Vulnerabilities - Ax3 Software

Support

Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.

CAN-2008

Name: CVE-2008-0001

Description:
VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080117 rPSA-2008-0021-1 kernel
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486485/100/0/threaded
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16
Reference: CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2146
Reference: DEBIAN:DSA-1479
Reference: URL:http://www.debian.org/security/2008/dsa-1479
Reference: FEDORA:FEDORA-2008-0748
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00828.html
Reference: MANDRIVA:MDVSA-2008:044
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
Reference: MANDRIVA:MDVSA-2008:112
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
Reference: REDHAT:RHSA-2008:0089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0089.html
Reference: REDHAT:RHSA-2008:0055
Reference: URL:http://rhn.redhat.com/errata/RHSA-2008-0055.html
Reference: SUSE:SUSE-SA:2008:006
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
Reference: SUSE:SUSE-SA:2008:013
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
Reference: UBUNTU:USN-574-1
Reference: URL:http://www.ubuntu.com/usn/usn-574-1
Reference: UBUNTU:USN-578-1
Reference: URL:http://www.ubuntu.com/usn/usn-578-1
Reference: BID:27280
Reference: URL:http://www.securityfocus.com/bid/27280
Reference: FRSIRT:ADV-2008-0151
Reference: URL:http://www.frsirt.com/english/advisories/2008/0151
Reference: SECTRACK:1019289
Reference: URL:http://securitytracker.com/id?1019289
Reference: SECUNIA:28485
Reference: URL:http://secunia.com/advisories/28485
Reference: SECUNIA:28558
Reference: URL:http://secunia.com/advisories/28558
Reference: SECUNIA:28628
Reference: URL:http://secunia.com/advisories/28628
Reference: SECUNIA:28664
Reference: URL:http://secunia.com/advisories/28664
Reference: SECUNIA:28626
Reference: URL:http://secunia.com/advisories/28626
Reference: SECUNIA:28748
Reference: URL:http://secunia.com/advisories/28748
Reference: SECUNIA:28706
Reference: URL:http://secunia.com/advisories/28706
Reference: SECUNIA:28806
Reference: URL:http://secunia.com/advisories/28806
Reference: SECUNIA:28971
Reference: URL:http://secunia.com/advisories/28971
Reference: SECUNIA:28643
Reference: URL:http://secunia.com/advisories/28643
Reference: SECUNIA:29245
Reference: URL:http://secunia.com/advisories/29245
Reference: XF:linux-directory-security-bypass(39672)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39672

Votes:

Name: CVE-2008-0002

Description:
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080208 CVE-2008-0002: Tomcat information disclosure vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487812/100/0/threaded
Reference: CONFIRM:http://tomcat.apache.org/security-6.html
Reference: CONFIRM:http://support.apple.com/kb/HT3216
Reference: APPLE:APPLE-SA-2008-10-09
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Reference: FEDORA:FEDORA-2008-1467
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
Reference: FEDORA:FEDORA-2008-1603
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
Reference: GENTOO:GLSA-200804-10
Reference: URL:http://security.gentoo.org/glsa/glsa-200804-10.xml
Reference: BID:27703
Reference: URL:http://www.securityfocus.com/bid/27703
Reference: BID:31681
Reference: URL:http://www.securityfocus.com/bid/31681
Reference: FRSIRT:ADV-2008-0488
Reference: URL:http://www.frsirt.com/english/advisories/2008/0488
Reference: FRSIRT:ADV-2008-2780
Reference: URL:http://www.frsirt.com/english/advisories/2008/2780
Reference: SECUNIA:28834
Reference: URL:http://secunia.com/advisories/28834
Reference: SECUNIA:28915
Reference: URL:http://secunia.com/advisories/28915
Reference: SECUNIA:29711
Reference: URL:http://secunia.com/advisories/29711
Reference: SECUNIA:32222
Reference: URL:http://secunia.com/advisories/32222
Reference: SREASON:3638
Reference: URL:http://securityreason.com/securityalert/3638

Votes:

Name: CVE-2008-0003

Description:
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.

Status: Candidate
Phase: Assigned (20071203)
Reference: MLIST:[Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus
Reference: URL:http://lists.vmware.com/pipermail/security-announce/2008/000014.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=426578
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129
Reference: FEDORA:FEDORA-2008-0506
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00424.html
Reference: FEDORA:FEDORA-2008-0572
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00480.html
Reference: HP:HPSBMA02331
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
Reference: HP:SSRT080000
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01438409
Reference: REDHAT:RHSA-2008:0002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0002.html
Reference: VIM:20080115 vuldb confusion between OpenPegasus issues
Reference: URL:http://www.attrition.org/pipermail/vim/2008-January/001879.html
Reference: BID:27172
Reference: URL:http://www.securityfocus.com/bid/27172
Reference: BID:27188
Reference: URL:http://www.securityfocus.com/bid/27188
Reference: FRSIRT:ADV-2008-0063
Reference: URL:http://www.frsirt.com/english/advisories/2008/0063
Reference: FRSIRT:ADV-2008-0638
Reference: URL:http://www.frsirt.com/english/advisories/2008/0638
Reference: FRSIRT:ADV-2008-1234
Reference: URL:http://www.frsirt.com/english/advisories/2008/1234/references
Reference: FRSIRT:ADV-2008-1391
Reference: URL:http://www.frsirt.com/english/advisories/2008/1391/references
Reference: SECTRACK:1019159
Reference: URL:http://securitytracker.com/id?1019159
Reference: SECUNIA:28338
Reference: URL:http://secunia.com/advisories/28338
Reference: SECUNIA:28462
Reference: URL:http://secunia.com/advisories/28462
Reference: SECUNIA:29056
Reference: URL:http://secunia.com/advisories/29056
Reference: SECUNIA:29785
Reference: URL:http://secunia.com/advisories/29785
Reference: SECUNIA:29986
Reference: URL:http://secunia.com/advisories/29986
Reference: XF:openpegasus-pambasic-bo(39527)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39527

Votes:

Name: CVE-2008-0004

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20071203)

Votes:

Name: CVE-2008-0005

Description:
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Status: Candidate
Phase: Assigned (20071203)
Reference: SREASONRES:20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability
Reference: URL:http://securityreason.com/achievement_securityalert/49
Reference: BUGTRAQ:20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486167/100/0/threaded
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: FEDORA:FEDORA-2008-1695
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
Reference: FEDORA:FEDORA-2008-1711
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
Reference: GENTOO:GLSA-200803-19
Reference: URL:http://security.gentoo.org/glsa/glsa-200803-19.xml
Reference: MANDRIVA:MDVSA-2008:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
Reference: MANDRIVA:MDVSA-2008:015
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
Reference: MANDRIVA:MDVSA-2008:016
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
Reference: REDHAT:RHSA-2008:0004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0004.html
Reference: REDHAT:RHSA-2008:0005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0005.html
Reference: REDHAT:RHSA-2008:0006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0006.html
Reference: REDHAT:RHSA-2008:0007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0007.html
Reference: REDHAT:RHSA-2008:0008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0008.html
Reference: REDHAT:RHSA-2008:0009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0009.html
Reference: SUSE:SUSE-SA:2008:021
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Reference: UBUNTU:USN-575-1
Reference: URL:http://www.ubuntu.com/usn/usn-575-1
Reference: BID:27234
Reference: URL:http://www.securityfocus.com/bid/27234
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: FRSIRT:ADV-2008-1875
Reference: URL:http://www.frsirt.com/english/advisories/2008/1875/references
Reference: SECTRACK:1019185
Reference: URL:http://www.securitytracker.com/id?1019185
Reference: SECUNIA:28467
Reference: URL:http://secunia.com/advisories/28467
Reference: SECUNIA:28471
Reference: URL:http://secunia.com/advisories/28471
Reference: SECUNIA:28526
Reference: URL:http://secunia.com/advisories/28526
Reference: SECUNIA:28607
Reference: URL:http://secunia.com/advisories/28607
Reference: SECUNIA:28749
Reference: URL:http://secunia.com/advisories/28749
Reference: SECUNIA:28977
Reference: URL:http://secunia.com/advisories/28977
Reference: SECUNIA:29348
Reference: URL:http://secunia.com/advisories/29348
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29640
Reference: URL:http://secunia.com/advisories/29640
Reference: SREASON:3526
Reference: URL:http://securityreason.com/securityalert/3526
Reference: XF:apache-modproxyftp-utf7-xss(39615)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39615

Votes:

Name: CVE-2008-0006

Description:
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487335/100/0/threaded
Reference: MLIST:[xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server
Reference: URL:http://lists.freedesktop.org/archives/xorg/2008-January/031918.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=204362
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=428044
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2010
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: FEDORA:FEDORA-2008-0760
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00641.html
Reference: FEDORA:FEDORA-2008-0794
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00674.html
Reference: FEDORA:FEDORA-2008-0831
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00704.html
Reference: FEDORA:FEDORA-2008-0891
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00771.html
Reference: GENTOO:GLSA-200801-09
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-09.xml
Reference: GENTOO:GLSA-200804-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200804-05.xml
Reference: GENTOO:GLSA-200805-07
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
Reference: MANDRIVA:MDVSA-2008:021
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:021
Reference: MANDRIVA:MDVSA-2008:022
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:022
Reference: MANDRIVA:MDVSA-2008:024
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:024
Reference: OPENBSD:[4.1] 20080208 012: SECURITY FIX: February 8, 2008
Reference: URL:http://www.openbsd.org/errata41.html#012_xorg
Reference: OPENBSD:[4.2] 20080208 006: SECURITY FIX: February 8, 2008
Reference: URL:http://www.openbsd.org/errata42.html#006_xorg
Reference: REDHAT:RHSA-2008:0029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0029.html
Reference: REDHAT:RHSA-2008:0030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0030.html
Reference: REDHAT:RHSA-2008:0064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0064.html
Reference: SUNALERT:103192
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1
Reference: SUNALERT:201230
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-201230-1
Reference: SUSE:SUSE-SA:2008:003
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html
Reference: SUSE:SUSE-SR:2008:008
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
Reference: UBUNTU:USN-571-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-571-1
Reference: CERT-VN:VU#203220
Reference: URL:http://www.kb.cert.org/vuls/id/203220
Reference: BID:27336
Reference: URL:http://www.securityfocus.com/bid/27336
Reference: BID:27352
Reference: URL:http://www.securityfocus.com/bid/27352
Reference: FRSIRT:ADV-2008-0179
Reference: URL:http://www.frsirt.com/english/advisories/2008/0179
Reference: FRSIRT:ADV-2008-0184
Reference: URL:http://www.frsirt.com/english/advisories/2008/0184
Reference: FRSIRT:ADV-2008-0497
Reference: URL:http://www.frsirt.com/english/advisories/2008/0497/references
Reference: FRSIRT:ADV-2008-0703
Reference: URL:http://www.frsirt.com/english/advisories/2008/0703
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: SECTRACK:1019232
Reference: URL:http://securitytracker.com/id?1019232
Reference: SECUNIA:28532
Reference: URL:http://secunia.com/advisories/28532
Reference: SECUNIA:28535
Reference: URL:http://secunia.com/advisories/28535
Reference: SECUNIA:28536
Reference: URL:http://secunia.com/advisories/28536
Reference: SECUNIA:28540
Reference: URL:http://secunia.com/advisories/28540
Reference: SECUNIA:28542
Reference: URL:http://secunia.com/advisories/28542
Reference: SECUNIA:28544
Reference: URL:http://secunia.com/advisories/28544
Reference: SECUNIA:28550
Reference: URL:http://secunia.com/advisories/28550
Reference: SECUNIA:28273
Reference: URL:http://secunia.com/advisories/28273
Reference: SECUNIA:28500
Reference: URL:http://secunia.com/advisories/28500
Reference: SECUNIA:28592
Reference: URL:http://secunia.com/advisories/28592
Reference: SECUNIA:28571
Reference: URL:http://secunia.com/advisories/28571
Reference: SECUNIA:28621
Reference: URL:http://secunia.com/advisories/28621
Reference: SECUNIA:28718
Reference: URL:http://secunia.com/advisories/28718
Reference: SECUNIA:28843
Reference: URL:http://secunia.com/advisories/28843
Reference: SECUNIA:28885
Reference: URL:http://secunia.com/advisories/28885
Reference: SECUNIA:28941
Reference: URL:http://secunia.com/advisories/28941
Reference: SECUNIA:29139
Reference: URL:http://secunia.com/advisories/29139
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29622
Reference: URL:http://secunia.com/advisories/29622
Reference: SECUNIA:29707
Reference: URL:http://secunia.com/advisories/29707
Reference: SECUNIA:30161
Reference: URL:http://secunia.com/advisories/30161
Reference: XF:xorg-pcffont-bo(39767)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39767

Votes:

Name: CVE-2008-0007

Description:
Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080208 rPSA-2008-0048-1 kernel
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487808/100/0/threaded
Reference: MLIST:[linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
Reference: URL:http://lkml.org/lkml/2008/2/6/457
Reference: MLIST:[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix
Reference: URL:http://lists.vmware.com/pipermail/security-announce/2008/000023.html
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
Reference: CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
Reference: DEBIAN:DSA-1503
Reference: URL:http://www.debian.org/security/2008/dsa-1503
Reference: DEBIAN:DSA-1504
Reference: URL:http://www.debian.org/security/2008/dsa-1504
Reference: MANDRIVA:MDVSA-2008:044
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:044
Reference: MANDRIVA:MDVSA-2008:072
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:072
Reference: MANDRIVA:MDVSA-2008:112
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:112
Reference: MANDRIVA:MDVSA-2008:174
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
Reference: REDHAT:RHSA-2008:0211
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0211.html
Reference: REDHAT:RHSA-2008:0233
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0233.html
Reference: REDHAT:RHSA-2008:0237
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0237.html
Reference: SUSE:SUSE-SA:2008:006
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
Reference: SUSE:SUSE-SA:2008:017
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
Reference: UBUNTU:USN-618-1
Reference: URL:http://www.ubuntu.com/usn/usn-618-1
Reference: BID:27686
Reference: URL:http://www.securityfocus.com/bid/27686
Reference: BID:27705
Reference: URL:http://www.securityfocus.com/bid/27705
Reference: FRSIRT:ADV-2008-0445
Reference: URL:http://www.frsirt.com/english/advisories/2008/0445/references
Reference: FRSIRT:ADV-2008-2222
Reference: URL:http://www.frsirt.com/english/advisories/2008/2222/references
Reference: SECTRACK:1019357
Reference: URL:http://securitytracker.com/id?1019357
Reference: SECUNIA:28806
Reference: URL:http://secunia.com/advisories/28806
Reference: SECUNIA:28826
Reference: URL:http://secunia.com/advisories/28826
Reference: SECUNIA:29058
Reference: URL:http://secunia.com/advisories/29058
Reference: SECUNIA:29570
Reference: URL:http://secunia.com/advisories/29570
Reference: SECUNIA:30769
Reference: URL:http://secunia.com/advisories/30769
Reference: SECUNIA:31246
Reference: URL:http://secunia.com/advisories/31246

Votes:

Name: CVE-2008-0008

Description:
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.

Status: Candidate
Phase: Assigned (20071203)
Reference: MLIST:[pulseaudio-discuss] 20080124 [ANNOUNCE] PulseAudio 0.9.9
Reference: URL:https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
Reference: CONFIRM:http://pulseaudio.org/changeset/2100
Reference: CONFIRM:https://bugzilla.novell.com/show_bug.cgi?id=347822
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=425481
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=207214
Reference: DEBIAN:DSA-1476
Reference: URL:http://www.debian.org/security/2008/dsa-1476
Reference: FEDORA:FEDORA-2008-0963
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html
Reference: FEDORA:FEDORA-2008-0994
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html
Reference: GENTOO:GLSA-200802-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200802-07.xml
Reference: MANDRIVA:MDVSA-2008:027
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:027
Reference: UBUNTU:USN-573-1
Reference: URL:http://www.ubuntu.com/usn/usn-573-1
Reference: BID:27449
Reference: URL:http://www.securityfocus.com/bid/27449
Reference: FRSIRT:ADV-2008-0283
Reference: URL:http://www.frsirt.com/english/advisories/2008/0283
Reference: SECUNIA:28623
Reference: URL:http://secunia.com/advisories/28623
Reference: SECUNIA:28608
Reference: URL:http://secunia.com/advisories/28608
Reference: SECUNIA:28738
Reference: URL:http://secunia.com/advisories/28738
Reference: SECUNIA:28952
Reference: URL:http://secunia.com/advisories/28952
Reference: XF:pulseaudio-padroproot-privilege-escalation(39992)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39992

Votes:

Name: CVE-2008-0009

Description:
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487982/100/0/threaded
Reference: MISC:http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=431206
Reference: FEDORA:FEDORA-2008-1422
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
Reference: FEDORA:FEDORA-2008-1423
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
Reference: BID:27704
Reference: URL:http://www.securityfocus.com/bid/27704
Reference: BID:27799
Reference: URL:http://www.securityfocus.com/bid/27799
Reference: FRSIRT:ADV-2008-0487
Reference: URL:http://www.frsirt.com/english/advisories/2008/0487/references
Reference: SECUNIA:28835
Reference: URL:http://secunia.com/advisories/28835
Reference: SECUNIA:28896
Reference: URL:http://secunia.com/advisories/28896

Votes:

Name: CVE-2008-0010

Description:
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.

