login to view link 1015140 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning http://www.procheckup.com/Hacking_Plone_CMS.pdf 29361 http://plone.org/about/security/advisories/cve-2008-0164 plone-joinform-csrf(41263) 3754 Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. ikiwiki-change-password-csrf(41904) ADV-2008-1297 DSA-1553 29932 29907 http://ikiwiki.info/security/#index31h2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445 OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. TA08-137A VU#925211 USN-612-2 USN-612-1 DSA-1576 DSA-1571 openssl-rng-weak-security(42375) USN-612-7 USN-612-4 USN-612-3 1020017 29179 20080515 Debian generated SSH-Keys working exploit 5720 5632 5622 [rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem 30249 30239 30231 30221 30220 30136 http://metasploit.com/users/hdm/tools/debian-openssl/ The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. DSA-1577 gforge-unspecified-symlink(42456) ADV-2008-1537 29215 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz 30286 30088 Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. ikiwiki-openid-passwordauth-auth-bypass(42798) ADV-2008-1710 29479 [oss-security] 20080531 Re: CVE id request: ikiwiki 30468 http://ikiwiki.info/security/#index33h2 http://ikiwiki.info/news/version_2.48/index.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770 regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. https://issues.rpath.com/browse/RPL-2143 ADV-2008-0249 USN-570-1 27325 http://svn.boost.org/trac/boost/changeset/42745 http://svn.boost.org/trac/boost/changeset/42674 http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA-2008-0880 20080213 rPSA-2008-0063-1 boost MDVSA-2008:032 GLSA-200802-08 http://wiki.rpath.com/Advisories:rPSA-2008-0063 29323 28943 28860 28705 28545 28527 28511 SUSE-SR:2008:006 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. https://issues.rpath.com/browse/RPL-2143 ADV-2008-0249 USN-570-1 27325 http://svn.boost.org/trac/boost/changeset/42745 http://svn.boost.org/trac/boost/changeset/42674 http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA-2008-0880 20080213 rPSA-2008-0063-1 boost MDVSA-2008:032 GLSA-200802-08 http://wiki.rpath.com/Advisories:rPSA-2008-0063 29323 28943 28860 28705 28545 28527 28511 SUSE-SR:2008:006 SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. DSA-1459 ADV-2008-0115 27266 gforge-multiple-sql-injection(39666) 28451 28395 GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. VU#180876 30754 20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459 1019273 20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability 3590 Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. VU#339345 ADV-2008-0307 1019274 27446 20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460 28678 20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution 3591 Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. VU#308556 ADV-2008-0306 1019275 27447 20080125 C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458 28663 20080129 Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow 3592 The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. VU#110947 TA08-150A 27642 28788 ADV-2008-2094 ADV-2008-1697 ADV-2008-0688 ADV-2008-0441 http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 31074 28816 APPLE-SA-2008-07-11 http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1 5191 1019314 FreeBSD-SA-08:04 30430 29130 28979 APPLE-SA-2008-05-28 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. VU#326065 27547 http://support.liferay.com/browse/LEP-4736 28742 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. VU#888209 27550 http://support.liferay.com/browse/LEP-4737 28742 Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. VU#732449 27546 http://support.liferay.com/browse/LEP-4738 28742 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. VU#217825 27554 http://support.liferay.com/browse/LEP-4739 28742 Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. VU#767825 http://support.liferay.com/browse/LEP-4739 28742 Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. 27184 20080108 sysHotel On Line Remote File Disclosure Vulnerability. 3528 SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). 27161 4852 http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681 28328 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. 27161 4852 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) 28369 SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. sambroadcaster-songinfo-sql-injection(39463) 27147 4836 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter. awesometemplateengine-multiple-xss(39396) 27125 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1694/ http://securityvulns.ru/Sdocument784.html 20080103 securityvulns.com russian vulnerabilities digest 3539 WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. wordpress-p-path-disclosure(39423) 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1634/ http://securityvulns.ru/Sdocument663.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. wordpress-popuptitle-xss(39426) 27123 http://websecurity.com.ua/1658/ http://securityvulns.ru/Sdocument714.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. 27123 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1676/ http://securityvulns.ru/Sdocument755.html 20080103 securityvulns.com russian vulnerabilities digest DSA-1502 3539 29014 Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1676/ http://securityvulns.ru/Sdocument755.html 20080103 securityvulns.com russian vulnerabilities digest DSA-1502 3539 29014 WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1687/ http://websecurity.com.ua/1686/ http://websecurity.com.ua/1683/ http://websecurity.com.ua/1679/ http://securityvulns.ru/Sdocument773.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument762.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1687/ http://websecurity.com.ua/1686/ http://websecurity.com.ua/1683/ http://websecurity.com.ua/1679/ http://securityvulns.ru/Sdocument773.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument762.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1641/ http://websecurity.com.ua/1600/ http://securityvulns.ru/Sdocument667.html http://securityvulns.ru/Sdocument546.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1641/ http://websecurity.com.ua/1600/ http://securityvulns.ru/Sdocument667.html http://securityvulns.ru/Sdocument546.html 20080103 securityvulns.com russian vulnerabilities digest 3539 PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1259/ http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 http://securityvulns.ru/Sdocument731.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter. 27138 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1442/ http://securityvulns.ru/Sdocument625.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter. expressionengine-index-xss(39442) 27128 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1454/ http://securityvulns.ru/Sdocument472.html 20080103 securityvulns.com russian vulnerabilities digest 3539 CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. 27128 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1454/ http://securityvulns.ru/Sdocument472.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1596/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1576/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1576/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1588/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI. 27126 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1259/ http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 http://securityvulns.ru/Sdocument731.html 28335 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. 27162 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt 28284 http://hackerscenter.com/archive/view.asp?id=28145 Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. 27154 4846 Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. HPSBGN02305 compaq-businessnotebook-pcbios-dos(41520) ADV-2008-1042 28494 1019729 SSRT080004 ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. 27629 ADV-2008-0424 1019306 SSRT071420 SSRT071420 28798 20080204 Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors. 1019311 HPSBGN02310 HPSBGN02310 Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. In order to download the patch, user must login. SSRT080013 ADV-2008-0472 27667 HPSBMA02309 1019322 28844 Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors. ADV-2008-0440 1019312 27643 28813 SSRT071474 SSRT071474 The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. FreeBSD-SA-08:01 freebsd-ptsname-information-disclosure(39667) 1019191 27284 28498 The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. FreeBSD-SA-08:01 freebsd-openpty-information-disclosure(39665) 1019191 27284 28498 Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. icewarpmailserver-index-xss(39564) ADV-2008-0135 http://www.securityfocus.com/data/vulnerabilities/exploits/27189.html 27189 28460 SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. webquest-soportehorizontalw-sql-injection(39560) 27192 4867 26821 Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. VU#735441 ADV-2008-0077 27193 4982 4869 28379 20080109 Gateway WebLaunch ActiveX Control Insecure Method Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. ADV-2008-0077 4869 28379 20080109 Gateway WebLaunch ActiveX Control Insecure Method Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. wordpress-wpfilemanager-file-upload(39462) 27151 4844 Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. justsystems-jsfc-bo(39501) ADV-2008-0045 1019168 27153 http://www.justsystems.com/jp/info/pd8001.html http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107 28275 JVN#08237857 SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. runcms-newbb-client-sql-injection(39478) 27152 28340 4845 Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. FEDORA-2008-0718 https://bugzilla.redhat.com/show_bug.cgi?id=428620 ADV-2008-0163 USN-635-1 27198 SUSE-SR:2008:002 MDVSA-2008:045 MDVSA-2008:020 DSA-1472 http://sourceforge.net/project/shownotes.php?release_id=567872 GLSA-200801-12 31393 28955 28674 28636 28507 28489 28384 http://bugs.gentoo.org/show_bug.cgi?id=205197 http://aluigi.altervista.org/adv/xinermffhof-adv.txt Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. yassl-inputbufferoperator-bo(39431) yassl-processoldclienthello-bo(39429) ADV-2008-2780 ADV-2008-0560 31681 27140 20080104 Pre-auth buffer-overflow in mySQL through yaSSL 20080104 Multiple vulnerabilities in yaSSL 1.7.5 MDVSA-2008:150 http://support.apple.com/kb/HT3216 32222 28324 APPLE-SA-2008-10-09 USN-588-1 DSA-1478 3531 29443 28597 28419 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://bugs.mysql.com/33814 yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. yassl-hashwithtransformupdate-dos(39433) ADV-2008-2780 ADV-2008-0560 31681 27140 20080104 Multiple vulnerabilities in yaSSL 1.7.5 MDVSA-2008:150 http://support.apple.com/kb/HT3216 32222 28324 APPLE-SA-2008-10-09 USN-588-1 DSA-1478 3531 29443 28597 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://bugs.mysql.com/33814 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. linksys-apply-csrf(39502) 20080107 Linksys WRT54 GL - Session riding (CSRF) 28364 20080115 Re: Linksys WRT54 GL - Session riding (CSRF) 3534 The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. 1019162 27183 20080108 Level-One WBR-3460A Grants Root Access 3533 28397 PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter. osdate-php121db-file-include(39567) 27208 http://packetstormsecurity.org/0801-exploits/osdata-lfi.txt 4870 28420 Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. tunedstudiostemplates-index-file-include(39555) 27196 20080109 LFI in Tuned Studios Templates 4876 3532 Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php. zerocms-index-sql-injection(39530) 27186 http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt 4864 Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt 4864 Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. VU#112179 APPLE-SA-2008-07-10 quicktime-rtsp-responses-bo(39601) ADV-2008-2064 ADV-2008-0107 1019178 27225 20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080110 Buffer-overflow in Quicktime Player 7.3.1.70 4906 4885 3537 31034 28423 APPLE-SA-2008-02-06 The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. microsoft-vfpoleserver-command-execution(39559) 27199 http://shinnai.altervista.org/exploits/txt/TXT_rNowA1916DKFNUF48NyS.html 4875 28417 An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. microsoft-foxserver-command-execution(39558) 27205 http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html 4873 28417 The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. microsoft-richtextbox-file-overwrite(39557) 27201 http://shinnai.altervista.org/exploits/txt/TXT_DZVN8CwCha0I2fI3NeEs.html 4874 Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Please see the following link for more information regarding the exploit: http://aluigi.altervista.org/adv/xinermffhof-adv.txt USN-635-1 31393 28384 MDVSA-2008:045 MDVSA-2008:020 GLSA-200801-12 28955 28674 http://bugs.gentoo.org/show_bug.cgi?id=205197 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager http://www.procheckup.com/Vulnerability_PR07-08.php http://www.procheckup.com/Vulnerability_PR07-07.php http://www.procheckup.com/Vulnerability_PR07-06.php sun-identity-main-xss(39583) sun-identity-resultsform-xss(39582) sun-identity-lang-xss(39581) sun-identity-login-xss(39580) ADV-2008-0089 27214 http://www.procheckup.com/Vulnerability_PR07-09.php 103180 28356 1019175 200558 3535 /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." http://www.procheckup.com/Vulnerability_PR07-10.php sun-identity-index-frame-injection(39586) ADV-2008-0089 27214 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager 103180 28356 200558 3535 Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. http://www.procheckup.com/Vulnerability_PR07-12.php 200558 103180 sun-identity-login-security-bypass(39590) ADV-2008-0089 27214 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager 3535 28356 Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. ADV-2008-0131 103165 solaris-libdevinfo-privilege-escalation(39629) 1019187 27253 200641 28493 oval:org.mitre.oval:def:5211 Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. lotus-domino-unspecified-dos(39588) ADV-2008-0086 27215 http://www-1.ibm.com/support/docview.wss?uid=swg27011539 28411 SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. maxdb-system-command-execution(39573) ADV-2008-0104 1019171 27206 20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 4877 28409 http://aluigi.altervista.org/adv/sapone-adv.txt 3536 admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. uploadimage-admin-command-execution(39571) 27203 4871 admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. uploadscript-admin-command-execution(39570) 27203 4871 Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. 27235 http://www-1.ibm.com/support/docview.wss?uid=swg21291536 28440 ibm-tsmexpressserver-bo(39604) http://www.zerodayinitiative.com/advisories/ZDI-08-001.html ADV-2008-0106 1019182 20080114 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method. streamaudio-chaincastproxymanager-bo(39622) ADV-2008-0133 27247 4894 20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow 28461 PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. phpwebquest-backup-information-disclosure(39572) 27202 4872 Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. 27250 4892 http://shinnai.altervista.org/exploits/txt/TXT_PoEOrFM8py30PXrDF7IY.html visualinterdev-sln-project-bo(41826) 28482 Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. vbgallery-unspecified-code-execution(39621) http://www.photopost.com/forum/showthread.php?t=134910 http://www.photopost.com/forum/showthread.php?t=134909 28430 Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. http://www.cherrypy.org/changeset/1775 http://www.cherrypy.org/changeset/1774 FEDORA-2008-0333 FEDORA-2008-0299 https://bugs.gentoo.org/show_bug.cgi?id=204829 ADV-2008-0039 http://www.cherrypy.org/ticket/744 http://www.cherrypy.org/changeset/1776 28354 28353 https://issues.rpath.com/browse/RPL-2127 27181 20080124 rPSA-2008-0030-1 CherryPy DSA-1481 GLSA-200801-11 28769 28620 28611 SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. 27264 4904 binnsbuilder-fulltext-sql-injection(39634) 20080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. 27263 4901 28446 tutorialcms-activate-sql-injection(39642) SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. igamingcms-archive-sql-injection(39598) 27230 4886 28426 Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. 27262 4900 28447 aspphotogallery-multiple-sql-injection(39646) Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 28465 dansiesearchengine-search-xss(39636) 27269 Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. 27268 http://sourceforge.net/project/shownotes.php?release_id=568237&group_id=103505 28474 http://sourceforge.net/tracker/index.php?func=detail&aid=1204199&group_id=103505&atid=634992 phprunningmanagement-index-xss(39639) Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. 27265 4902 28391 minimalgallery-mgthumbs-file-include(39649) minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. 4902 28391 Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. 27239 28392 http://forum.mambo-foundation.org/showthread.php?t=9651 mambo-search-dos(39613) SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. agares-articleblock-sql-injection(39641) 27258 4905 4898 The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. ADV-2008-0108 1019177 1019176 27222 http://www.ingate.com/relnote-461.php 28394 40365 Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. http://drupal.org/node/209759 ADV-2008-0129 28478 drupal-metatags-code-execution(39638) Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. f5bigip-searchstring-xss(39632) ADV-2008-0181 1019190 27272 20080114 F5 BIG-IP Web Management List Search XSS 28505 3545 Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. eticket-admin-csrf(39490) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 28331 3542 Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. eticket-search-sql-injection(39489) eticket-admin-sql-injection(39487) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 28331 3542 Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. eticket-view-xss(39488) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 3542 28331 Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. 103188 ADV-2008-0130 solaris-dotoprocs-dos(39631) 1019186 27260 201513 28491 oval:org.mitre.oval:def:5400 SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. 4899 taskfreak-index-sql-injection(39645) 27257 28448 The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. 28418 http://drupal.org/node/208534 drupal-bueditor-csrf(39614) ADV-2008-0128 Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. 27238 drupal-aggregator-csrf(39617) ADV-2008-0134 ADV-2008-0127 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 28422 http://drupal.org/node/208562 Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. 27238 28422 drupal-utf8-xss(39619) ADV-2008-0134 ADV-2008-0127 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 http://drupal.org/node/208564 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. 