MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records." http://www.maradns.org/changelog.html http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html 27124 ADV-2008-0026 DSA-1445 GLSA-200801-16 28650 28334 28329 http://bugs.gentoo.org/show_bug.cgi?id=204351 SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. 27108 4830 28313 40077 clipshare-uprofile-sql-injection(39364) A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. 27106 4829 divxwebplayer-npUpload-dos(39386) Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. 27092 4828 20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible agency4net-download2-directory-traversal(39343) ADV-2008-0051 28309 Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. 27090 20080101 Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search http://phpwebsite.appstate.edu/blog/2143 phpwebsite-search-xss(39391) 3511 28303 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. http://www.digitrustgroup.com/advisories/web-application-security-eticket.html 28331 eticket-name-subject-xss(39400) 27130 Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. 28220 modx-ajaxsearch-file-include(39352) 27097 27096 20080102 MODx CMS Source code disclosure, local file inclusion http://modxcms.com/forums/index.php/topic,21290.0.html 3522 The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. 27110 28312 http://downloads.digium.com/pub/security/AST-2008-001.html http://bugs.digium.com/view.php?id=11637 FEDORA-2008-0199 FEDORA-2008-0198 asterisk-bye-also-dos(39361) 1019152 20080102 AST-2008-001: Crash from transfer using BYE with Also header ADV-2008-0019 28299 3520 Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password. 27103 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 28307 http://aluigi.altervista.org/adv/gswsshit-adv.txt 3517 Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message. 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 28307 http://aluigi.altervista.org/adv/gswsshit-adv.txt 3517 Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer 27091 ADV-2008-0016 28276 [Dailydave] 20080101 0day RealPlayer exploit demo http://gleg.net/realplayer11.html 1019153 Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. 27118 4831 Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file. 27102 28287 whitedune-sceneerrorf-bo(39385) 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 http://vrml.cip.ica.uni-stuttgart.de/dune/news.html http://aluigi.altervista.org/adv/whitedunboffs-adv.txt 3516 Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file. 27102 28287 whitedune-swdegugf-format-string(39388) 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 http://vrml.cip.ica.uni-stuttgart.de/dune/news.html http://aluigi.altervista.org/adv/whitedunboffs-adv.txt 3516 SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. 4832 siteatschool-slideshowfull-sql-injection(39417) 27120 SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dating-site-login-sql-injection(39326) 28283 39766 Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27121 28283 Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username. fortressssh-sshd-dos(39354) http://aluigi.org/poc/pragmassh.zip http://aluigi.altervista.org/adv/pragmassh-adv.txt 27141 20080104 Some DoS in some telnet servers Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. 27149 4840 28362 tribisur-catmain-forum-sql-injection(39443) Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. 27162 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt 28284 http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. 4838 ADV-2008-0053 snetworks-configinc-file-include(39468) PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. xoops-modgallery-zendhashkey-file-include(39461) 27155 4847 Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. 27157 28336 4849 loudblog-template-code-execution(39445) Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. uebimiau-webmail-error-directory-traversal(39460) 27154 4846 20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. 27145 4835 webportal-action-weak-security(39486) Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. 4835 PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. samPHPweb-db-file-include(39397) http://www.spacialaudio.com/news/index.html 27137 4834 28355 PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. netrisk-index-file-include(39419) 27136 4833 28328 20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. php-glob-openbasedir-security-bypass(39401) ADV-2008-0059 http://www.php.net/releases/4_4_8.php http://www.php.net/ChangeLog-4.php 28318 http://bugs.php.net/bug.php?id=41655 SSA:2008-045-03 28936 Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. 27116 20080103 xss in w3-msql error page 28294 51235 3521 Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. 27188 RHSA-2008:0002 ADV-2008-0063 FEDORA-2008-0572 FEDORA-2008-0506 https://bugzilla.redhat.com/show_bug.cgi?id=426578 openpegasus-pambasic-bo(39527) http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 27172 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus ADV-2008-1391 ADV-2008-1234 ADV-2008-0638 20080115 vuldb confusion between OpenPegasus issues 1019159 29986 29785 29056 28462 28338 40082 [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus SSRT080000 SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. 27180 4863 28301 smallnuke-index-sql-injection(39525) TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. 28291 4861 tutos-cmd-command-execution(39531) TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. 28291 4861 Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. 27144 20080104 Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 http://www.arubanetworks.com/support/alerts/aid-122207.asc 28357 3529 Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. wacserver-option-dos(39427) 27142 20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503 20080104 Some DoS in some telnet servers 3525 28272 http://aluigi.altervista.org/adv/wachof-adv.txt http://aluigi.altervista.org/adv/waccaz-adv.txt SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unpsecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode. 27134 28316 20080104 Some DoS in some telnet servers http://aluigi.altervista.org/adv/slnetmsg-adv.txt telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference. pragmatelnetserver-telnetd-dos(39353) 27143 20080104 Some DoS in some telnet servers http://aluigi.altervista.org/adv/pragmatel-adv.txt SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. evilboard-index-sql-injection(39529) 27190 4865 Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter. 27190 4865 evilboard-index-xss(39526) Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter. milliondollarscript-index-dir-traversal(39492) 27174 20080107 Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. 