Status: Candidate
Phase: Assigned (20071203)
Reference: BUGTRAQ:20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487982/100/0/threaded
Reference: MISC:http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1
Reference: MILW0RM:5093
Reference: URL:http://www.milw0rm.com/exploits/5093
Reference: DEBIAN:DSA-1494
Reference: URL:http://www.debian.org/security/2008/dsa-1494
Reference: FEDORA:FEDORA-2008-1422
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00254.html
Reference: FEDORA:FEDORA-2008-1423
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00255.html
Reference: BID:27704
Reference: URL:http://www.securityfocus.com/bid/27704
Reference: BID:27796
Reference: URL:http://www.securityfocus.com/bid/27796
Reference: FRSIRT:ADV-2008-0487
Reference: URL:http://www.frsirt.com/english/advisories/2008/0487/references
Reference: SECUNIA:28835
Reference: URL:http://secunia.com/advisories/28835
Reference: SECUNIA:28875
Reference: URL:http://secunia.com/advisories/28875
Reference: SECUNIA:28896
Reference: URL:http://secunia.com/advisories/28896

Votes:

Name: CVE-2008-0011

Description:
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."

Status: Candidate
Phase: Assigned (20071213)
Reference: MS:MS08-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
Reference: CERT:TA08-162B
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-162B.html
Reference: BID:29581
Reference: URL:http://www.securityfocus.com/bid/29581
Reference: FRSIRT:ADV-2008-1780
Reference: URL:http://www.frsirt.com/english/advisories/2008/1780
Reference: SECTRACK:1020222
Reference: URL:http://securitytracker.com/id?1020222
Reference: SECUNIA:30579
Reference: URL:http://secunia.com/advisories/30579

Votes:

Name: CVE-2008-0012

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0013

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0014

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0015

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0016

Description:
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.

Status: Candidate
Phase: Assigned (20071213)
Reference: CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=443288
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=451617
Reference: CONFIRM:http://download.novell.com/Download?buildid=WZXONb-tqBw~
Reference: FEDORA:FEDORA-2008-8401
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
Reference: FEDORA:FEDORA-2008-8429
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Reference: MANDRIVA:MDVSA-2008:205
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
Reference: REDHAT:RHSA-2008:0908
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0908.html
Reference: SLACKWARE:SSA:2008-269-01
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
Reference: SLACKWARE:SSA:2008-269-02
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
Reference: SLACKWARE:SSA:2008-270-01
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
Reference: SUSE:SUSE-SA:2008:050
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
Reference: BID:31397
Reference: URL:http://www.securityfocus.com/bid/31397
Reference: SECUNIA:32042
Reference: URL:http://secunia.com/advisories/32042
Reference: SECUNIA:32092
Reference: URL:http://secunia.com/advisories/32092
Reference: SECUNIA:32144
Reference: URL:http://secunia.com/advisories/32144
Reference: SECUNIA:32044
Reference: URL:http://secunia.com/advisories/32044
Reference: SECUNIA:32082
Reference: URL:http://secunia.com/advisories/32082

Votes:

Name: CVE-2008-0017

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0018

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0019

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0020

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0021

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0022

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0023

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0024

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0025

Status: Candidate
Phase: Assigned (20071213)

Votes:

Name: CVE-2008-0026

Description:
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

Status: Candidate
Phase: Assigned (20071217)
Reference: CISCO:20080213 SQL injection in Cisco Unified Communications Manager
Reference: URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7c.shtml
Reference: BID:27775
Reference: URL:http://www.securityfocus.com/bid/27775
Reference: FRSIRT:ADV-2008-0542
Reference: URL:http://www.frsirt.com/english/advisories/2008/0542
Reference: SECTRACK:1019404
Reference: URL:http://www.securitytracker.com/id?1019404
Reference: SECUNIA:28932
Reference: URL:http://secunia.com/advisories/28932
Reference: XF:cucm-interface-sql-injection(40484)
Reference: URL:http://xforce.iss.net/xforce/xfdb/40484

Votes:

Name: CVE-2008-0027

Description:
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.

Status: Candidate
Phase: Assigned (20071217)
Reference: BUGTRAQ:20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486432/100/0/threaded
Reference: MISC:http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
Reference: CISCO:20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow
Reference: URL:http://www.cisco.com/en/US/products/products_security_advisory09186a0080932c61.shtml
Reference: BID:27313
Reference: URL:http://www.securityfocus.com/bid/27313
Reference: FRSIRT:ADV-2008-0171
Reference: URL:http://www.frsirt.com/english/advisories/2008/0171
Reference: SECTRACK:1019223
Reference: URL:http://www.securitytracker.com/id?1019223
Reference: SECUNIA:28530
Reference: URL:http://secunia.com/advisories/28530
Reference: SREASON:3551
Reference: URL:http://securityreason.com/securityalert/3551
Reference: XF:cisco-cucm-ctl-bo(39704)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39704

Votes:

Name: CVE-2008-0028

Description:
Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet.

Status: Candidate
Phase: Assigned (20071217)
Reference: CISCO:20080123 Cisco PIX and ASA Time-to-Live Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml
Reference: BID:27418
Reference: URL:http://www.securityfocus.com/bid/27418
Reference: FRSIRT:ADV-2008-0259
Reference: URL:http://www.frsirt.com/english/advisories/2008/0259
Reference: SECTRACK:1019262
Reference: URL:http://www.securitytracker.com/id?1019262
Reference: SECTRACK:1019263
Reference: URL:http://www.securitytracker.com/id?1019263
Reference: SECUNIA:28625
Reference: URL:http://secunia.com/advisories/28625
Reference: XF:pix-asa-ttl-dos(39862)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39862

Votes:

Name: CVE-2008-0029

Description:
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.

Status: Candidate
Phase: Assigned (20071217)
Reference: CISCO:20080123 Default Passwords in the Application Velocity System
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
Reference: BID:27421
Reference: URL:http://www.securityfocus.com/bid/27421
Reference: FRSIRT:ADV-2008-0260
Reference: URL:http://www.frsirt.com/english/advisories/2008/0260
Reference: SECTRACK:1019259
Reference: URL:http://www.securitytracker.com/id?1019259
Reference: XF:ciscoavs-default-password-admin-account(39860)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39860

Votes:

Name: CVE-2008-0030

Status: Candidate
Phase: Assigned (20071217)

Votes:

Name: CVE-2008-0031

Description:
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execurte arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20080103)
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307301
Reference: CERT:TA08-016A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-016A.html
Reference: BID:27298
Reference: URL:http://www.securityfocus.com/bid/27298
Reference: FRSIRT:ADV-2008-0148
Reference: URL:http://www.frsirt.com/english/advisories/2008/0148
Reference: SECTRACK:1019221
Reference: URL:http://www.securitytracker.com/id?1019221
Reference: SECUNIA:28502
Reference: URL:http://secunia.com/advisories/28502
Reference: XF:quicktime-sorenson-code-execution(39695)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39695

Votes:

Name: CVE-2008-0032

Description:
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

Status: Candidate
Phase: Assigned (20080103)
Reference: IDEFENSE:20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307301
Reference: CERT:TA08-016A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-016A.html
Reference: BID:27301
Reference: URL:http://www.securityfocus.com/bid/27301
Reference: FRSIRT:ADV-2008-0148
Reference: URL:http://www.frsirt.com/english/advisories/2008/0148
Reference: SECTRACK:1019221
Reference: URL:http://www.securitytracker.com/id?1019221
Reference: SECUNIA:28502
Reference: URL:http://secunia.com/advisories/28502
Reference: XF:quicktime-macintosh-code-execution(39696)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39696

Votes:

Name: CVE-2008-0033

Description:
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486413/100/0/threaded
Reference: MISC:http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307301
Reference: CERT:TA08-016A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-016A.html
Reference: BID:27299
Reference: URL:http://www.securityfocus.com/bid/27299
Reference: FRSIRT:ADV-2008-0148
Reference: URL:http://www.frsirt.com/english/advisories/2008/0148
Reference: SECTRACK:1019221
Reference: URL:http://www.securitytracker.com/id?1019221
Reference: SECUNIA:28502
Reference: URL:http://secunia.com/advisories/28502
Reference: XF:quicktime-idsc-code-execution(39697)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39697

Votes:

Name: CVE-2008-0034

Description:
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.