27238 28422 drupal-theme-xss(39605) ADV-2008-0134 ADV-2008-0127 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 http://drupal.org/node/208565 The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. drupal-atom-security-bypass(39607) http://drupal.org/node/208527 Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. drupal-devel-variable-xss(39606) http://drupal.org/node/208524 Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. drupal-fileshare-code-execution(39609) http://drupal.org/node/208537 SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. x7chatday-sql-injection(39656) 27277 4907 28503 SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected. xforum-liretopic-sql-injection(39654) 27278 4908 SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. 27224 20080110 MTCMS <=2.0 SQL Injection Vulnerbility 4882 mtcms-a-sql-injection(39597) 3544 28428 SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. idcommerce-liste-sql-injection(39594) 27220 20080110 ID-Commerce Security Advisory - SLR-2007-001 20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC)) 20080110 ID-Commerce Security Advisory - SLR-2007-001 SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. domphp-inscription-sql-injection(39593) 27212 4880 28393 PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. 27226 4883 Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. simplemachinesforum-itemid-xss(39585) 27218 20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilities 3540 ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. http://ngircd.barton.de/doc/ChangeLog http://bugs.gentoo.org/show_bug.cgi?id=204834 http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h 27318 GLSA-200801-13 28673 28425 SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. 27286 20080115 Article DashBoard all version SQL Injection Vulnerability articledashboard-login-sql-injection(39657) 20080116 Re: Article DashBoard all version SQL Injection Vulnerability 3546 28495 PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. vcart-checkout-index-file-include(39616) 27231 4889 28424 Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. 27240 20080111 ImageAlbum Remote SQL Injection Vulnerabilities 4895 3548 PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." mas-viewfunc-file-include(39611) 27244 20080118 Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) 20080111 Member Area System (MAS) Remote File Include Vulnerability (view_func.php) 3547 Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. digitalhive-base-sql-injection(39602) 27232 4887 SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. 27281 4910 richstrongcms-showproduct-sql-injection(39668) 27310 20080116 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit 28449 Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dansiephotoalbum-photoalbum-xss(39664) 28501 Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. freeseat-cron-security-bypass(39648) http://sourceforge.net/project/shownotes.php?group_id=160239&release_id=568374 28459 Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. freeseat-seatlocking-security-bypass(39647) 27270 http://sourceforge.net/project/shownotes.php?release_id=568374&group_id=160239 28459 Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. ADV-2008-0105 27221 28383 oval:org.mitre.oval:def:14776 http://aluigi.altervista.org/adv/vlcxhof-adv.txt GLSA-200803-13 DSA-1543 29766 29284 Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. ADV-2008-0105 oval:org.mitre.oval:def:14597 http://aluigi.altervista.org/adv/vlcxhof-adv.txt GLSA-200803-13 DSA-1543 29766 29284 PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. photokorn-update3-information-disclosure(39652) 4897 KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. safari-khtml-webkit-dos(39635) 27261 20080112 Safari 2 Denial of Service http://www.s21sec.com/avisos/s21sec-039-en.txt 3549 common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. https://bugzilla.redhat.com/show_bug.cgi?id=428727 http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 FEDORA-2008-0722 FEDORA-2008-0644 paramiko-randompool-info-disclosure(39749) 27307 GLSA-200803-07 29168 28510 28488 mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. 28195 mapbender-mapfilter-code-execution(41131) mapbender-mapfiler-code-execution(41131) http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php 5232 29329 Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors. mapbender-gaz-sql-injection(41139) 28193 20080311 Advisory: SQL-Injections in Mapbender http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php 5233 3728 29329 20080311 Advisory: SQL-Injections in Mapbender Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog http://git.madism.org/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32 USN-572-1 27331 DSA-1465 28574 28513 The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. VU#568073 http://www.usa.canon.com/html/security/pdf/CVA-001.pdf 28042 JVNDB-2008-000013 JVN#10056705 http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack 1019528 Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. VU#661651 28012 ADV-2008-2091 http://www.mozilla.org/security/announce/2008/mfsa2008-12.html GLSA-200805-18 DSA-1697 DSA-1621 239546 1019504 33433 31253 31043 29133 oval:org.mitre.oval:def:11075 20080226 Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability FEDORA-2008-2118 FEDORA-2008-2060 USN-582-2 USN-582-1 MDVSA-2008:062 SSA:2008-061-01 30327 29211 29167 29098 sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings. maxdb-sdbstarter-privilege-escalation(41104) ADV-2008-0844 1019570 28185 29312 20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption. maxdb-vserver-code-execution(41107) ADV-2008-0844 1019571 28183 29312 20080310 SAP MaxDB Signedness Error Heap Corruption Vulnerability Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). ADV-2008-0680 http://www.symantec.com/avcenter/security/Content/2008.02.27.html 1019503 27911 29140 20080226 Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). ADV-2008-0680 http://www.symantec.com/avcenter/security/Content/2008.02.27.html 1019503 27913 29140 20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST. http://www.sco.com/support/update/download/release.php?rid=324 sco-unixware-pkgadd-directory-traversal(41759) 1019787 5355 29657 20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability SCOSA-2008.1 Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request. ADV-2008-1100 28602 1019786 29631 20080402 Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability starteam-pgmwebhandlerparserequest-bo(41647) Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. 1019753 1019752 1019751 28507 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html 29660 symantec-autofixtool-bo(41629) ADV-2008-1077 20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. 28509 29660 symantec-autofixtool-code-execution(41631) ADV-2008-1077 1019753 1019752 1019751 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html 20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. TA08-260A VU#858595 ADV-2008-2584 ADV-2008-1227 http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html GLSA-200805-19 31882 31576 APPLE-SA-2008-09-15 20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876 FEDORA-2008-3900 FEDORA-2008-3420 FEDORA-2008-3358 clamav-spin-bo(41823) 1019851 28784 MDVSA-2008:088 DSA-1549 http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog 30328 30253 29975 29891 29886 29863 SUSE-SA:2008:024 http://kolab.org/security/kolab-vendor-notice-20.txt Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. http://sourceforge.net/project/shownotes.php?release_id=575703 FEDORA-2008-1625 FEDORA-2008-1608 ADV-2008-0924 ADV-2008-0606 ADV-2008-0503 27751 MDVSA-2008:088 DSA-1497 http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html 1019394 GLSA-200802-09 29420 29060 29048 29026 29001 28949 28913 28907 SUSE-SR:2008:004 APPLE-SA-2008-03-18 20080212 ClamAV libclamav PE File Integer Overflow Vulnerability http://kolab.org/security/kolab-vendor-notice-19.txt http://docs.info.apple.com/article.html?artnum=307562 http://bugs.gentoo.org/show_bug.cgi?id=209915 Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream. FEDORA-2008-3251 openoffice-ole-bo(41860) ADV-2008-1375 ADV-2008-1253 USN-609-1 1019890 28819 RHSA-2008:0176 RHSA-2008:0175 http://www.openoffice.org/security/cves/CVE-2008-0320.html http://www.openoffice.org/security/cves/CVE-2007-5745.html http://www.openoffice.org/security/cves/CVE-2007-4770.html http://www.openoffice.org/security/bulletin.html SUSE-SA:2008:023 MDVSA-2008:095 MDVSA-2008:090 DSA-1547 231642 GLSA-200805-16 30179 30100 29987 29913 29910 29871 29864 29852 29844 oval:org.mitre.oval:def:10318 20080417 Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer. 29171 30203 20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability win-i2omgmt-code-execution(42358) ADV-2008-1476 1020006 Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. cisco-vpnclient-cvpndrva-dos(39694) ADV-2008-0170 27289 4911 1019240 28472 SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. 27302 4916 fascriptfapersian-show-sql-injection(39716) 28522 SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. 27302 4917 fascriptfapersianhack-show-sql-injection(39717) 28565 SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 27302 4914 40330 fascriptfamp3-show-sql-injection(39714) 28566 SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 27303 4915 fascriptfaname-page-sql-injection(39715) 28528 LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. lulieblog-admin-security-bypass(39669) 27290 4912 28432 Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. osc-radiator-unspecified-dos(40664) radiator-radius-dos(39730) ADV-2008-0598 27306 http://www.open.com.au/radiator/history.html 28463 Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf 28085 42782 x2300-dns-dos(39731) 27314 Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. 