3524 SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. flexbb-flexbbtempid-sql-injection(39475) 27164 4858 28373 Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. shopscript-index-directory-traversal(39449) 27165 http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt 4855 SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. eggblog-eggblogmail-sql-injection(39473) 27168 4860 28371 Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. 27184 20080108 sysHotel On Line Remote File Disclosure Vulnerability. 3528 SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). 27161 4852 http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681 28328 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. 27161 4852 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) 28369 SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. sambroadcaster-songinfo-sql-injection(39463) 27147 4836 Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter. awesometemplateengine-multiple-xss(39396) 27125 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1694/ http://securityvulns.ru/Sdocument784.html 20080103 securityvulns.com russian vulnerabilities digest 3539 WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. wordpress-p-path-disclosure(39423) 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1634/ http://securityvulns.ru/Sdocument663.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. wordpress-popuptitle-xss(39426) 27123 http://websecurity.com.ua/1658/ http://securityvulns.ru/Sdocument714.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. 27123 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1676/ http://securityvulns.ru/Sdocument755.html 20080103 securityvulns.com russian vulnerabilities digest DSA-1502 3539 29014 Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1676/ http://securityvulns.ru/Sdocument755.html 20080103 securityvulns.com russian vulnerabilities digest DSA-1502 3539 29014 WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1687/ http://websecurity.com.ua/1686/ http://websecurity.com.ua/1683/ http://websecurity.com.ua/1679/ http://securityvulns.ru/Sdocument773.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument762.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1687/ http://websecurity.com.ua/1686/ http://websecurity.com.ua/1683/ http://websecurity.com.ua/1679/ http://securityvulns.ru/Sdocument773.html http://securityvulns.ru/Sdocument772.html http://securityvulns.ru/Sdocument768.html http://securityvulns.ru/Sdocument762.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1641/ http://websecurity.com.ua/1600/ http://securityvulns.ru/Sdocument667.html http://securityvulns.ru/Sdocument546.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1641/ http://websecurity.com.ua/1600/ http://securityvulns.ru/Sdocument667.html http://securityvulns.ru/Sdocument546.html 20080103 securityvulns.com russian vulnerabilities digest 3539 PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1259/ http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 http://securityvulns.ru/Sdocument731.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter. 27138 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1442/ http://securityvulns.ru/Sdocument625.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter. expressionengine-index-xss(39442) 27128 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1454/ http://securityvulns.ru/Sdocument472.html 20080103 securityvulns.com russian vulnerabilities digest 3539 CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. 27128 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1454/ http://securityvulns.ru/Sdocument472.html 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1596/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1576/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1576/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1588/ 20080103 securityvulns.com russian vulnerabilities digest 3539 Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI. 27126 20080103 securityvulns.com russian vulnerabilities digest http://websecurity.com.ua/1259/ http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 http://securityvulns.ru/Sdocument731.html 28335 20080103 securityvulns.com russian vulnerabilities digest 3539 Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. 27162 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt 28284 http://hackerscenter.com/archive/view.asp?id=28145 Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. 20080107 [HSC] Snitz Forums Multiple Vulnerabilities http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt http://hackerscenter.com/archive/view.asp?id=28145 Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. 27154 4846 The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. 27197 20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected 20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472 mcafee-ebusiness-packet-code-execution(39563) mcafee-ebusiness-authentication-packet-dos(39561) 4878 ADV-2008-0087 1019170 3530 28408 Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. icewarpmailserver-index-xss(39564) http://www.securityfocus.com/data/vulnerabilities/exploits/27189.html 27189 ADV-2008-0135 28460 SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. webquest-soportehorizontalw-sql-injection(39560) 27192 4867 26821 Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. VU#735441 27193 4982 4869 ADV-2008-0077 28379 20080109 Gateway WebLaunch ActiveX Control Insecure Method Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. 