Status: Candidate
Phase: Assigned (20080103)
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307302
Reference: BID:27297
Reference: URL:http://www.securityfocus.com/bid/27297
Reference: FRSIRT:ADV-2008-0147
Reference: URL:http://www.frsirt.com/english/advisories/2008/0147
Reference: SECTRACK:1019219
Reference: URL:http://www.securitytracker.com/id?1019219
Reference: SECUNIA:28497
Reference: URL:http://secunia.com/advisories/28497
Reference: XF:iphone-passcode-lock-security-bypass(39701)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39701

Votes:

Name: CVE-2008-0035

Description:
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307430
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html
Reference: APPLE:APPLE-SA-2008-02-11
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307302
Reference: CERT:TA08-043B
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043B.html
Reference: BID:27296
Reference: URL:http://www.securityfocus.com/bid/27296
Reference: FRSIRT:ADV-2008-0147
Reference: URL:http://www.frsirt.com/english/advisories/2008/0147
Reference: FRSIRT:ADV-2008-0495
Reference: URL:http://www.frsirt.com/english/advisories/2008/0495/references
Reference: SECTRACK:1019220
Reference: URL:http://www.securitytracker.com/id?1019220
Reference: SECUNIA:28497
Reference: URL:http://secunia.com/advisories/28497
Reference: SECUNIA:28891
Reference: URL:http://secunia.com/advisories/28891
Reference: XF:iphone-ipod-foundation-code-execution(39700)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39700

Votes:

Name: CVE-2008-0036

Description:
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

Status: Candidate
Phase: Assigned (20080103)
Reference: APPLE:APPLE-SA-2008-01-15
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Jan/msg00001.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307301
Reference: CERT:TA08-016A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-016A.html
Reference: BID:27300
Reference: URL:http://www.securityfocus.com/bid/27300
Reference: FRSIRT:ADV-2008-0148
Reference: URL:http://www.frsirt.com/english/advisories/2008/0148
Reference: FRSIRT:ADV-2008-2064
Reference: URL:http://www.frsirt.com/english/advisories/2008/2064/references
Reference: SECTRACK:1019221
Reference: URL:http://www.securitytracker.com/id?1019221
Reference: SECUNIA:28502
Reference: URL:http://secunia.com/advisories/28502
Reference: SECUNIA:31034
Reference: URL:http://secunia.com/advisories/31034
Reference: XF:quicktime-pict-bo(39698)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39698

Votes:

Name: CVE-2008-0037

Description:
X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.

Votes:

Name: CVE-2008-0038

Description:
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

Votes:

Name: CVE-2008-0039

Description:
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.

Votes:

Name: CVE-2008-0040

Description:
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.

Votes:

Name: CVE-2008-0041

Description:
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.

Votes:

Name: CVE-2008-0042

Description:
Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

Votes:

Name: CVE-2008-0043

Description:
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307398
Reference: APPLE:APPLE-SA-2008-02-05
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Feb/msg00000.html
Reference: BID:27636
Reference: URL:http://www.securityfocus.com/bid/27636
Reference: FRSIRT:ADV-2008-0428
Reference: URL:http://www.frsirt.com/english/advisories/2008/0428/references
Reference: SECTRACK:1019307
Reference: URL:http://www.securitytracker.com/id?1019307
Reference: SECUNIA:28805
Reference: URL:http://secunia.com/advisories/28805

Votes:

Name: CVE-2008-0044

Description:
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.

Votes:

Name: CVE-2008-0045

Description:
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

Votes:

Name: CVE-2008-0046

Description:
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.

Votes:

Name: CVE-2008-0047

Description:
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

Status: Candidate
Phase: Assigned (20080103)
Reference: IDEFENSE:20080318 Multiple Vendor CUPS CGI Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: DEBIAN:DSA-1530
Reference: URL:http://www.debian.org/security/2008/dsa-1530
Reference: FEDORA:FEDORA-2008-2131
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html
Reference: FEDORA:FEDORA-2008-2897
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
Reference: GENTOO:GLSA-200804-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200804-01.xml
Reference: MANDRIVA:MDVSA-2008:081
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
Reference: REDHAT:RHSA-2008:0192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0192.html
Reference: SUSE:SUSE-SA:2008:015
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html
Reference: UBUNTU:USN-598-1
Reference: URL:http://www.ubuntu.com/usn/usn-598-1
Reference: CERT:TA08-079A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Reference: BID:28307
Reference: URL:http://www.securityfocus.com/bid/28307
Reference: FRSIRT:ADV-2008-0921
Reference: URL:http://www.frsirt.com/english/advisories/2008/0921/references
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: SECTRACK:1019646
Reference: URL:http://www.securitytracker.com/id?1019646
Reference: SECUNIA:29431
Reference: URL:http://secunia.com/advisories/29431
Reference: SECUNIA:29448
Reference: URL:http://secunia.com/advisories/29448
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29485
Reference: URL:http://secunia.com/advisories/29485
Reference: SECUNIA:29634
Reference: URL:http://secunia.com/advisories/29634
Reference: SECUNIA:29573
Reference: URL:http://secunia.com/advisories/29573
Reference: SECUNIA:29603
Reference: URL:http://secunia.com/advisories/29603
Reference: SECUNIA:29655
Reference: URL:http://secunia.com/advisories/29655
Reference: SECUNIA:29750
Reference: URL:http://secunia.com/advisories/29750

Votes:

Name: CVE-2008-0048

Description:
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.

Votes:

Name: CVE-2008-0049

Description:
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.

Votes:

Name: CVE-2008-0050

Description:
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307563
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: APPLE:APPLE-SA-2008-07-11
Reference: URL:http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
Reference: CERT:TA08-079A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Reference: BID:28290
Reference: URL:http://www.securityfocus.com/bid/28290
Reference: BID:28356
Reference: URL:http://www.securityfocus.com/bid/28356
Reference: FRSIRT:ADV-2008-0920
Reference: URL:http://www.frsirt.com/english/advisories/2008/0920/references
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: FRSIRT:ADV-2008-2094
Reference: URL:http://www.frsirt.com/english/advisories/2008/2094/references
Reference: SECTRACK:1019655
Reference: URL:http://www.securitytracker.com/id?1019655
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:31074
Reference: URL:http://secunia.com/advisories/31074
Reference: XF:macos-cfnetwork-502badgateway-spoofing(41313)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41313

Votes:

Name: CVE-2008-0051

Description:
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

Votes:

Name: CVE-2008-0052

Description:
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

Votes:

Name: CVE-2008-0053

Description:
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: DEBIAN:DSA-1625
Reference: URL:http://www.debian.org/security/2008/dsa-1625
Reference: FEDORA:FEDORA-2008-2897
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html
Reference: GENTOO:GLSA-200804-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200804-01.xml
Reference: MANDRIVA:MDVSA-2008:081
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:081
Reference: REDHAT:RHSA-2008:0192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0192.html
Reference: REDHAT:RHSA-2008:0206
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0206.html
Reference: SUSE:SUSE-SA:2008:020
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00003.html
Reference: UBUNTU:USN-598-1
Reference: URL:http://www.ubuntu.com/usn/usn-598-1
Reference: CERT:TA08-079A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-079A.html
Reference: BID:28334
Reference: URL:http://www.securityfocus.com/bid/28334
Reference: BID:28304
Reference: URL:http://www.securityfocus.com/bid/28304
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: SECTRACK:1019672
Reference: URL:http://www.securitytracker.com/id?1019672
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29634
Reference: URL:http://secunia.com/advisories/29634
Reference: SECUNIA:29573
Reference: URL:http://secunia.com/advisories/29573
Reference: SECUNIA:29603
Reference: URL:http://secunia.com/advisories/29603
Reference: SECUNIA:29630
Reference: URL:http://secunia.com/advisories/29630
Reference: SECUNIA:29655
Reference: URL:http://secunia.com/advisories/29655
Reference: SECUNIA:29750
Reference: URL:http://secunia.com/advisories/29750
Reference: SECUNIA:29659
Reference: URL:http://secunia.com/advisories/29659
Reference: SECUNIA:31324
Reference: URL:http://secunia.com/advisories/31324
Reference: XF:macos-cups-inputvalidation-unspecified(41272)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41272

Votes:

Name: CVE-2008-0054

Description:
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.

Votes:

Name: CVE-2008-0055

Description:
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

Votes:

Name: CVE-2008-0056

Description:
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

Votes:

Name: CVE-2008-0057

Description:
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.

Votes:

Name: CVE-2008-0058

Description:
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

Votes:

Name: CVE-2008-0059

Description:
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

Votes:

Name: CVE-2008-0060

Description:
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.