4920 aria-effect-file-include(39712) 27311 20080116 [DSECRG-08-002] Local File Include in arias 0.99-6 Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. 4921 mailbeewebmail-download-directory-traversal(39724) 27312 28521 Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. 27282 http://packetstormsecurity.org/0801-exploits/pMachinePro-241-xss.txt Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. http://sourceforge.net/project/shownotes.php?release_id=568160 bugtrackernet-bug-xss(39650) 27275 http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837 28481 Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160 bugtrackernet-http-csrf(39651) http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837 28481 Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. ADV-2008-0176 4923 http://www.bugtraq.ir/adv/miniweb_english.pdf 28512 miniweb-mwprocessreadsocket-bo(39718) 27319 Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. ADV-2008-0176 4923 http://www.bugtraq.ir/adv/miniweb_english.pdf 28512 miniweb-mwgetlocal-directory-traversal(39713) 27319 Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. TA08-017A SSRT061201 ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 HPSBMA02133 28556 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. TA08-017A SSRT061201 ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 HPSBMA02133 28556 Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 40294 HPSBMA02133 HPSBMA02133 28556 Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 20080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPU http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28556 28518 SSRT061201 HPSBMA02133 Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. TA08-017A ADV-2008-0180 ADV-2008-0150 27229 http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html 1019218 28518 SSRT061201 HPSBMA02133 28556 admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. 28427 27227 4884 http://evilsentinel.altervista.org/forum/index.php?topic=49.0 admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. 27227 4884 The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). linux-kernel-ipv6-jumbogram-dos(39643) 4893 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 http://bugzilla.kernel.org/show_bug.cgi?id=8450 SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information. phpresidence-visualizza-sql-injection(39739) 27320 4925 28516 Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. ADV-2008-0168 1019224 27316 http://www-1.ibm.com/support/docview.wss?uid=swg21292938 27942 sametime-client-mouseover-xss(39726) SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. 27326 4929 phpechocms-index-sql-injection(39741) Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. VU#412228 http://support.citrix.com/article/CTX114487 http://zerodayinitiative.com/advisories/ZDI-08-002.html ADV-2008-0172 28508 1019231 27329 20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. 27327 4930 28504 minifilehost-uploadphp-file-include(39799) SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. http://www.pixelpost.org/forum/showthread.php?t=7716 27242 4924 28499 pixelpost-indexphp-sql-injection(39721) 1019238 Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/. 27317 blogcms-index-xss(39710) 28523 4919 20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities http://blogcms.com/wiki/changelog Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. 27317 28523 4919 20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities http://blogcms.com/wiki/changelog Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter. 27324 20080116 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit 4926 28520 gradman-agregarinfo-file-include(39732) 3552 Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter. 20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities clevercopy-gallery-xss(39747) 27335 3553 28560 Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. 20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities clevercopy-postcomment-sql-injection(39746) 27335 3553 28560 Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier. 27321 utorrent-peers-bo(39720) bittorrent-peers-bo(39719) 20080116 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt http://aluigi.org/poc/ruttorrent.zip http://aluigi.altervista.org/adv/ruttorrent-adv.txt 3554 28537 28533 http://forum.utorrent.com/viewtopic.php?id=29330 Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module. ADV-2008-0242 27341 20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow http://www.coresecurity.com/?action=item&id=2025 coreforce-firewall-registry-bo(39758) 1019245 3555 http://force.coresecurity.com/index.php?module=articles&func=display&aid=32 CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. 27341 http://www.coresecurity.com/?action=item&id=2025 ADV-2008-0242 20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow 1019245 3555 http://force.coresecurity.com/index.php?module=articles&func=display&aid=32 Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. https://bugzilla.mozilla.org/show_bug.cgi?id=244273 27111 20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication 20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/ http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. ibm-ids-onedcu-sqlidebug-unspecified(39751) ADV-2008-0169 1019237 27328 http://www-1.ibm.com/support/docview.wss?uid=swg27011556 IC54307 28534 20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. ibm-ids-sqlidebug-unspecified(40009) ibm-ids-onedcu-sqlidebug-unspecified(39751) ADV-2008-0169 1019237 27328 http://www-1.ibm.com/support/docview.wss?uid=swg27011556 IC54309 28534 20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. 27308 20080116 cPanel Hosting Manager (dohtaccess.html) 28561 http://aria-security.net/forum/showthread.php?p=1238 3561 Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. alitalk-index-sql-injection(39745) alitalk-usercp-sql-injection(39736) alitalk-adminindex-sql-injection(39735) alitalk-receivertwo-sql-injection(39733) 27315 4922 28515 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. r3000-urlfilter-security-bypass(39723) 27309 20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split 20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split 28524 3557 Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. max-index-file-upload(39740) 27285 20080115 Max's File Uploader File Upload Vulnerability 3572 OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. 27339 20080117 [CSNC] OKI C5510MFP Printer Password Disclosure http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html 28553 c5510mfp-configuration-info-disclosure(39775) 3569 Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. 27339 20080117 [CSNC] OKI C5510MFP Printer Password Disclosure http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html 28553 c5510mfp-password-security-bypass(39776) 3569 PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. 27345 4937 smallaxeweblog-linkbar-file-include(39765) 28568 MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. micronews-admin-authentication-bypass(39702) 27288 20080115 MicroNews Admin Direct Access vulnerability 3556 Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname. 27357 20080118 SocksCap Stack Overflow (<= 2.40-051231) sockscap-hostname-bo(39781) 3560 Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. crystalreports-enterprisetree-bo(39743) 1019239 27333 4931 Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. ADV-2008-0182 27337 4932 28492 Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. https://eduforge.org/frs/shownotes.php?release_id=342 27348 28484 Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. 27322 20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 4928 4927 28509 3559 Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. 27323 mybb-usergroups-sql-injection(39729) mybb-moderationphp-sql-injection(39728) http://www.waraxe.us/advisory-62.html 20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 28509 http://community.mybboard.net/showthread.php?tid=27227 3558 OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked. 1019188 27252 [4.2] 20080111 005: RELIABILITY FIX: January 11, 2008 4935 28473 [openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO. 28032 20080228 Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385) http://www.csnc.ch/misc/files/advisories/CVE-2008-0385.txt 3707 29162 Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. https://bugzilla.redhat.com/show_bug.cgi?id=429513 ADV-2008-0342 1019284 27528 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?view=log http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open.in?r1=1.17&r2=1.18 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25 GLSA-200801-21 28728 28638 http://bugs.gentoo.org/show_bug.cgi?id=207331 MDVSA-2008:031 29048 SUSE-SR:2008:004 Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. http://www.coresecurity.com/?action=item&id=2095 27403 20080128 CORE-2007-1219: Firebird Remote Memory Corruption http://tracker.firebirdsql.org/browse/CORE-1681 firebird-xdrprotocol-integer-overflow(39996) DSA-1529 http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 3580 GLSA-200803-02 29501 29203 SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. wpforum-index-sql-injection(39800) ADV-2008-0235 27362 4939 28567 52211 20080216 WordPress forumaction (PAGE_id)(user)SQL Injectio http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/ Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. 27371 http://www-1.ibm.com/support/docview.wss?uid=swg24018067 websphere-serveservlets-unspecified(39808) ADV-2008-1133 ADV-2008-0219 1019894 1019251 http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118 PK52059 29687 28576 stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php. 27342 4933 auracms-stat-code-execution(39777) inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. 