4869 ADV-2008-0077 28379 20080109 Gateway WebLaunch ActiveX Control Insecure Method Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. wordpress-wpfilemanager-file-upload(39462) 27151 4844 Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. justsystems-jsfc-bo(39501) 1019168 27153 http://www.justsystems.com/jp/info/pd8001.html ADV-2008-0045 http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107 28275 JVN#08237857 SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. runcms-newbb-client-sql-injection(39478) 27152 28340 4845 Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information. FEDORA-2008-0718 https://bugzilla.redhat.com/show_bug.cgi?id=428620 USN-635-1 27198 ADV-2008-0163 http://sourceforge.net/project/shownotes.php?release_id=567872 31393 28489 28384 http://aluigi.altervista.org/adv/xinermffhof-adv.txt SUSE-SR:2008:002 MDVSA-2008:045 MDVSA-2008:020 DSA-1472 GLSA-200801-12 28955 28674 28636 28507 http://bugs.gentoo.org/show_bug.cgi?id=205197 Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. yassl-inputbufferoperator-bo(39431) yassl-processoldclienthello-bo(39429) 31681 27140 20080104 Pre-auth buffer-overflow in mySQL through yaSSL 20080104 Multiple vulnerabilities in yaSSL 1.7.5 MDVSA-2008:150 ADV-2008-2780 http://support.apple.com/kb/HT3216 32222 28324 APPLE-SA-2008-10-09 USN-588-1 ADV-2008-0560 DSA-1478 3531 29443 28597 28419 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://bugs.mysql.com/33814 yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. yassl-hashwithtransformupdate-dos(39433) 31681 27140 20080104 Multiple vulnerabilities in yaSSL 1.7.5 MDVSA-2008:150 ADV-2008-2780 http://support.apple.com/kb/HT3216 32222 28324 APPLE-SA-2008-10-09 USN-588-1 ADV-2008-0560 DSA-1478 3531 29443 28597 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://bugs.mysql.com/33814 Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators. linksys-apply-csrf(39502) 20080107 Linksys WRT54 GL - Session riding (CSRF) 28364 20080115 Re: Linksys WRT54 GL - Session riding (CSRF) 3534 The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access. 1019162 27183 20080108 Level-One WBR-3460A Grants Root Access 3533 28397 PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter. osdate-php121db-file-include(39567) 27208 http://packetstormsecurity.org/0801-exploits/osdata-lfi.txt 4870 28420 Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments. tunedstudiostemplates-index-file-include(39555) 27196 20080109 LFI in Tuned Studios Templates 4876 3532 Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php. zerocms-index-sql-injection(39530) 27186 http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt 4864 Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg. http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt 4864 Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. VU#112179 ADV-2008-2064 ADV-2008-0107 APPLE-SA-2008-07-10 quicktime-rtsp-responses-bo(39601) 1019178 27225 20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70 20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70 20080110 Buffer-overflow in Quicktime Player 7.3.1.70 4906 4885 3537 31034 28423 APPLE-SA-2008-02-06 The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. microsoft-vfpoleserver-command-execution(39559) 27199 http://shinnai.altervista.org/exploits/txt/TXT_rNowA1916DKFNUF48NyS.html 4875 28417 An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method. microsoft-foxserver-command-execution(39558) 27205 http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html 4873 28417 The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method. microsoft-richtextbox-file-overwrite(39557) 27201 http://shinnai.altervista.org/exploits/txt/TXT_DZVN8CwCha0I2fI3NeEs.html 4874 Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Please see the following link for more information regarding the exploit: http://aluigi.altervista.org/adv/xinermffhof-adv.txt USN-635-1 31393 28384 MDVSA-2008:045 MDVSA-2008:020 GLSA-200801-12 28955 28674 http://bugs.gentoo.org/show_bug.cgi?id=205197 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager http://www.procheckup.com/Vulnerability_PR07-08.php http://www.procheckup.com/Vulnerability_PR07-07.php http://www.procheckup.com/Vulnerability_PR07-06.php sun-identity-main-xss(39583) sun-identity-resultsform-xss(39582) sun-identity-lang-xss(39581) sun-identity-login-xss(39580) 27214 http://www.procheckup.com/Vulnerability_PR07-09.php ADV-2008-0089 103180 28356 1019175 200558 3535 /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." http://www.procheckup.com/Vulnerability_PR07-10.php sun-identity-index-frame-injection(39586) 27214 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ADV-2008-0089 103180 28356 200558 3535 Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. http://www.procheckup.com/Vulnerability_PR07-12.php 200558 103180 sun-identity-login-security-bypass(39590) 27214 20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager ADV-2008-0089 3535 28356 mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. FEDORA-2008-1695 FEDORA-2008-1711 apache-modproxyftp-utf7-xss(39615) USN-575-1 1019185 27234 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability RHSA-2008:0009 RHSA-2008:0008 RHSA-2008:0007 RHSA-2008:0006 RHSA-2008:0005 RHSA-2008:0004 MDVSA-2008:016 MDVSA-2008:015 MDVSA-2008:014 ADV-2008-1875 ADV-2008-0924 http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm 3526 20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability GLSA-200803-19 35650 30732 29640 29420 29348 28977 28749 28607 28526 28471 28467 SSRT090192 SSRT090192 SSRT090085 SSRT090085 [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server SUSE-SA:2008:021 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. http://int21.de/cve/CVE-2008-0123-moodle.html 20080111 Cross site scripting (XSS) in Moodle 1.8.3 moodle-install-xss(39630) 27259 20080111 Cross site scripting (XSS) in Moodle 1.8.3 ADV-2008-0164 28838 SUSE-SR:2008:003 Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. 103165 solaris-libdevinfo-privilege-escalation(39629) 1019187 27253 ADV-2008-0131 200641 28493 oval:org.mitre.oval:def:5211 Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. lotus-domino-unspecified-dos(39588) 27215 ADV-2008-0086 http://www-1.ibm.com/support/docview.wss?uid=swg27011539 28411 SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. maxdb-system-command-execution(39573) 1019171 27206 20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07 4877 ADV-2008-0104 28409 http://aluigi.altervista.org/adv/sapone-adv.txt 3536 admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. uploadimage-admin-command-execution(39571) 27203 4871 admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action. uploadscript-admin-command-execution(39570) 27203 4871 Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value. 