Votes:

Name: CVE-2008-0061

Description:
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
Reference: CONFIRM:http://www.maradns.org/changelog.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=204351
Reference: DEBIAN:DSA-1445
Reference: URL:http://www.debian.org/security/2008/dsa-1445
Reference: GENTOO:GLSA-200801-16
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-16.xml
Reference: BID:27124
Reference: URL:http://www.securityfocus.com/bid/27124
Reference: FRSIRT:ADV-2008-0026
Reference: URL:http://www.frsirt.com/english/advisories/2008/0026
Reference: SECUNIA:28329
Reference: URL:http://secunia.com/advisories/28329
Reference: SECUNIA:28334
Reference: URL:http://secunia.com/advisories/28334
Reference: SECUNIA:28650
Reference: URL:http://secunia.com/advisories/28650

Votes:

Name: CVE-2008-0062

Description:
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
Reference: URL:http://www.securityfocus.com/archive/1/489761
Reference: BUGTRAQ:20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
Reference: BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0112
Reference: CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
Reference: CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
Reference: CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
Reference: CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: DEBIAN:DSA-1524
Reference: URL:http://www.debian.org/security/2008/dsa-1524
Reference: FEDORA:FEDORA-2008-2637
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
Reference: FEDORA:FEDORA-2008-2647
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
Reference: GENTOO:GLSA-200803-31
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
Reference: MANDRIVA:MDVSA-2008:070
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Reference: MANDRIVA:MDVSA-2008:071
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
Reference: MANDRIVA:MDVSA-2008:069
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Reference: REDHAT:RHSA-2008:0164
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0164.html
Reference: REDHAT:RHSA-2008:0180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0180.html
Reference: REDHAT:RHSA-2008:0181
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0181.html
Reference: REDHAT:RHSA-2008:0182
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0182.html
Reference: SUSE:SUSE-SA:2008:016
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
Reference: UBUNTU:USN-587-1
Reference: URL:http://www.ubuntu.com/usn/usn-587-1
Reference: CERT-VN:VU#895609
Reference: URL:http://www.kb.cert.org/vuls/id/895609
Reference: BID:28303
Reference: URL:http://www.securityfocus.com/bid/28303
Reference: FRSIRT:ADV-2008-0922
Reference: URL:http://www.frsirt.com/english/advisories/2008/0922/references
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: FRSIRT:ADV-2008-1102
Reference: URL:http://www.frsirt.com/english/advisories/2008/1102/references
Reference: FRSIRT:ADV-2008-1744
Reference: URL:http://www.frsirt.com/english/advisories/2008/1744
Reference: SECTRACK:1019626
Reference: URL:http://www.securitytracker.com/id?1019626
Reference: SECUNIA:29428
Reference: URL:http://secunia.com/advisories/29428
Reference: SECUNIA:29438
Reference: URL:http://secunia.com/advisories/29438
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29435
Reference: URL:http://secunia.com/advisories/29435
Reference: SECUNIA:29450
Reference: URL:http://secunia.com/advisories/29450
Reference: SECUNIA:29451
Reference: URL:http://secunia.com/advisories/29451
Reference: SECUNIA:29457
Reference: URL:http://secunia.com/advisories/29457
Reference: SECUNIA:29464
Reference: URL:http://secunia.com/advisories/29464
Reference: SECUNIA:29423
Reference: URL:http://secunia.com/advisories/29423
Reference: SECUNIA:29462
Reference: URL:http://secunia.com/advisories/29462
Reference: SECUNIA:29516
Reference: URL:http://secunia.com/advisories/29516
Reference: SECUNIA:29663
Reference: URL:http://secunia.com/advisories/29663
Reference: SECUNIA:29424
Reference: URL:http://secunia.com/advisories/29424
Reference: SECUNIA:30535
Reference: URL:http://secunia.com/advisories/30535
Reference: XF:krb5-kdc-code-execution(41275)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41275

Votes:

Name: CVE-2008-0063

Description:
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc
Reference: URL:http://www.securityfocus.com/archive/1/489761
Reference: BUGTRAQ:20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489883/100/0/threaded
Reference: BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded
Reference: CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0112
Reference: CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112
Reference: CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html
Reference: CONFIRM:http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html
Reference: CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: DEBIAN:DSA-1524
Reference: URL:http://www.debian.org/security/2008/dsa-1524
Reference: FEDORA:FEDORA-2008-2637
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00537.html
Reference: FEDORA:FEDORA-2008-2647
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00544.html
Reference: GENTOO:GLSA-200803-31
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200803-31.xml
Reference: MANDRIVA:MDVSA-2008:070
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:070
Reference: MANDRIVA:MDVSA-2008:071
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:071
Reference: MANDRIVA:MDVSA-2008:069
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:069
Reference: REDHAT:RHSA-2008:0164
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0164.html
Reference: REDHAT:RHSA-2008:0180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0180.html
Reference: REDHAT:RHSA-2008:0181
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0181.html
Reference: REDHAT:RHSA-2008:0182
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0182.html
Reference: SUSE:SUSE-SA:2008:016
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00006.html
Reference: UBUNTU:USN-587-1
Reference: URL:http://www.ubuntu.com/usn/usn-587-1
Reference: BID:28303
Reference: URL:http://www.securityfocus.com/bid/28303
Reference: FRSIRT:ADV-2008-0922
Reference: URL:http://www.frsirt.com/english/advisories/2008/0922/references
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: FRSIRT:ADV-2008-1102
Reference: URL:http://www.frsirt.com/english/advisories/2008/1102/references
Reference: FRSIRT:ADV-2008-1744
Reference: URL:http://www.frsirt.com/english/advisories/2008/1744
Reference: SECTRACK:1019627
Reference: URL:http://www.securitytracker.com/id?1019627
Reference: SECUNIA:29428
Reference: URL:http://secunia.com/advisories/29428
Reference: SECUNIA:29438
Reference: URL:http://secunia.com/advisories/29438
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420
Reference: SECUNIA:29435
Reference: URL:http://secunia.com/advisories/29435
Reference: SECUNIA:29450
Reference: URL:http://secunia.com/advisories/29450
Reference: SECUNIA:29451
Reference: URL:http://secunia.com/advisories/29451
Reference: SECUNIA:29457
Reference: URL:http://secunia.com/advisories/29457
Reference: SECUNIA:29464
Reference: URL:http://secunia.com/advisories/29464
Reference: SECUNIA:29423
Reference: URL:http://secunia.com/advisories/29423
Reference: SECUNIA:29462
Reference: URL:http://secunia.com/advisories/29462
Reference: SECUNIA:29516
Reference: URL:http://secunia.com/advisories/29516
Reference: SECUNIA:29663
Reference: URL:http://secunia.com/advisories/29663
Reference: SECUNIA:29424
Reference: URL:http://secunia.com/advisories/29424
Reference: SECUNIA:30535
Reference: URL:http://secunia.com/advisories/30535
Reference: XF:krb5-kdc-kerberos4-info-disclosure(41277)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41277

Votes:

Name: CVE-2008-0064

Description:
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.

Status: Candidate
Phase: Assigned (20080103)
Reference: MISC:http://secunia.com/secunia_research/2008-1/advisory
Reference: BID:27514
Reference: URL:http://www.securityfocus.com/bid/27514
Reference: FRSIRT:ADV-2008-0328
Reference: URL:http://www.frsirt.com/english/advisories/2008/0328
Reference: FRSIRT:ADV-2008-0329
Reference: URL:http://www.frsirt.com/english/advisories/2008/0329
Reference: SECUNIA:28326
Reference: URL:http://secunia.com/advisories/28326
Reference: SECUNIA:28710
Reference: URL:http://secunia.com/advisories/28710

Votes:

Name: CVE-2008-0065

Description:
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.

Status: Candidate
Phase: Assigned (20080103)
Reference: MISC:http://secunia.com/secunia_research/2008-2/advisory/
Reference: CONFIRM:http://www.winamp.com/player/version-history
Reference: BID:27344
Reference: URL:http://www.securityfocus.com/bid/27344
Reference: FRSIRT:ADV-2008-0183
Reference: URL:http://www.frsirt.com/english/advisories/2008/0183
Reference: SECUNIA:27865
Reference: URL:http://secunia.com/advisories/27865
Reference: XF:winamp-inmp3-bo(39778)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39778

Votes:

Name: CVE-2008-0066

Description:
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490828/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2008-3/advisory/
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
Reference: BID:28454
Reference: URL:http://www.securityfocus.com/bid/28454
Reference: FRSIRT:ADV-2008-1153
Reference: URL:http://www.frsirt.com/english/advisories/2008/1153
Reference: FRSIRT:ADV-2008-1156
Reference: URL:http://www.frsirt.com/english/advisories/2008/1156
Reference: SECTRACK:1019843
Reference: URL:http://www.securitytracker.com/id?1019843
Reference: SECUNIA:28140
Reference: URL:http://secunia.com/advisories/28140
Reference: SECUNIA:28209
Reference: URL:http://secunia.com/advisories/28209
Reference: SECUNIA:28210
Reference: URL:http://secunia.com/advisories/28210
Reference: XF:autonomy-keyview-html-multiple-bo(41724)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41724

Votes:

Name: CVE-2008-0067

Status: Candidate
Phase: Assigned (20080103)

Votes:

Name: CVE-2008-0068

Description:
Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, and earlier allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080414 Secunia Research: HP OpenView Network Node Manager OpenView5.exeDirectory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/490834/100/0/threaded
Reference: BUGTRAQ:20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53
Reference: URL:http://www.securityfocus.com/archive/1/490771
Reference: MISC:http://aluigi.altervista.org/adv/closedviewx-adv.txt
Reference: MISC:http://secunia.com/secunia_research/2008-4/advisory/
Reference: HP:HPSBMA02349
Reference: URL:http://marc.info/?l=bugtraq&m=121553649611253&w=2
Reference: HP:SSRT080043
Reference: URL:http://marc.info/?l=bugtraq&m=121553649611253&w=2
Reference: BID:28745
Reference: URL:http://www.securityfocus.com/bid/28745
Reference: FRSIRT:ADV-2008-1214
Reference: URL:http://www.frsirt.com/english/advisories/2008/1214/references
Reference: OSVDB:44359
Reference: URL:http://www.osvdb.org/44359
Reference: SECTRACK:1019838
Reference: URL:http://www.securitytracker.com/id?1019838
Reference: SECTRACK:1019839
Reference: URL:http://www.securitytracker.com/id?1019839
Reference: SECUNIA:29796
Reference: URL:http://secunia.com/advisories/29796

Votes:

Name: CVE-2008-0069

Description:
Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461.