27315 4922 Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. visualbasic-enterprise-dsr-bo(39773) ADV-2008-0195 27349 4938 1019258 28563 Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. gradman-info-file-include(39768) 27343 4936 28520 Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. citadel-makeuserkey-bo(39807) ADV-2008-0252 http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz 4949 28590 1019255 27376 Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. http://www.waraxe.us/advisory-63.html 20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 28613 3573 Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. bitdefender-http-server-directory-traversal(39802) ADV-2008-0213 27358 20080119 BitDefender Update Server - Unauthorized Remote File Access Vulnerability http://www.oliverkarow.de/research/bitdefender.txt 28578 http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/ 3568 Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php. ADV-2008-0255 27398 4958 28594 Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. ADV-2008-0255 27398 4958 28594 Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods. toshiba-recordsend-bo(39792) ADV-2008-0214 27360 4946 28557 http://retrogod.altervista.org/rgod_toshiba_control.html Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php. ADV-2008-0234 27382 http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt 28573 Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp. VU#158609 http://www-1.ibm.com/support/docview.wss?uid=swg24018010 tivoli-provisioning-http-unspecified(39819) ADV-2008-0239 1019249 27387 28604 20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. http://www-1.ibm.com/support/docview.wss?uid=swg24018061 http://www-1.ibm.com/support/docview.wss?uid=swg24018060 websphere-repository-weak-security(39830) ADV-2008-0254 1019252 27389 JR28175 28586 The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. belkin-savecfgfile-authentication-bypass(39793) ADV-2008-0215 27359 20080119 Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability 4941 3566 28554 Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. 27367 http://sourceforge.net/project/shownotes.php?release_id=569765 FEDORA-2008-0856 FEDORA-2008-0796 https://bugzilla.redhat.com/show_bug.cgi?id=429552 mantis-mostactive-xss(39801) ADV-2008-0232 28591 28577 Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. hfs-unspecified-command-execution(39873) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities http://www.rejetto.com/hfs/?f=wn 28631 3581 HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. hfs-filename-dos(39875) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities http://www.rejetto.com/hfs/?f=wn 28631 3581 HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. hfs-username-spoofing(39877) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability http://www.rejetto.com/hfs/?f=wn 28631 3582 HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. hfs-unspecified-log-injection(39876) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability http://www.rejetto.com/hfs/?f=wn 28631 3582 Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. hfs-host-xss(39870) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities http://www.rejetto.com/hfs/?f=wn 28631 3583 HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. hfs-sendhfsidentifier-info-disclosure(39871) http://www.syhunt.com/advisories/hfshack.txt 27423 20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities http://www.rejetto.com/hfs/?f=wn 28631 3583 Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. DSA-1510 FEDORA-2008-1998 https://issues.rpath.com/browse/RPL-2217 ADV-2008-0693 USN-599-1 1019511 28017 20080228 Ghostscript buffer overflow 20080228 rPSA-2008-0082-1 espgs RHSA-2008:0155 MDVSA-2008:055 GLSA-200803-14 http://wiki.rpath.com/Advisories:rPSA-2008-0082 SSA:2008-062-01 29768 29314 29196 29169 29154 29147 29135 29112 29103 29101 http://scary.beasts.org/security/CESA-2008-001.html oval:org.mitre.oval:def:9557 SUSE-SA:2008:010 The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290 ADV-2008-2091 ADV-2008-1793 ADV-2008-0627 ADV-2008-0454 ADV-2008-0453 USN-576-1 1019320 27683 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0105 RHSA-2008:0104 RHSA-2008:0103 http://www.mozilla.org/security/announce/2008/mfsa2008-01.html MDVSA-2008:048 GLSA-200805-18 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/Advisories:rPSA-2008-0051 239546 238492 31043 30620 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28818 28815 28808 28766 28758 28754 oval:org.mitre.oval:def:10573 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ FEDORA-2008-2118 FEDORA-2008-2060 https://issues.rpath.com/browse/RPL-1995 USN-582-2 USN-582-1 20080229 rPSA-2008-0093-1 thunderbird MDVSA-2008:062 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html SSA:2008-061-01 30327 29567 29211 29167 29164 29098 The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. FEDORA-2008-2118 FEDORA-2008-2060 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 https://issues.rpath.com/browse/RPL-1995 https://bugzilla.mozilla.org/buglist.cgi?bug_id=407720,390597,373344,398085,406572,391028,406036,402087 ADV-2008-2091 ADV-2008-1793 ADV-2008-0627 ADV-2008-0454 ADV-2008-0453 USN-582-1 USN-576-1 1019321 27683 20080229 rPSA-2008-0093-1 thunderbird 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0105 RHSA-2008:0104 RHSA-2008:0103 http://www.mozilla.org/security/announce/2008/mfsa2008-01.html MDVSA-2008:062 MDVSA-2008:048 GLSA-200805-18 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0051 239546 238492 SSA:2008-061-01 31043 30620 29167 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28818 28815 28808 28766 28758 28754 oval:org.mitre.oval:def:10385 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ USN-582-2 30327 29211 29164 29098 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." https://bugzilla.mozilla.org/buglist.cgi?bug_id=404451,408034,404391,405299 ADV-2008-1793 ADV-2008-0627 ADV-2008-0453 http://www.mozilla.org/security/announce/2008/mfsa2008-02.html GLSA-200805-18 238492 30620 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 USN-576-1 1019330 27683 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox MDVSA-2008:048 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html 30327 29567 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28815 28758 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597 ADV-2008-2091 ADV-2008-1793 ADV-2008-0627 ADV-2008-0454 ADV-2008-0453 http://www.mozilla.org/security/announce/2008/mfsa2008-03.html GLSA-200805-18 239546 238492 31043 30620 oval:org.mitre.oval:def:9897 FEDORA-2008-2118 FEDORA-2008-2060 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 https://issues.rpath.com/browse/RPL-1995 USN-582-2 USN-582-1 USN-576-1 1019327 27683 20080229 rPSA-2008-0093-1 thunderbird 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0105 RHSA-2008:0104 RHSA-2008:0103 MDVSA-2008:062 MDVSA-2008:048 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html SSA:2008-061-01 30327 29567 29211 29167 29164 29098 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28818 28815 28808 28766 28758 28754 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. TA08-087A https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161 firefox-character-encoding-xss(40488) ADV-2008-2091 ADV-2008-1793 USN-576-1 USN-592-1 TLSA-2008-9 29303 http://www.mozilla.org/security/announce/2008/mfsa2008-13.html GLSA-200805-18 DSA-1489 DSA-1485 DSA-1484 239546 238492 31043 30620 30327 29541 28879 28865 28864 28839 JVNDB-2008-000021 JVN#21563357 CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. https://bugzilla.mozilla.org/show_bug.cgi?id=394610 ADV-2008-1793 ADV-2008-0627 ADV-2008-0453 http://www.mozilla.org/security/announce/2008/mfsa2008-04.html GLSA-200805-18 238492 30620 oval:org.mitre.oval:def:11154 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 USN-576-1 1019334 27683 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0104 RHSA-2008:0103 MDVSA-2008:048 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html 30327 29567 29086 28958 28939 28924 28879 28877 28865 28864 28839 28818 28766 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. VU#309608 ADV-2008-2091 ADV-2008-1793 ADV-2008-0627 ADV-2008-0454 ADV-2008-0453 ADV-2008-0263 http://www.mozilla.org/security/announce/2008/mfsa2008-05.html http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/ GLSA-200805-18 239546 238492 31043 30620 oval:org.mitre.oval:def:10705 FEDORA-2008-2118 FEDORA-2008-2060 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 https://issues.rpath.com/browse/RPL-1995 USN-582-2 USN-582-1 USN-576-1 1019329 27406 20080229 rPSA-2008-0093-1 thunderbird 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0105 RHSA-2008:0104 RHSA-2008:0103 MDVSA-2008:062 MDVSA-2008:048 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html SSA:2008-061-01 30327 29567 29211 29167 29164 29098 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28818 28815 28808 28766 28754 28622 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. VU#879056 FEDORA-2008-2118 FEDORA-2008-2060 FEDORA-2008-1535 FEDORA-2008-1459 FEDORA-2008-1435 https://issues.rpath.com/browse/RPL-1995 https://bugzilla.mozilla.org/show_bug.cgi?id=400556 ADV-2008-1793 ADV-2008-0627 ADV-2008-0453 USN-576-1 1019328 27683 20080229 rPSA-2008-0093-1 thunderbird 20080212 FLEA-2008-0001-1 firefox 20080209 rPSA-2008-0051-1 firefox RHSA-2008:0105 RHSA-2008:0104 RHSA-2008:0103 http://www.mozilla.org/security/announce/2008/mfsa2008-06.html MDVSA-2008:048 GLSA-200805-18 DSA-1506 DSA-1489 DSA-1485 DSA-1484 