27235 http://www-1.ibm.com/support/docview.wss?uid=swg21291536 28440 ibm-tsmexpressserver-bo(39604) http://www.zerodayinitiative.com/advisories/ZDI-08-001.html 1019182 20080114 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability ADV-2008-0106 Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method. streamaudio-chaincastproxymanager-bo(39622) 27247 4894 20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow ADV-2008-0133 28461 PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments. phpwebquest-backup-information-disclosure(39572) 27202 4872 Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line. 27250 4892 http://shinnai.altervista.org/exploits/txt/TXT_PoEOrFM8py30PXrDF7IY.html visualinterdev-sln-project-bo(41826) 28482 Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. vbgallery-unspecified-code-execution(39621) http://www.photopost.com/forum/showthread.php?t=134910 http://www.photopost.com/forum/showthread.php?t=134909 28430 Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie. ADV-2008-0039 http://www.cherrypy.org/changeset/1775 http://www.cherrypy.org/changeset/1774 FEDORA-2008-0333 FEDORA-2008-0299 https://bugs.gentoo.org/show_bug.cgi?id=204829 http://www.cherrypy.org/ticket/744 http://www.cherrypy.org/changeset/1776 28354 28353 https://issues.rpath.com/browse/RPL-2127 27181 20080124 rPSA-2008-0030-1 CherryPy DSA-1481 GLSA-200801-11 28769 28620 28611 SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. 27264 4904 binnsbuilder-fulltext-sql-injection(39634) 20080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. 27263 4901 28446 tutorialcms-activate-sql-injection(39642) SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. igamingcms-archive-sql-injection(39598) 27230 4886 28426 Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. 27262 4900 28447 aspphotogallery-multiple-sql-injection(39646) Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 28465 dansiesearchengine-search-xss(39636) 27269 Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. 27268 http://sourceforge.net/project/shownotes.php?release_id=568237&group_id=103505 28474 http://sourceforge.net/tracker/index.php?func=detail&aid=1204199&group_id=103505&atid=634992 phprunningmanagement-index-xss(39639) Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters. 27265 4902 28391 minimalgallery-mgthumbs-file-include(39649) minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function. 4902 28391 Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. 27239 28392 http://forum.mambo-foundation.org/showthread.php?t=9651 mambo-search-dos(39613) SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. agares-articleblock-sql-injection(39641) 27258 4905 4898 The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors. 1019177 1019176 27222 http://www.ingate.com/relnote-461.php ADV-2008-0108 28394 40365 Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node. http://drupal.org/node/209759 ADV-2008-0129 28478 drupal-metatags-code-execution(39638) Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories. f5bigip-searchstring-xss(39632) 1019190 27272 20080114 F5 BIG-IP Web Management List Search XSS ADV-2008-0181 28505 3545 Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability. eticket-admin-csrf(39490) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 28331 3542 Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. eticket-search-sql-injection(39489) eticket-admin-sql-injection(39487) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 28331 3542 Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. eticket-view-xss(39488) 27173 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities 28331 3542 Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. 103188 solaris-dotoprocs-dos(39631) 1019186 27260 ADV-2008-0130 201513 28491 oval:org.mitre.oval:def:5400 SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. 4899 taskfreak-index-sql-injection(39645) 27257 28448 The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. 28418 http://drupal.org/node/208534 drupal-bueditor-csrf(39614) ADV-2008-0128 Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. 27238 drupal-aggregator-csrf(39617) ADV-2008-0134 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 28422 http://drupal.org/node/208562 ADV-2008-0127 Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. 27238 28422 drupal-utf8-xss(39619) ADV-2008-0134 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 http://drupal.org/node/208564 ADV-2008-0127 Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files. 27238 28422 drupal-theme-xss(39605) ADV-2008-0134 http://www.vbdrupal.org/forum/showthread.php?t=1349 http://www.vbdrupal.org/forum/showthread.php?p=6878 28486 http://drupal.org/node/208565 ADV-2008-0127 The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content. drupal-atom-security-bypass(39607) http://drupal.org/node/208527 Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. drupal-devel-variable-xss(39606) http://drupal.org/node/208524 Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors. drupal-fileshare-code-execution(39609) http://drupal.org/node/208537 SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. x7chatday-sql-injection(39656) 27277 4907 28503 SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected. xforum-liretopic-sql-injection(39654) 27278 4908 SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. DSA-1459 27266 ADV-2008-0115 gforge-multiple-sql-injection(39666) 28451 28395 VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. 27280 FEDORA-2008-0748 https://issues.rpath.com/browse/RPL-2146 linux-directory-security-bypass(39672) USN-578-1 USN-574-1 20080117 rPSA-2008-0021-1 kernel RHSA-2008:0089 MDVSA-2008:112 MDVSA-2008:044 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14 ADV-2008-0151 DSA-1479 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021 1019289 29245 28971 28806 28748 28706 28664 28643 28628 28626 28558 28485 RHSA-2008:0055 SUSE-SA:2008:013 SUSE-SA:2008:006 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter. 27224 20080110 MTCMS <=2.0 SQL Injection Vulnerbility 4882 mtcms-a-sql-injection(39597) 3544 28428 SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. idcommerce-liste-sql-injection(39594) 27220 20080110 ID-Commerce Security Advisory - SLR-2007-001 20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC)) 20080110 ID-Commerce Security Advisory - SLR-2007-001 SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. domphp-inscription-sql-injection(39593) 27212 4880 28393 PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. 27226 4883 Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. simplemachinesforum-itemid-xss(39585) 27218 20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilities 3540 ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference. http://ngircd.barton.de/doc/ChangeLog http://bugs.gentoo.org/show_bug.cgi?id=204834 http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h 27318 GLSA-200801-13 28673 28425 SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. 