Status: Candidate
Phase: Assigned (20080103)
Reference: MILW0RM:5346
Reference: URL:http://www.milw0rm.com/exploits/5346
Reference: MISC:http://secunia.com/secunia_research/2008-6/advisory/
Reference: BID:28579
Reference: URL:http://www.securityfocus.com/bid/28579
Reference: FRSIRT:ADV-2008-1044
Reference: URL:http://www.frsirt.com/english/advisories/2008/1044/references
Reference: SECUNIA:29620
Reference: URL:http://secunia.com/advisories/29620
Reference: XF:xnview-slideshow-bo(41542)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41542

Votes:

Name: CVE-2008-0070

Description:
Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20080103)
Reference: MISC:http://secunia.com/secunia_research/2008-5/advisory/
Reference: BID:28431
Reference: URL:http://www.securityfocus.com/bid/28431
Reference: FRSIRT:ADV-2008-0984
Reference: URL:http://www.frsirt.com/english/advisories/2008/0984/references
Reference: SECUNIA:28203
Reference: URL:http://secunia.com/advisories/28203
Reference: XF:orb-dimensions-bo(41410)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41410

Votes:

Name: CVE-2008-0071

Description:
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/493269/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2008-7/advisory/
Reference: BID:29661
Reference: URL:http://www.securityfocus.com/bid/29661
Reference: FRSIRT:ADV-2008-1808
Reference: URL:http://www.frsirt.com/english/advisories/2008/1808
Reference: FRSIRT:ADV-2008-1809
Reference: URL:http://www.frsirt.com/english/advisories/2008/1809
Reference: SECTRACK:1020266
Reference: URL:http://securitytracker.com/id?1020266
Reference: SECTRACK:1020265
Reference: URL:http://www.securitytracker.com/id?1020265
Reference: SECUNIA:28703
Reference: URL:http://secunia.com/advisories/28703
Reference: SECUNIA:30605
Reference: URL:http://secunia.com/advisories/30605

Votes:

Name: CVE-2008-0072

Description:
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080528 rPSA-2008-0105-1 evolution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492684/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2008-8/advisory/
Reference: CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2310
Reference: DEBIAN:DSA-1512
Reference: URL:http://www.debian.org/security/2008/dsa-1512
Reference: FEDORA:FEDORA-2008-2290
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html
Reference: FEDORA:FEDORA-2008-2292
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html
Reference: GENTOO:GLSA-200803-12
Reference: URL:http://security.gentoo.org/glsa/glsa-200803-12.xml
Reference: MANDRIVA:MDVSA-2008:063
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:063
Reference: REDHAT:RHSA-2008:0177
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0177.html
Reference: REDHAT:RHSA-2008:0178
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0178.html
Reference: SUSE:SUSE-SA:2008:014
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html
Reference: UBUNTU:USN-583-1
Reference: URL:http://www.ubuntu.com/usn/usn-583-1
Reference: CERT-VN:VU#512491
Reference: URL:http://www.kb.cert.org/vuls/id/512491
Reference: BID:28102
Reference: URL:http://www.securityfocus.com/bid/28102
Reference: FRSIRT:ADV-2008-0768
Reference: URL:http://www.frsirt.com/english/advisories/2008/0768/references
Reference: SECTRACK:1019540
Reference: URL:http://www.securitytracker.com/id?1019540
Reference: SECUNIA:29057
Reference: URL:http://secunia.com/advisories/29057
Reference: SECUNIA:29163
Reference: URL:http://secunia.com/advisories/29163
Reference: SECUNIA:29210
Reference: URL:http://secunia.com/advisories/29210
Reference: SECUNIA:29244
Reference: URL:http://secunia.com/advisories/29244
Reference: SECUNIA:29258
Reference: URL:http://secunia.com/advisories/29258
Reference: SECUNIA:29264
Reference: URL:http://secunia.com/advisories/29264
Reference: SECUNIA:29317
Reference: URL:http://secunia.com/advisories/29317
Reference: SECUNIA:30437
Reference: URL:http://secunia.com/advisories/30437
Reference: SECUNIA:30491
Reference: URL:http://secunia.com/advisories/30491
Reference: XF:evolution-emfmultipart-format-string(41011)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41011

Votes:

Name: CVE-2008-0073

Description:
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.

Status: Candidate
Phase: Assigned (20080103)
Reference: MISC:http://secunia.com/secunia_research/2008-10/
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Reference: CONFIRM:http://xinehq.de/index.php/news
Reference: CONFIRM:http://wiki.videolan.org/Changelog/0.8.6f
Reference: CONFIRM:http://www.videolan.org/security/sa0803.php
Reference: DEBIAN:DSA-1536
Reference: URL:http://www.debian.org/security/2008/dsa-1536
Reference: DEBIAN:DSA-1543
Reference: URL:http://www.debian.org/security/2008/dsa-1543
Reference: FEDORA:FEDORA-2008-2569
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00456.html
Reference: FEDORA:FEDORA-2008-2945
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00143.html
Reference: GENTOO:GLSA-200804-25
Reference: URL:http://security.gentoo.org/glsa/glsa-200804-25.xml
Reference: GENTOO:GLSA-200808-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200808-01.xml
Reference: MANDRIVA:MDVSA-2008:178
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:178
Reference: SLACKWARE:SSA:2008-089-03
Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.392408
Reference: SUSE:SUSE-SR:2008:007
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
Reference: SUSE:SUSE-SR:2008:012
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
Reference: UBUNTU:USN-635-1
Reference: URL:http://www.ubuntu.com/usn/usn-635-1
Reference: BID:28312
Reference: URL:http://www.securityfocus.com/bid/28312
Reference: FRSIRT:ADV-2008-0923
Reference: URL:http://www.frsirt.com/english/advisories/2008/0923
Reference: SECTRACK:1019682
Reference: URL:http://www.securitytracker.com/id?1019682
Reference: SECUNIA:28694
Reference: URL:http://secunia.com/advisories/28694
Reference: SECUNIA:29472
Reference: URL:http://secunia.com/advisories/29472
Reference: SECUNIA:29392
Reference: URL:http://secunia.com/advisories/29392
Reference: SECUNIA:29578
Reference: URL:http://secunia.com/advisories/29578
Reference: SECUNIA:29601
Reference: URL:http://secunia.com/advisories/29601
Reference: SECUNIA:29766
Reference: URL:http://secunia.com/advisories/29766
Reference: SECUNIA:29740
Reference: URL:http://secunia.com/advisories/29740
Reference: SECUNIA:29800
Reference: URL:http://secunia.com/advisories/29800
Reference: SECUNIA:30581
Reference: URL:http://secunia.com/advisories/30581
Reference: SECUNIA:31372
Reference: URL:http://secunia.com/advisories/31372
Reference: SECUNIA:31393
Reference: URL:http://secunia.com/advisories/31393
Reference: XF:xinelib-sdpplinparse-bo(41339)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41339

Votes:

Name: CVE-2008-0074

Description:
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27101
Reference: URL:http://www.securityfocus.com/bid/27101
Reference: FRSIRT:ADV-2008-0507
Reference: URL:http://www.frsirt.com/english/advisories/2008/0507/references
Reference: OVAL:oval:org.mitre.oval:def:5389
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5389
Reference: SECTRACK:1019384
Reference: URL:http://www.securitytracker.com/id?1019384
Reference: SECUNIA:28849
Reference: URL:http://secunia.com/advisories/28849

Votes:

Name: CVE-2008-0075

Description:
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27676
Reference: URL:http://www.securityfocus.com/bid/27676
Reference: FRSIRT:ADV-2008-0508
Reference: URL:http://www.frsirt.com/english/advisories/2008/0508/references
Reference: OVAL:oval:org.mitre.oval:def:5308
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5308
Reference: SECTRACK:1019385
Reference: URL:http://www.securitytracker.com/id?1019385
Reference: SECUNIA:28893
Reference: URL:http://secunia.com/advisories/28893

Votes:

Name: CVE-2008-0076

Description:
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27668
Reference: URL:http://www.securityfocus.com/bid/27668
Reference: FRSIRT:ADV-2008-0512
Reference: URL:http://www.frsirt.com/english/advisories/2008/0512/references
Reference: OVAL:oval:org.mitre.oval:def:5487
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5487
Reference: SECTRACK:1019379
Reference: URL:http://www.securitytracker.com/id?1019379
Reference: SECUNIA:28903
Reference: URL:http://secunia.com/advisories/28903

Votes:

Name: CVE-2008-0077

Description:
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080103)
Reference: IDEFENSE:20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
Reference: BUGTRAQ:20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/488048/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-006.html
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: CERT-VN:VU#228569
Reference: URL:http://www.kb.cert.org/vuls/id/228569
Reference: BID:27666
Reference: URL:http://www.securityfocus.com/bid/27666
Reference: FRSIRT:ADV-2008-0512
Reference: URL:http://www.frsirt.com/english/advisories/2008/0512/references
Reference: OVAL:oval:org.mitre.oval:def:5396
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5396
Reference: SECTRACK:1019380
Reference: URL:http://www.securitytracker.com/id?1019380
Reference: SECUNIA:28903
Reference: URL:http://secunia.com/advisories/28903

Votes:

Name: CVE-2008-0078

Description:
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27689
Reference: URL:http://www.securityfocus.com/bid/27689
Reference: FRSIRT:ADV-2008-0512
Reference: URL:http://www.frsirt.com/english/advisories/2008/0512/references
Reference: OVAL:oval:org.mitre.oval:def:4904
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4904
Reference: SECTRACK:1019381
Reference: URL:http://www.securitytracker.com/id?1019381
Reference: SECUNIA:28903
Reference: URL:http://secunia.com/advisories/28903

Votes:

Name: CVE-2008-0079

Status: Candidate
Phase: Assigned (20080103)

Votes:

Name: CVE-2008-0080

Description:
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27670
Reference: URL:http://www.securityfocus.com/bid/27670
Reference: FRSIRT:ADV-2008-0509
Reference: URL:http://www.frsirt.com/english/advisories/2008/0509/references
Reference: OVAL:oval:org.mitre.oval:def:5381
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5381
Reference: SECTRACK:1019372
Reference: URL:http://www.securitytracker.com/id?1019372
Reference: SECUNIA:28894
Reference: URL:http://secunia.com/advisories/28894

Votes:

Name: CVE-2008-0081

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.

Status: Candidate
Phase: Assigned (20080103)
Reference: CONFIRM:http://www.microsoft.com/technet/security/advisory/947563.mspx
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: MSKB:947563
Reference: URL:http://www.microsoft.com/technet/security/advisory/947563.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:27305
Reference: URL:http://www.securityfocus.com/bid/27305
Reference: FRSIRT:ADV-2008-0146
Reference: URL:http://www.frsirt.com/english/advisories/2008/0146
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5546
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5546
Reference: SECTRACK:1019200
Reference: URL:http://securitytracker.com/id?1019200
Reference: SECUNIA:28506
Reference: URL:http://secunia.com/advisories/28506
Reference: XF:microsoft-excel-unspecified-code-execution(39699)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39699

Votes:

Name: CVE-2008-0082

Description:
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/495467/100/0/threaded
Reference: HP:HPSBST02360
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: HP:SSRT080117
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: MS:MS08-050
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx
Reference: BID:30551
Reference: URL:http://www.securityfocus.com/bid/30551
Reference: FRSIRT:ADV-2008-2354
Reference: URL:http://www.frsirt.com/english/advisories/2008/2354
Reference: SECTRACK:1020681
Reference: URL:http://www.securitytracker.com/id?1020681
Reference: SECUNIA:31446
Reference: URL:http://secunia.com/advisories/31446

Votes:

Name: CVE-2008-0083

Description:
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02329
Reference: URL:http://marc.info/?l=bugtraq&m=120845064910729&w=2
Reference: HP:SSRT080048
Reference: URL:http://marc.info/?l=bugtraq&m=120845064910729&w=2
Reference: MS:MS08-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-022.mspx
Reference: CERT:TA08-099A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Reference: BID:28551
Reference: URL:http://www.securityfocus.com/bid/28551
Reference: FRSIRT:ADV-2008-1146
Reference: URL:http://www.frsirt.com/english/advisories/2008/1146/references
Reference: SECTRACK:1019799
Reference: URL:http://www.securitytracker.com/id?1019799
Reference: SECUNIA:29712
Reference: URL:http://secunia.com/advisories/29712

Votes:

Name: CVE-2008-0084

Description:
Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27634
Reference: URL:http://www.securityfocus.com/bid/27634
Reference: FRSIRT:ADV-2008-0506
Reference: URL:http://www.frsirt.com/english/advisories/2008/0506/references
Reference: OVAL:oval:org.mitre.oval:def:5240
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5240
Reference: SECTRACK:1019383
Reference: URL:http://www.securitytracker.com/id?1019383
Reference: SECUNIA:28828
Reference: URL:http://secunia.com/advisories/28828

Votes:

Name: CVE-2008-0085

Description:
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.

Status: Candidate
Phase: Assigned (20080103)
Reference: MS:MS08-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Reference: CERT:TA08-190A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Reference: FRSIRT:ADV-2008-2022
Reference: URL:http://www.frsirt.com/english/advisories/2008/2022/references
Reference: SECTRACK:1020441
Reference: URL:http://www.securitytracker.com/id?1020441
Reference: SECUNIA:30970
Reference: URL:http://secunia.com/advisories/30970

Votes:

Name: CVE-2008-0086

Description:
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.

Votes:

Name: CVE-2008-0087

Description:
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02329
Reference: URL:http://marc.info/?l=bugtraq&m=120845064910729&w=2
Reference: HP:SSRT080048
Reference: URL:http://marc.info/?l=bugtraq&m=120845064910729&w=2
Reference: MS:MS08-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx
Reference: CERT:TA08-099A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Reference: BID:28553
Reference: URL:http://www.securityfocus.com/bid/28553
Reference: FRSIRT:ADV-2008-1144
Reference: URL:http://www.frsirt.com/english/advisories/2008/1144/references
Reference: SECTRACK:1019802
Reference: URL:http://www.securitytracker.com/id?1019802
Reference: SECUNIA:29696
Reference: URL:http://secunia.com/advisories/29696

Votes:

Name: CVE-2008-0088

Description:
Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.

Status: Candidate
Phase: Assigned (20080103)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27638
Reference: URL:http://www.securityfocus.com/bid/27638
Reference: FRSIRT:ADV-2008-0505
Reference: URL:http://www.frsirt.com/english/advisories/2008/0505/references
Reference: OVAL:oval:org.mitre.oval:def:5181
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5181
Reference: SECTRACK:1019382
Reference: URL:http://www.securitytracker.com/id?1019382
Reference: SECUNIA:28764
Reference: URL:http://secunia.com/advisories/28764

Votes:

Name: CVE-2008-0089

Description:
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.

Status: Candidate
Phase: Assigned (20080103)
Reference: MILW0RM:4830
Reference: URL:http://www.milw0rm.com/exploits/4830
Reference: BID:27108
Reference: URL:http://www.securityfocus.com/bid/27108
Reference: XF:clipshare-uprofile-sql-injection(39364)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39364

Votes:

Name: CVE-2008-0090

Description:
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

Status: Candidate
Phase: Assigned (20080103)
Reference: MILW0RM:4829
Reference: URL:http://www.milw0rm.com/exploits/4829
Reference: BID:27106
Reference: URL:http://www.securityfocus.com/bid/27106
Reference: XF:divxwebplayer-npUpload-dos(39386)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39386

Votes:

Name: CVE-2008-0091

Description:
Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter.

Status: Candidate
Phase: Assigned (20080103)
Reference: MILW0RM:4828
Reference: URL:http://www.milw0rm.com/exploits/4828
Reference: VIM:20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible
Reference: URL:http://www.attrition.org/pipermail/vim/2008-January/001865.html
Reference: BID:27092
Reference: URL:http://www.securityfocus.com/bid/27092
Reference: FRSIRT:ADV-2008-0051
Reference: URL:http://www.frsirt.com/english/advisories/2008/0051
Reference: SECUNIA:28309
Reference: URL:http://secunia.com/advisories/28309
Reference: XF:agency4net-download2-directory-traversal(39343)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39343

Votes:

Name: CVE-2008-0092

Description:
Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Status: Candidate
Phase: Assigned (20080103)
Reference: BUGTRAQ:20080101 Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485704/100/0/threaded
Reference: CONFIRM:http://phpwebsite.appstate.edu/blog/2143
Reference: BID:27090
Reference: URL:http://www.securityfocus.com/bid/27090
Reference: SECUNIA:28303
Reference: URL:http://secunia.com/advisories/28303
Reference: SREASON:3511
Reference: URL:http://securityreason.com/securityalert/3511
Reference: XF:phpwebsite-search-xss(39391)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39391

Votes:

Name: CVE-2008-0093

Description:
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.