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0093 http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html 238492 30620 30327 29567 29167 29164 29086 29049 28958 28939 28924 28879 28877 28865 28864 28839 28818 28815 28808 28766 28758 28754 oval:org.mitre.oval:def:11652 SUSE-SA:2008:008 http://browser.netscape.com/releasenotes/ modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. FEDORA-2008-2118 FEDORA-2008-2060 https://bugzilla.mozilla.org/show_bug.cgi?id=408076 firefox-bmp-dos(40606) firefox-bmp-information-disclosure(40491) ADV-2008-1793 ADV-2008-0627 USN-576-1 USN-582-2 USN-582-1 27826 20080216 [HISPASEC] FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak, FireFox 2.0.0.11 Remote Denial of Service http://www.mozilla.org/security/announce/2008/mfsa2008-07.html MDVSA-2008:048 GLSA-200805-18 238492 1019434 30620 30327 29167 29098 29049 28839 28758 oval:org.mitre.oval:def:10119 http://browser.netscape.com/releasenotes/ SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ADV-2008-0227 32379 27369 20081120 boastMachine v3.1 Remote Sql Injection boastmachine-mail-sql-injection(39813) 3563 Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/. ADV-2008-0230 27380 28442 lamasoftware-myconf-file-include(39821) SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. ADV-2008-0226 27377 4951 mooseguy-blog-sql-injection(39816) Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. frimousse-explorerdir-directory-traversal(39797) ADV-2008-0216 27385 4943 Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. 27386 pacercms-submit-xss(39832) 20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL) 28605 http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/ Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. bloofoxcms-file-directory-traversal(39795) ADV-2008-0218 27361 28415 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code http://bugreport.ir/?/27 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure 4945 Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. bloofoxcms-index-sql-injection(39794) ADV-2008-0218 27361 28415 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code http://bugreport.ir/?/27 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure 4945 SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. ADV-2008-0231 27381 6401 4956 28581 alstrasoft-indexphp-sql-injection(39820) SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. 360web-form-sql-injection(39796) ADV-2008-0217 27364 4944 Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. ADV-2008-0229 27379 4954 28436 idmos-download-directory-traversal(39823) Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. phpautovideo-index-xss(39771) ADV-2008-0225 27346 20080118 Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities 28580 3567 PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. phpautovideo-sidebar-file-include(39770) ADV-2008-0225 27346 20080118 Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities 28580 3567 Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. axigen-aximilter-format-string(39803) ADV-2008-0237 27363 20080120 AXIGEN 5.0.x AXIMilter Format String Exploit 4947 28562 20080120 AXIGEN 5.0.x AXIMilter Format String Exploit 3570 Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. ADV-2008-0228 27375 4953 28582 ozjournals-id-directory-traversal(39815) Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. 27368 20080120 MegaBBS ASP Forum Cross-Site Scripting megabbs-upload-xss(39812) 3565 Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. ADV-2008-0236 27384 28595 20080122 HP Virtual Rooms WebHPVCInstall Control Multiple Buffer Overflows hpvirtualrooms-hpvirtualrooms14-activex-bo(39836) 4959 Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf. 27394 20080205 Re: PR07-38: XSS on sIFR 20080122 PR07-38: XSS on sIFR http://www.procheckup.com/Vulnerability_PR07-38.php 41006 sifr-fontname-xss(39835) 20080122 Re: PR07-38: XSS on sIFR 3571 http://novemberborn.net/sifr/2.0.3 Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. 20080122 DeluxeBB 1.1 XSS Vulnerabilitie deluxbb-attachmentsheader-xss(39829) 27401 3564 AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. 4956 IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. tbsm-reconfig-information-disclosure(39822) ADV-2008-0240 1019250 27388 http://www-1.ibm.com/support/docview.wss?uid=swg24017939 28603 PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27383 28568 Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. ADV-2008-0253 27411 4967 28599 lycosfileuploader-fileuploader-activex-bo(39849) Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. 27399 elog-subtext-xss(39828) ADV-2008-0265 28589 41681 http://midas.psi.ch/elog/download/ChangeLog The replace_inline_img function in elogd in Electronic Logbook (ELOG) before 2.7.1 allows remote attackers to cause a denial of service (infinite loop) via crafted logbook entries. NOTE: some of these details are obtained from third party information. 27399 elog-elogd-logbook-dos(39824) ADV-2008-0265 28589 SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. 4969 lulieblog-voircom-sql-injection(39854) 27416 SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. 4968 foojanwms-index-sql-injection(39855) 27415 PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. phpsearch-classhttpretriever-file-include(39805) 20080120 Php Search Remote Inclusion SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27347 vpasp-paypalresult-sql-injection(39811) Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/. 20080121 BLOG:CMS 4.2.1.c (DIR_PLUGINS) Multiple Remote File Include 3576 Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. 27397 http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/ pacercms-articleedit-sql-injection(39833) 20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL) 3574 Directory traversal vulnerability in articles.php in Siteman 1.1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the cat parameter in a viewart action. 4973 27422 SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. easysitenetworkrecipe-list-sql-injection(39853) 27405 4960 Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Title field of a (1) Dailymotion and possibly (2) Metacafe movie in the Skype video gallery, accessible through a search within the "Add video to chat" dialog, aka "videomood XSS." VU#248184 skype-addvideotochat-code-execution(39754) ADV-2008-0194 27338 20080117 RE: Skype videomood XSS http://www.gnucitizen.org/blog/vulnerabilities-in-skype http://www.critical.lt/?opinions/show/1470 http://skype.com/security/skype-sb-2008-001.html http://skype.com/security/skype-sb-2008-001-update1.html http://share.skype.com/sites/security/2008/01/skype_cross_zone_scripting_vul.html http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx 20080117 Re: Skype videomood XSS 20080117 Skype videomood XSS Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. 27409 20080122 Apache mod_negotiation Xss and Http Response Splitting http://www.mindedsecurity.com/MSA01150108.html 1019256 51607 RHSA-2013:0130 RHSA-2012:1594 RHSA-2012:1592 RHSA-2012:1591 apache-modnegotiation-xss(39867) 3575 GLSA-200803-19 29348 CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. TA09-133A apache-modnegotiation-response-splitting(39893) ADV-2009-1297 27409 20080122 Apache mod_negotiation Xss and Http Response Splitting http://www.mindedsecurity.com/MSA01150108.html http://support.apple.com/kb/HT3549 1019256 3575 GLSA-200803-19 35074 29348 RHSA-2013:0130 APPLE-SA-2009-05-12 Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors. http://www.symantec.com/avcenter/security/Content/2008.02.04.html http://seer.entsupport.symantec.com/docs/297171.htm http://www.zerodayinitiative.com/advisories/ZDI-08-003.html ADV-2008-0413 1019303 27487 20080206 ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability 5078 28787 Directory traversal vulnerability in function/sources.php in SLAED CMS 2.5 Lite allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newlang parameter to index.php. ADV-2008-0308 27426 4975 slaedcms-index-file-include(39897) Directory traversal vulnerability in update/index.php in Liquid-Silver CMS 0.35, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the update parameter. ADV-2008-0309 27425 4976 28619 liquidsilvercms-index-file-include(39895) Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ADV-2008-0280 28629 [MediaWiki-announce] 20080124 MediaWiki 1.11.1, 1.10.3, 1.9.5 released FEDORA-2008-2288 FEDORA-2008-2245 mediawiki-api-xss(39901) 28137 29266 SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. ADV-2008-0264 27408 4965 28624 phpnuke-index-search-sql-injection(39850) Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. http://drupal.org/node/213478 ADV-2008-0278 27436 28632 drupal-archive-unspecified-xss(39898) Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. http://drupal.org/node/213473 ADV-2008-0279 28633 workflow-messages-xss(39896) 27444 Directory traversal vulnerability in archiv.cgi in absofort aconon Mail 2007 Enterprise SQL 11.7.0 and Mail 2004 Enterprise SQL 11.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter. ADV-2008-0310 27427 4977 28617 20080124 Directory Traversal Vulnerability in Aconon Mail http://burnachurch.com/67/directory-traversal-luecke-in-aconon-mail/ Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the files parameter. The vendor has released a patch for 0.6.3. A patch can be found at the following location: http://seagullproject.org/download/ seagullstable-optimizer-directory-traversal(39902) ADV-2008-0311 27437 4980 28646 http://seagullproject.org/publisher/articleview/action/view/frmArticleID/98/ 20080129 Seagull 0.6.3 Remote File Disclosure Vulnerability fixed Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability. http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp 27419 20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server 20080123 Web Wiz Forums Directory traversal 4971 4970 http://www.bugreport.ir/?