27286 20080115 Article DashBoard all version SQL Injection Vulnerability articledashboard-login-sql-injection(39657) 20080116 Re: Article DashBoard all version SQL Injection Vulnerability 3546 28495 PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php. vcart-checkout-index-file-include(39616) 27231 4889 28424 Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. 27240 20080111 ImageAlbum Remote SQL Injection Vulnerabilities 4895 3548 PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." mas-viewfunc-file-include(39611) 27244 20080118 Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php) 20080111 Member Area System (MAS) Remote File Include Vulnerability (view_func.php) 3547 Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. digitalhive-base-sql-injection(39602) 27232 4887 Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307302 iphone-passcode-lock-security-bypass(39701) 1019219 27297 ADV-2008-0147 28497 Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. TA08-043B iphone-ipod-foundation-code-execution(39700) 1019220 27296 ADV-2008-0147 28497 APPLE-SA-2008-01-15 APPLE-SA-2008-02-11 http://docs.info.apple.com/article.html?artnum=307302 ADV-2008-0495 28891 http://docs.info.apple.com/article.html?artnum=307430 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. TA08-016A APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307301 quicktime-sorenson-code-execution(39695) 1019221 27298 ADV-2008-0148 28502 Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. VU#203611 27283 FreeBSD-SA-08:02 FEDORA-2008-0904 FEDORA-2008-0903 https://issues.rpath.com/browse/RPL-2169 https://bugzilla.redhat.com/show_bug.cgi?id=429149 freebsd-inetnetwork-bo(39670) http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow 1019189 20080124 rPSA-2008-0029-1 bind bind-utils RHSA-2008:0300 http://www.isc.org/index.pl?/sw/bind/bind-security.php ADV-2008-1743 ADV-2008-0703 ADV-2008-0193 http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm 238493 30718 30538 30313 29323 29161 28579 28487 28429 28367 SUSE-SR:2008:006 The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. FreeBSD-SA-08:01 freebsd-ptsname-information-disclosure(39667) 1019191 27284 28498 The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. FreeBSD-SA-08:01 freebsd-openpty-information-disclosure(39665) 1019191 27284 28498 Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. TA08-016A 20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability APPLE-SA-2008-01-15 http://docs.info.apple.com/article.html?artnum=307301 quicktime-macintosh-code-execution(39696) 1019221 27301 ADV-2008-0148 28502 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. TA08-016A quicktime-idsc-code-execution(39697) 1019221 20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability ADV-2008-0148 28502 APPLE-SA-2008-01-15 http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 http://docs.info.apple.com/article.html?artnum=307301 27299 Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. TA08-016A ADV-2008-2064 31034 APPLE-SA-2008-01-15 APPLE-SA-2008-07-10 http://docs.info.apple.com/article.html?artnum=307301 quicktime-pict-bo(39698) 1019221 27300 ADV-2008-0148 28502 SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. 27281 4910 richstrongcms-showproduct-sql-injection(39668) 27310 20080116 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit 28449 Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. dansiephotoalbum-photoalbum-xss(39664) 28501 Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function. freeseat-cron-security-bypass(39648) http://sourceforge.net/project/shownotes.php?group_id=160239&release_id=568374 28459 Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors. freeseat-seatlocking-security-bypass(39647) 27270 http://sourceforge.net/project/shownotes.php?release_id=568374&group_id=160239 28459 Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data. 27221 ADV-2008-0105 28383 http://aluigi.altervista.org/adv/vlcxhof-adv.txt GLSA-200803-13 DSA-1543 29766 29284 Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. ADV-2008-0105 http://aluigi.altervista.org/adv/vlcxhof-adv.txt GLSA-200803-13 DSA-1543 29766 29284 PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output. photokorn-update3-information-disclosure(39652) 4897 KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. safari-khtml-webkit-dos(39635) 27261 20080112 Safari 2 Denial of Service http://www.s21sec.com/avisos/s21sec-039-en.txt 3549 common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. https://bugzilla.redhat.com/show_bug.cgi?id=428727 http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706 FEDORA-2008-0722 FEDORA-2008-0644 paramiko-randompool-info-disclosure(39749) 27307 GLSA-200803-07 29168 28510 28488 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. TA08-071A 27305 MS08-014 http://www.microsoft.com/technet/security/advisory/947563.mspx microsoft-excel-unspecified-code-execution(39699) ADV-2008-0846 ADV-2008-0146 1019200 28506 SSRT080028 oval:org.mitre.oval:def:5546 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog http://git.madism.org/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32 USN-572-1 27331 DSA-1465 28574 28513 Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption. cisco-vpnclient-cvpndrva-dos(39694) 27289 4911 1019240 ADV-2008-0170 28472 Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. 20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow cisco-cucm-ctl-bo(39704) 27313 20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 1019223 ADV-2008-0171 3551 28530 SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. 27302 4916 fascriptfapersian-show-sql-injection(39716) 28522 SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. 27302 4917 fascriptfapersianhack-show-sql-injection(39717) 28565 SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 27302 4914 40330 fascriptfamp3-show-sql-injection(39714) 28566 SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. 27303 4915 fascriptfaname-page-sql-injection(39715) 28528 LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter. lulieblog-admin-security-bypass(39669) 27290 4912 28432 Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap. osc-radiator-unspecified-dos(40664) 27306 http://www.open.com.au/radiator/history.html 28463 radiator-radius-dos(39730) ADV-2008-0598 Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests. http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf 28085 42782 x2300-dns-dos(39731) 27314 Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. 