/31 http://www.bugreport.ir/?/29 1019267 3584 Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. firebird-username-bo(39981) ADV-2008-0300 1019277 27467 http://tracker.firebirdsql.org/browse/CORE-1603 http://sourceforge.net/project/shownotes.php?release_id=570816&group_id=9028 http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 28596 DSA-1529 GLSA-200803-02 29501 29203 SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ADV-2008-0313 27448 4985 flinx-category-sql-injection(39930) SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. tigerphpnewssystem-catid-sql-injection(39908) ADV-2008-0312 27445 20080124 Tiger PHP News System SQL Injection 4984 28641 3587 A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method. comodo-antivirus-command-execution(39904) 27424 4974 Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action. 20080123 phpBB 2.0.22 Remote PM Delete XSRF Vulnerability 28630 DSA-1488 3585 28871 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589 Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action. wbb-modcp-csrf(39878) 20080123 Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability 28634 3586 RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to upload (1) .html and (2) .htm files via unspecified vectors. 1019267 27420 27419 20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server 4971 http://www.bugreport.ir/?/31 3584 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. manageengine-multiple-xss(39914) 27443 28332 ManageEngine Applications Manager 8.1 build 8100 allows remote attackers to obtain sensitive information ( Home->Summary) via an invalid URI, as demonstrated by the "/-" URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. manageengine-home-information-disclosure(39917) 27443 28332 ManageEngine Applications Manager 8.1 build 8100 does not check authentication for monitorType.do and unspecified other pages, which allows remote attackers to obtain sensitive information and change settings via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. manageengine-checks-security-bypass(39915) 27443 28332 Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX control in QMPUpgrade.dll 1.0.0.1 in Move Networks Upgrade Manager allows remote attackers to execute arbitrary code via a long first argument to the Upgrade method. NOTE: some of these details are obtained from third party information. movenetworks-qmpupgrade-bo(39913) ADV-2008-0274 27438 4979 28647 1019270 Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php. setcms-index-file-include(39864) 27407 4962 Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz NewsPad 1.02 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter. newspad-rte-directory-traversal(39863) http://www.webwizguide.com/webwiznewspad/kb/release_notes.asp 1019268 27419 20080123 Web Wiz NewsPad Directory traversal 4972 http://www.bugreport.ir/?/30 28416 3588 Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp. webwiz-rte-filebrowser-directory-traversal(39856) http://www.webwizguide.com/webwizforums/kb/release_notes.asp 1019266 27419 20080123 Web Wiz Forums Directory traversal 4970 http://www.bugreport.ir/?/29 28601 3589 Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter in a save action. editor-rte-directory-traversal(39868) http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp 27419 20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server 4971 http://www.bugreport.ir/?/31 1019267 28639 3584 Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. ADV-2008-0406 27499 20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference 1019299 http://www.mplayerhq.hu/design7/news.html MDVSA-2008:045 DSA-1496 http://www.coresecurity.com/?action=item&id=2102 3607 GLSA-200803-16 29307 28956 28955 28779 20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. FEDORA-2008-1581 FEDORA-2008-1543 https://bugzilla.redhat.com/show_bug.cgi?id=431541 ADV-2008-0421 ADV-2008-0406 USN-635-1 27441 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability http://www.mplayerhq.hu/design7/news.html MDVSA-2008:046 MDVSA-2008:045 DSA-1536 DSA-1496 http://www.coresecurity.com/?action=item&id=2103 http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735 3608 GLSA-200803-16 GLSA-200802-12 31393 29601 29323 29307 29141 28989 28956 28955 28918 28801 28779 SUSE-SR:2008:006 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability http://bugs.xine-project.org/show_bug.cgi?id=38 http://bugs.gentoo.org/show_bug.cgi?id=209106 Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information. aspired2protect-login-sql-injection(39989) 27474 20080126 ASPired2Protect bypass 28653 3598 Directory traversal vulnerability in tseekdir.cgi in VB Marketing allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the location parameter. vbmarketing-tseekdir-file-include(39970) 27475 20080128 VB Marketing "tseekdir.cgi" Local File Inclusion 3596 Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. clansphere-install-directory-traversal(39977) 27471 20080127 ClanSphere 2007.4.4 Remote File Disclosure Vulnerability. 3597 SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. wpcal-editevent-sql-injection(39966) ADV-2008-0348 27465 4992 28683 SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. fgallery-fimrss-sql-injection(39964) ADV-2008-0349 27464 4993 Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information. persits-xupload-bo(39967) ADV-2008-0315 27456 4987 28660 fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information. ADV-2008-0318 27479 4998 28688 irfanview-flashpix-bo(40012) Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in Endian Firewall 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the psearch parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27477 http://downloads.securityfocus.com/vulnerabilities/exploits/27477.html Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors. https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html ADV-2008-0638 ADV-2008-0323 27484 28667 hmc-pegasus-cim-dos(40021) http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 1019280 29056 Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 allows remote attackers to inject arbitrary web script or HTML via the limit parameter in a search action. ADV-2008-0332 20080129 AmpJuke-0.7.0 (index.php) Xss VuLn. juke-index-xss(40023) 27498 3594 28661 Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, which is not quoted when processing PHP_SELF. 20080129 [!!FIX Information ] Nucleus 3.31 XSS in path http://sourceforge.net/project/shownotes.php?group_id=66479&release_id=572117 ADV-2008-0369 27492 20080129 Nucleus 3.31 XSS in path http://www.nucleuscms.org/item/3047 3593 28680 SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php. bigwareshop-mainbigware-sql-injection(40010) ADV-2008-0351 27489 5002 28691 SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. 27483 http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300 ADV-2008-0316 28652 mambo-laithai-unspecified-sql-injection(40013) Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser. 27483 ADV-2008-0316 http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300 28652 mambo-laithai-multiple-unspecified(40014) Directory traversal vulnerability in phpMyClub 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page_courante parameter to the top-level URI. phpmyclub-pagecourante-file-include(40007) ADV-2008-0350 27480 5000 PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. connectixboards-templatepath-file-include(40040) ADV-2008-0363 27506 5012 28704 Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. ADV-2008-0352 27488 5003 28685 Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authen ticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. 27509 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://www.waraxe.us/advisory-66.html ADV-2008-0367 1019285 20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 28682 Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters. 27511 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://www.waraxe.us/advisory-66.html ADV-2008-0367 1019285 20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14 28682 include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php. 27512 http://coppermine-gallery.net/forum/index.php?topic=50103.0 http://www.waraxe.us/advisory-65.html ADV-2008-0367 1019286 20080130 [waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14 5019 28682 SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. ADV-2008-0364 27504 5013 28708 adserve-adclick-sql-injection(40045) Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting. http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10 http://g30rg3x.com/wp-files/dpm_11gx.zip permalinks-deanpmconfig-csrf(39845) ADV-2008-0281 20080122 XSRF under Dean&acirc;??s Permalinks Migration 1.0 3595 28593 http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh. ADV-2008-0324 27510 IZ13739 28600 oval:org.mitre.oval:def:5796 SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. newsletter-index-sql-injection(40036) ADV-2008-0354 27502 5007 SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. mamml-index-sql-injection(40037) ADV-2008-0356 27503 5009 SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. fq-index-sql-injection(40035) ADV-2008-0355 27501 5008 Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840. phpcms-parser-directory-traversal(40017) ADV-2008-0353 27495 20080129 Re: Remote File Disclosure in phpCMS 1.2.2 20080129 Remote File Disclosure in phpCMS 1.2.2 5006 28709 SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action. ADV-2008-0357 27505 5010 