4920 aria-effect-file-include(39712) 27311 20080116 [DSECRG-08-002] Local File Include in arias 0.99-6 Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter. 4921 mailbeewebmail-download-directory-traversal(39724) 27312 28521 Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter. 27282 http://packetstormsecurity.org/0801-exploits/pMachinePro-241-xss.txt Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field. http://sourceforge.net/project/shownotes.php?release_id=568160 bugtrackernet-bug-xss(39650) 27275 http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837 28481 Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx. http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160 bugtrackernet-http-csrf(39651) http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837 28481 Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. 4923 http://www.bugtraq.ir/adv/miniweb_english.pdf 28512 miniweb-mwprocessreadsocket-bo(39718) 27319 ADV-2008-0176 Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. 4923 http://www.bugtraq.ir/adv/miniweb_english.pdf 28512 miniweb-mwgetlocal-directory-traversal(39713) 27319 ADV-2008-0176 Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html SSRT061201 27229 ADV-2008-0150 1019218 28518 ADV-2008-0180 28556 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04). TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 HPSBMA02133 ADV-2008-0180 28556 Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 SSRT061201 ADV-2008-0180 28556 Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html SSRT061201 27229 ADV-2008-0150 1019218 28518 ADV-2008-0180 28556 Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 HPSBMA02133 ADV-2008-0180 28556 Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 HPSBMA02133 ADV-2008-0180 28556 Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 SSRT061201 ADV-2008-0180 28556 Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 40294 SSRT061201 ADV-2008-0180 28556 Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 20080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPU http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm ADV-2008-0180 ADV-2008-0150 1019218 28556 28518 SSRT061201 Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 HPSBMA02133 ADV-2008-0180 28556 Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02. TA08-017A http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html 27229 ADV-2008-0150 1019218 28518 SSRT061201 ADV-2008-0180 28556 regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. https://issues.rpath.com/browse/RPL-2143 USN-570-1 27325 http://svn.boost.org/trac/boost/changeset/42745 http://svn.boost.org/trac/boost/changeset/42674 http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA-2008-0880 20080213 rPSA-2008-0063-1 boost MDVSA-2008:032 GLSA-200802-08 ADV-2008-0249 http://wiki.rpath.com/Advisories:rPSA-2008-0063 29323 28943 28860 28705 28545 28527 28511 SUSE-SR:2008:006 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. https://issues.rpath.com/browse/RPL-2143 USN-570-1 27325 http://svn.boost.org/trac/boost/changeset/42745 http://svn.boost.org/trac/boost/changeset/42674 http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA-2008-0880 20080213 rPSA-2008-0063-1 boost MDVSA-2008:032 GLSA-200802-08 ADV-2008-0249 http://wiki.rpath.com/Advisories:rPSA-2008-0063 29323 28943 28860 28705 28545 28527 28511 SUSE-SR:2008:006 admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes. 28427 27227 4884 http://evilsentinel.altervista.org/forum/index.php?topic=49.0 admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php. 27227 4884 The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram). linux-kernel-ipv6-jumbogram-dos(39643) 4893 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2 http://bugzilla.kernel.org/show_bug.cgi?id=8450 SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information. phpresidence-visualizza-sql-injection(39739) 27320 4925 28516 Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim. 1019224 27316 ADV-2008-0168 http://www-1.ibm.com/support/docview.wss?uid=swg21292938 27942 sametime-client-mouseover-xss(39726) SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. 27326 4929 phpechocms-index-sql-injection(39741) Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. VU#412228 http://support.citrix.com/article/CTX114487 http://zerodayinitiative.com/advisories/ZDI-08-002.html ADV-2008-0172 28508 1019231 27329 20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. 27327 4930 28504 minifilehost-uploadphp-file-include(39799) SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. http://www.pixelpost.org/forum/showthread.php?t=7716 27242 4924 28499 pixelpost-indexphp-sql-injection(39721) 1019238 Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/. 27317 blogcms-index-xss(39710) 28523 4919 20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities http://blogcms.com/wiki/changelog Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. 27317 28523 4919 20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities http://blogcms.com/wiki/changelog Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter. 27324 20080116 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit 4926 28520 gradman-agregarinfo-file-include(39732) 3552 Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter. 20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities clevercopy-gallery-xss(39747) 27335 3553 28560 Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. 20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities clevercopy-postcomment-sql-injection(39746) 27335 3553 28560 Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier. 27321 utorrent-peers-bo(39720) bittorrent-peers-bo(39719) 20080116 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5 http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt http://aluigi.org/poc/ruttorrent.zip http://aluigi.altervista.org/adv/ruttorrent-adv.txt 3554 28537 28533 http://forum.utorrent.com/viewtopic.php?id=29330 Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module. 27341 20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow http://www.coresecurity.com/?action=item&id=2025 coreforce-firewall-registry-bo(39758) 1019245 ADV-2008-0242 3555 http://force.coresecurity.com/index.php?module=articles&func=display&aid=32 CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. 27341 http://www.coresecurity.com/?action=item&id=2025 20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow 1019245 ADV-2008-0242 3555 http://force.coresecurity.com/index.php?module=articles&func=display&aid=32 Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. 27336 103192 [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server FEDORA-2008-0891 FEDORA-2008-0831 FEDORA-2008-0794 FEDORA-2008-0760 https://bugzilla.redhat.com/show_bug.cgi?id=428044 xorg-pcffont-bo(39767) ADV-2008-3000 USN-571-1 27352 RHSA-2008:0064 RHSA-2008:0030 RHSA-2008:0029 MDVSA-2008:024 MDVSA-2008:022 MDVSA-2008:021 ADV-2008-0184 ADV-2008-0179 http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm 1019232 GLSA-200801-09 32545 28621 28592 28571 28550 28544 28542 28540 28536 28535 28532 28500 28273 SUSE-SA:2008:003 JVNDB-2008-001043 JVN#88935101 SSRT080083 SSRT080083 http://bugs.gentoo.org/show_bug.cgi?id=204362 https://issues.rpath.com/browse/RPL-2010 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs [4.2] 20080208 006: SECURITY FIX: February 8, 2008 [4.1] 20080208 012: SECURITY FIX: February 8, 2008 GLSA-200805-07 ADV-2008-0924 ADV-2008-0703 ADV-2008-0497 http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm 201230 GLSA-200804-05 30161 29707 29622 29420 29139 28941 28885 28843 28718 SUSE-SR:2008:008 APPLE-SA-2008-03-18 http://docs.info.apple.com/article.html?artnum=307562 Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. https://bugzilla.mozilla.org/show_bug.cgi?id=244273 27111 20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication 20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/ http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. ibm-ids-onedcu-sqlidebug-unspecified(39751) 1019237 27328 ADV-2008-0169 http://www-1.ibm.com/support/docview.wss?uid=swg27011556 IC54307 28534 20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. ibm-ids-onedcu-sqlidebug-unspecified(39751) 1019237 27328 ADV-2008-0169 http://www-1.ibm.com/support/docview.wss?uid=swg27011556 IC54309 28534 20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability ibm-ids-sqlidebug-unspecified(40009) Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. 27308 20080116 cPanel Hosting Manager (dohtaccess.html) 28561 http://aria-security.net/forum/showthread.php?p=1238 3561 Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. alitalk-index-sql-injection(39745) alitalk-usercp-sql-injection(39736) alitalk-adminindex-sql-injection(39735) alitalk-receivertwo-sql-injection(39733) 27315 4922 28515 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. r3000-urlfilter-security-bypass(39723) 27309 20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split 20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split 28524 3557 Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files. max-index-file-upload(39740) 27285 20080115 Max's File Uploader File Upload Vulnerability 3572 OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777. 27339 20080117 [CSNC] OKI C5510MFP Printer Password Disclosure http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html 28553 c5510mfp-configuration-info-disclosure(39775) 3569 Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. 27339 20080117 [CSNC] OKI C5510MFP Printer Password Disclosure http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html 28553 c5510mfp-password-security-bypass(39776) 3569 PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. 27345 4937 smallaxeweblog-linkbar-file-include(39765) 28568 MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. micronews-admin-authentication-bypass(39702) 27288 20080115 MicroNews Admin Direct Access vulnerability 3556 Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname. 27357 20080118 SocksCap Stack Overflow (<= 2.40-051231) sockscap-hostname-bo(39781) 3560 Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow. crystalreports-enterprisetree-bo(39743) 1019239 27333 4931 Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. 27337 4932 ADV-2008-0182 28492 Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. https://eduforge.org/frs/shownotes.php?release_id=342 27348 28484 Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. 27322 20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10 4928 4927 28509 3559 Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. 27323 mybb-usergroups-sql-injection(39729) mybb-moderationphp-sql-injection(39728) http://www.waraxe.us/advisory-62.html 20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10 28509 http://community.mybboard.net/showthread.php?tid=27227 3558 OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked. 1019188 27252 [4.2] 20080111 005: RELIABILITY FIX: January 11, 2008 4935 28473 [openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. http://www.winamp.com/player/version-history ADV-2008-0183 http://secunia.com/secunia_research/2008-2/advisory/ 27865 winamp-inmp3-bo(39778) 27344 The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 apache-singlesignon-information-disclosure(39804) 27365 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities ADV-2009-0233 ADV-2008-0192 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 http://security-tracker.debian.net/tracker/CVE-2008-0128 33668 31493 28552 28549 RHSA-2008:0630 http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx RHSA-2008:0261 29242 SUSE-SR:2008:005 SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. wpforum-index-sql-injection(39800) 27362 4939 ADV-2008-0235 28567 52211 20080216 WordPress forumaction (PAGE_id)(user)SQL Injectio http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/ Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors. 27371 PK52059 websphere-serveservlets-unspecified(39808) 1019894 1019251 ADV-2008-1133 ADV-2008-0219 http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118 29687 28576 stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php. 27342 4933 auracms-stat-code-execution(39777) inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters. 27315 4922 Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line. visualbasic-enterprise-dsr-bo(39773) 27349 4938 1019258 ADV-2008-0195 28563 Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361. gradman-info-file-include(39768) 27343 4936 28520 Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. citadel-makeuserkey-bo(39807) http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz 4949 28590 1019255 27376 ADV-2008-0252 Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal. http://www.waraxe.us/advisory-63.html 20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01 28613 3573 Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request. bitdefender-http-server-directory-traversal(39802) 27358 20080119 BitDefender Update Server - Unauthorized Remote File Access Vulnerability