glossary-index-sql-injection(40038) SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. ADV-2008-0358 27507 5011 PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 28642 sqlitemanager-confirm-file-include(40065) 27515 SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. ADV-2008-0362 5016 estateagent-index-sql-injection(40060) 27520 SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. ADV-2008-0360 5014 recipes-index-sql-injection(40064) 27519 SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. ADV-2008-0361 5015 jokes-index-sql-injection(40067) 27522 Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php. Additional research found the following links: http://secunia.com/advisories/28702/ http://www.securityfocus.com/bid/27525 Additional research found the following link: http://downloads.wordpress.org/plugin/wassup.1.4.3a.zip http://www.wpwp.org/archives/warning-security-bug-in-version/ ADV-2008-0365 27525 5017 28702 Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545. bubbling-dispatcher-directory-traversal(40008) 27482 5001 Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ADV-2008-0368 http://www.hal9800.com/home/bug/20080129.html http://www.hal9800.com/home/bug/20080128.html http://www.hal9800.com/home/bug/20080127.html http://www.hal9800.com/home/bug/20080123.html 28692 JVN#01162446 27513 Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in SoftCart 5.1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) License_Plate, (2) License_State, (3) Ticket_Date, and (4) Ticket_Number parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 28675 softcart-softcart-xss(40061) 27524 Cross-site request forgery (CSRF) vulnerability in the management interface in multiple Yamaha RT series routers allows remote attackers to change password settings and probably other configuration settings as administrators via unspecified vectors. yamaha-routers-http-csrf(40015) 27491 http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN88575577.html 28690 JVN#88575577 PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. https://secure-support.novell.com/KanisaPlatform/Publishing/18/3908994_f.SAL_Public.html patchlinkupdate-reboottask-symlink(39958) patchlinkupdate-logtrimmer-symlink(39956) ADV-2008-0426 1019272 27458 20080125 Two vulnerabilities for PatchLink Update Client for Unix. http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527 3599 28665 28657 Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet. In order to download the patch, login is required 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-icmp-dos(40487) ADV-2008-0543 1019407 27774 28935 The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request. Patch download requires login 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-httpserver-dos(40489) ADV-2008-0543 1019408 27774 28935 Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data. Patch requires login 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-sipmime-bo(40492) ADV-2008-0543 1019409 27774 28935 Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. Patch requires login 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-telnet-bo(40493) ADV-2008-0543 1019410 27774 28935 Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. Patch requires login 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-dns-bo(40485) ADV-2008-0543 27774 28935 1019406 Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. Patch requires login 20080213 Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities cisco-unifiedipphone-sipproxy-bo(40498) ADV-2008-0543 1019411 27774 28935 Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors. 28222 20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities 29351 cisco-acs-ucp-csusercgi-bo(41154) ADV-2008-0868 20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt 1019608 3743 Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors. 20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities 29351 cisco-acs-ucp-csusercgi-xss(41156) ADV-2008-0868 28222 20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt 1019607 3743 The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device restart or daemon outage) via a high rate of login attempts, aka Bug ID CSCsi68582. VU#626979 20080521 Cisco Service Control Engine Denial of Service Vulnerabilities cisco-sce-sshlogin-dos(42565) ADV-2008-1774 ADV-2008-1604 29609 29316 http://www.icon-labs.com/news/read.asp?newsID=77 1020074 30590 30316 Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239. VU#626979 20080521 Cisco Service Control Engine Denial of Service Vulnerabilities cisco-sce-ssh-credentials-dos(42567) ADV-2008-1774 ADV-2008-1604 29609 29316 http://www.icon-labs.com/news/read.asp?newsID=77 1020074 30590 30316 Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563. VU#626979 20080521 Cisco Service Control Engine Denial of Service Vulnerabilities cisco-sce-managementagent-dos(42566) ADV-2008-1774 ADV-2008-1604 29609 29316 http://www.icon-labs.com/news/read.asp?newsID=77 1020074 30590 30316 Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. TA08-087B cisco-catalyst-sup-rsp-dos(41466) ADV-2008-1005 1019716 28463 20080326 Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 29559 Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information. ADV-2008-0346 27468 4990 28656 20080127 phpIP 4.3.2 - Numerous SQL Injection Vulnerablities phpip-display-sql-injection(39965) 20080127 phpIP 4.3.2 - Numerous SQL Injection Vulnerablities Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter. ADV-2008-0301 27462 20080126 F5 BIG-IP Web Management ASM Security Report XSS 28655 f5bigipwebmgmt-reprequest-xss(39979) 1019276 28151 20080308 F5 BIG-IP Web Management Console XSS 3602 Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 allow remote attackers to inject arbitrary web script or HTML via the query string to index.php in (1) user/ or (2) maint/. 27460 http://www.digitrustgroup.com/advisories/web-application-security-trixbox.html Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters. 27463 4989 simpleforum-forum-xss(39978) 28681 Directory traversal vulnerability in thumbnail.php in Gerd Tentler Simple Forum 3.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. simpleforum-thumbnail-directory-traversal(39980) 27463 4989 simpleforum-thumbnail-file-disclosure(39980) 28681 Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. predynamic-login-sql-injection(39942) 27451 20080124 Pre Dynamic Institution bypass 28651 3603 Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information. sdlimage-imgloadlbmrw-bo(39899) ADV-2008-0266 27435 http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?revision=3521&view=markup http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521 DSA-1493 28640 FEDORA-2008-1231 FEDORA-2008-1208 https://issues.rpath.com/browse/RPL-2206 USN-595-1 20080213 rPSA-2008-0061-1 SDL_image MDVSA-2008:040 GLSA-200802-01 http://wiki.rpath.com/Advisories:rPSA-2008-0061 29542 28869 28850 28830 28752 http://bugs.gentoo.org/show_bug.cgi?id=207933 Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) uri parameter to (a) yui-menu.tpl.php, (b) simple.tpl.php, and (c) advanced.tpl.php in dispatcher/framework/; and the (2) page parameter to (d) yui-menu.php, (e) simple.php, and (f) advanced.php in dispatcher/framework/, different vectors than CVE-2008-0521. ADV-2008-0347 27466 4991 bubblinglibrary-page-uri-file-include(39969) Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. ecommercesuite-ajaxgetbrands-sql-injection(39939) ADV-2008-0314 27454 20080125 [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure) 4988 http://www.candypress.com/CPforum/forum_posts.asp?TID=10630&PN=1 28662 3600 Cross-site scripting (XSS) vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and probably earlier 4.x and 3.x versions, allows remote attackers to inject arbitrary web script or HTML via the helpfield parameter. ecommercesuite-utilitiesconfighelp-xss(39940) ADV-2008-0314 27454 20080125 [CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure 4988 http://www.candypress.com/CPforum/forum_posts.asp?TID=10630&PN=1 28662 3600 Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large integer in the Content-Length HTTP header, which triggers a NULL dereference when malloc fails. steamcast-contentlength-dos(39927) http://aluigi.altervista.org/adv/steamcazz-adv.txt Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via a long Ogg tag. steamcast-oggheaderparse-dos(39929) http://aluigi.org/poc/steamcazz.zip http://aluigi.altervista.org/adv/steamcazz-adv.txt Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header. steamcast-http-bo(39928) http://aluigi.org/poc/steamcazz.zip http://aluigi.altervista.org/adv/steamcazz-adv.txt The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. ADV-2008-0299 27453 4986 28649 namoinstaller-namoinstaller-code-execution(39974) 27580 Cross-site scripting (XSS) vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. eticket-index-xss(39968) 1019278 27473 20080127 eTicket 'index.php' Cross Site Scripting Path Vulnerability http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt 3601 Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484. 27655 28784 FEDORA-2008-3545 FEDORA-2008-1384 FEDORA-2008-1122 FEDORA-2008-1131 FEDORA-2008-1323 https://issues.rpath.com/browse/RPL-2215 https://bugzilla.redhat.com/show_bug.cgi?id=431518 ADV-2008-1744 ADV-2008-1456 ADV-2008-0430 http://www.vmware.com/security/advisories/VMSA-2008-0009.html 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues 20080212 rPSA-2008-0054-1 tk RHSA-2008:0136 RHSA-2008:0135 RHSA-2008:0134 SUSE-SR:2008:013 MDVSA-2008:041 DSA-1598 DSA-1491 DSA-1490 http://wiki.rpath.com/Advisories:rPSA-2008-0054 USN-664-1 237465 http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894 1019309 32608 30783 30717