http://www.oliverkarow.de/research/bitdefender.txt ADV-2008-0213 28578 http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/ 3568 Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php. 27398 4958 ADV-2008-0255 28594 Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form. 27398 4958 ADV-2008-0255 28594 Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods. toshiba-recordsend-bo(39792) 27360 4946 ADV-2008-0214 28557 http://retrogod.altervista.org/rgod_toshiba_control.html Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php. 27382 ADV-2008-0234 http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt 28573 Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp. VU#158609 http://www-1.ibm.com/support/docview.wss?uid=swg24018010 tivoli-provisioning-http-unspecified(39819) 1019249 27387 ADV-2008-0239 28604 20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group. http://www-1.ibm.com/support/docview.wss?uid=swg24018061 http://www-1.ibm.com/support/docview.wss?uid=swg24018060 websphere-repository-weak-security(39830) 1019252 27389 JR28175 28586 ADV-2008-0254 The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi. belkin-savecfgfile-authentication-bypass(39793) 27359 20080119 Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability 4941 ADV-2008-0215 3566 28554 Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary. 27367 http://sourceforge.net/project/shownotes.php?release_id=569765 FEDORA-2008-0856 FEDORA-2008-0796 https://bugzilla.redhat.com/show_bug.cgi?id=429552 mantis-mostactive-xss(39801) ADV-2008-0232 28591 28577 SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. pix-asa-ttl-dos(39862) 1019263 1019262 27418 ADV-2008-0259 20080123 Cisco PIX and ASA Time-to-Live Vulnerability 28625 Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. 20080123 Default Passwords in the Application Velocity System ciscoavs-default-password-admin-account(39860) 1019259 27421 ADV-2008-0260 SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. 32379 27369 20081120 boastMachine v3.1 Remote Sql Injection ADV-2008-0227 boastmachine-mail-sql-injection(39813) 3563 Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/. 27380 ADV-2008-0230 28442 lamasoftware-myconf-file-include(39821) SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. 27377 4951 ADV-2008-0226 mooseguy-blog-sql-injection(39816) Absolute path traversal vulnerability in explorerdir.php in Frimousse 0.0.2 allows remote attackers to read arbitrary files and list arbitrary directories via a full pathname in the name parameter. frimousse-explorerdir-directory-traversal(39797) 27385 4943 ADV-2008-0216 Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PacerCMS before 0.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) headline, or (3) text field in a message. 27386 pacercms-submit-xss(39832) 20080122 PacerCMS Multiple Vulnerabilities (XSS/SQL) 28605 http://pacercms.sourceforge.net/index.php/2008/01/21/pacercms-061-streamlines-code-base-addresses-security-issue/ Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. bloofoxcms-file-directory-traversal(39795) 27361 ADV-2008-0218 28415 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code http://bugreport.ir/?/27 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure 4945 Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. bloofoxcms-index-sql-injection(39794) 27361 ADV-2008-0218 28415 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source code http://bugreport.ir/?/27 20080120 Bloofox CMS SQL Injection (Authentication bypass) , Source codedisclosure 4945 SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. 27381 6401 4956 ADV-2008-0231 28581 alstrasoft-indexphp-sql-injection(39820) SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. 360web-form-sql-injection(39796) 27364 4944 ADV-2008-0217 Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. 27379 4954 ADV-2008-0229 28436 idmos-download-directory-traversal(39823) Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. phpautovideo-index-xss(39771) 27346 20080118 Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities ADV-2008-0225 28580 3567 PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. phpautovideo-sidebar-file-include(39770) 27346 20080118 Agares PhpAutoVideo 2.21(XSS/RFI) Multiple Remote Vulnerabilities ADV-2008-0225 28580 3567 Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. axigen-aximilter-format-string(39803) 27363 20080120 AXIGEN 5.0.x AXIMilter Format String Exploit 4947 ADV-2008-0237 28562 20080120 AXIGEN 5.0.x AXIMilter Format String Exploit 3570 Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. 27375 4953 ADV-2008-0228 28582 ozjournals-id-directory-traversal(39815) Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. 27368 20080120 MegaBBS ASP Forum Cross-Site Scripting megabbs-upload-xss(39812) 3565 Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2) PortalAPIURL, or (3) cabroot property value. NOTE: some of these details are obtained from third party information. 27384 ADV-2008-0236 28595 20080122 HP Virtual Rooms WebHPVCInstall Control Multiple Buffer Overflows hpvirtualrooms-hpvirtualrooms14-activex-bo(39836) 4959 Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf. 27394 20080205 Re: PR07-38: XSS on sIFR 20080122 PR07-38: XSS on sIFR http://www.procheckup.com/Vulnerability_PR07-38.php sifr-fontname-xss(39835) 20080122 Re: PR07-38: XSS on sIFR 3571 http://novemberborn.net/sifr/2.0.3 Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. 20080122 DeluxeBB 1.1 XSS Vulnerabilitie deluxbb-attachmentsheader-xss(39829) 27401 3564 AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. 4956 IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in cleartext (1) after external authentication, which triggers writing the password to SM_server.log; and (2) after a reconfig action; which allows local users to obtain sensitive information. tbsm-reconfig-information-disclosure(39822) 1019250 27388 ADV-2008-0240 http://www-1.ibm.com/support/docview.wss?uid=swg24017939 28603 PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. 27383 28568 Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX control in FileUploader.dll 2.0.0.2 in Lycos FileUploader Module allows remote attackers to execute arbitrary code via a long HandwriterFilename property value. NOTE: some of these details are obtained from third party information. 27411 4967 ADV-2008-0253 28599 lycosfileuploader-fileuploader-activex-bo(39849) Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components. 27399 elog-subtext-xss(39828) ADV-2008-0265 28589 41681 http://midas.psi.ch/elog/download/ChangeLog