Status: Candidate
Phase: Assigned (20080107)
Reference: MISC:http://www.digitrustgroup.com/advisories/web-application-security-eticket.html
Reference: BID:27130
Reference: URL:http://www.securityfocus.com/bid/27130
Reference: SECUNIA:28331
Reference: URL:http://secunia.com/advisories/28331
Reference: XF:eticket-name-subject-xss(39400)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39400

Votes:

Name: CVE-2008-0094

Description:
Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080102 MODx CMS Source code disclosure, local file inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485707/100/0/threaded
Reference: CONFIRM:http://modxcms.com/forums/index.php/topic,21290.0.html
Reference: BID:27096
Reference: URL:http://www.securityfocus.com/bid/27096
Reference: BID:27097
Reference: URL:http://www.securityfocus.com/bid/27097
Reference: SECUNIA:28220
Reference: URL:http://secunia.com/advisories/28220
Reference: SREASON:3522
Reference: URL:http://securityreason.com/securityalert/3522
Reference: XF:modx-ajaxsearch-file-include(39352)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39352

Votes:

Name: CVE-2008-0095

Description:
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080102 AST-2008-001: Crash from transfer using BYE with Also header
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485727/100/0/threaded
Reference: MISC:http://bugs.digium.com/view.php?id=11637
Reference: CONFIRM:http://downloads.digium.com/pub/security/AST-2008-001.html
Reference: BID:27110
Reference: URL:http://www.securityfocus.com/bid/27110
Reference: FRSIRT:ADV-2008-0019
Reference: URL:http://www.frsirt.com/english/advisories/2008/0019
Reference: SECTRACK:1019152
Reference: URL:http://www.securitytracker.com/id?1019152
Reference: SECUNIA:28312
Reference: URL:http://secunia.com/advisories/28312
Reference: SREASON:3520
Reference: URL:http://securityreason.com/securityalert/3520
Reference: XF:asterisk-bye-also-dos(39361)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39361

Votes:

Name: CVE-2008-0096

Description:
Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485725/100/0/threaded
Reference: MISC:http://aluigi.altervista.org/adv/gswsshit-adv.txt
Reference: SECUNIA:28307
Reference: URL:http://secunia.com/advisories/28307
Reference: SREASON:3517
Reference: URL:http://securityreason.com/securityalert/3517

Votes:

Name: CVE-2008-0097

Description:
Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message.

Votes:

Name: CVE-2008-0098

Description:
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Status: Candidate
Phase: Assigned (20080107)
Reference: MLIST:[Dailydave] 20080101 0day RealPlayer exploit demo
Reference: URL:http://lists.immunitysec.com/pipermail/dailydave/2008-January/004811.html
Reference: MISC:http://gleg.net/realplayer11.html
Reference: MISC:http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer
Reference: BID:27091
Reference: URL:http://www.securityfocus.com/bid/27091
Reference: FRSIRT:ADV-2008-0016
Reference: URL:http://www.frsirt.com/english/advisories/2008/0016
Reference: SECTRACK:1019153
Reference: URL:http://www.securitytracker.com/id?1019153
Reference: SECUNIA:28276
Reference: URL:http://secunia.com/advisories/28276

Votes:

Name: CVE-2008-0099

Description:
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.

Status: Candidate
Phase: Assigned (20080107)
Reference: MILW0RM:4831
Reference: URL:http://www.milw0rm.com/exploits/4831

Votes:

Name: CVE-2008-0100

Description:
Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080102 Buffer-overflow and format string in White_Dune 0.29beta791
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485724/100/0/threaded
Reference: MISC:http://aluigi.altervista.org/adv/whitedunboffs-adv.txt
Reference: CONFIRM:http://vrml.cip.ica.uni-stuttgart.de/dune/news.html
Reference: BID:27102
Reference: URL:http://www.securityfocus.com/bid/27102
Reference: SECUNIA:28287
Reference: URL:http://secunia.com/advisories/28287
Reference: SREASON:3516
Reference: URL:http://securityreason.com/securityalert/3516
Reference: XF:whitedune-sceneerrorf-bo(39385)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39385

Votes:

Name: CVE-2008-0101

Description:
Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080102 Buffer-overflow and format string in White_Dune 0.29beta791
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485724/100/0/threaded
Reference: MISC:http://aluigi.altervista.org/adv/whitedunboffs-adv.txt
Reference: CONFIRM:http://vrml.cip.ica.uni-stuttgart.de/dune/news.html
Reference: BID:27102
Reference: URL:http://www.securityfocus.com/bid/27102
Reference: SECUNIA:28287
Reference: URL:http://secunia.com/advisories/28287
Reference: SREASON:3516
Reference: URL:http://securityreason.com/securityalert/3516
Reference: XF:whitedune-swdegugf-format-string(39388)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39388

Votes:

Name: CVE-2008-0102

Description:
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27739
Reference: URL:http://www.securityfocus.com/bid/27739
Reference: FRSIRT:ADV-2008-0514
Reference: URL:http://www.frsirt.com/english/advisories/2008/0514/references
Reference: OVAL:oval:org.mitre.oval:def:5305
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5305
Reference: SECTRACK:1019376
Reference: URL:http://www.securitytracker.com/id?1019376
Reference: SECUNIA:28906
Reference: URL:http://secunia.com/advisories/28906

Votes:

Name: CVE-2008-0103

Description:
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27738
Reference: URL:http://www.securityfocus.com/bid/27738
Reference: FRSIRT:ADV-2008-0515
Reference: URL:http://www.frsirt.com/english/advisories/2008/0515/references
Reference: OVAL:oval:org.mitre.oval:def:5407
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5407
Reference: SECTRACK:1019375
Reference: URL:http://www.securitytracker.com/id?1019375
Reference: SECUNIA:28909
Reference: URL:http://secunia.com/advisories/28909

Votes:

Name: CVE-2008-0104

Description:
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27740
Reference: URL:http://www.securityfocus.com/bid/27740
Reference: FRSIRT:ADV-2008-0514
Reference: URL:http://www.frsirt.com/english/advisories/2008/0514/references
Reference: OVAL:oval:org.mitre.oval:def:4547
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4547
Reference: SECTRACK:1019377
Reference: URL:http://www.securitytracker.com/id?1019377
Reference: SECUNIA:28906
Reference: URL:http://secunia.com/advisories/28906

Votes:

Name: CVE-2008-0105

Description:
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27658
Reference: URL:http://www.securityfocus.com/bid/27658
Reference: FRSIRT:ADV-2008-0513
Reference: URL:http://www.frsirt.com/english/advisories/2008/0513/references
Reference: OVAL:oval:org.mitre.oval:def:5009
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5009
Reference: SECTRACK:1019387
Reference: URL:http://www.securitytracker.com/id?1019387
Reference: SECUNIA:28904
Reference: URL:http://secunia.com/advisories/28904

Votes:

Name: CVE-2008-0106

Description:
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.

Status: Candidate
Phase: Assigned (20080107)
Reference: MS:MS08-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Reference: CERT:TA08-190A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Reference: FRSIRT:ADV-2008-2022
Reference: URL:http://www.frsirt.com/english/advisories/2008/2022/references
Reference: SECTRACK:1020441
Reference: URL:http://www.securitytracker.com/id?1020441
Reference: SECUNIA:30970
Reference: URL:http://secunia.com/advisories/30970

Votes:

Name: CVE-2008-0107

Description:
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: IDEFENSE:20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723
Reference: MISC:http://www.insomniasec.com/advisories/ISVA-080709.1.htm
Reference: MS:MS08-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Reference: CERT:TA08-190A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-190A.html
Reference: BID:30119
Reference: URL:http://www.securityfocus.com/bid/30119
Reference: FRSIRT:ADV-2008-2022
Reference: URL:http://www.frsirt.com/english/advisories/2008/2022/references
Reference: SECTRACK:1020441
Reference: URL:http://www.securitytracker.com/id?1020441
Reference: SECUNIA:30970
Reference: URL:http://secunia.com/advisories/30970

Votes:

Name: CVE-2008-0108

Description:
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: IDEFENSE:20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660
Reference: MILW0RM:5107
Reference: URL:http://www.milw0rm.com/exploits/5107
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: BID:27659
Reference: URL:http://www.securityfocus.com/bid/27659
Reference: FRSIRT:ADV-2008-0513
Reference: URL:http://www.frsirt.com/english/advisories/2008/0513/references
Reference: OVAL:oval:org.mitre.oval:def:5202
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5202
Reference: SECTRACK:1019388
Reference: URL:http://www.securitytracker.com/id?1019388
Reference: SECUNIA:28904
Reference: URL:http://secunia.com/advisories/28904

Votes:

Name: CVE-2008-0109

Description:
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/488071/100/0/threaded
Reference: HP:HPSBST02314
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: HP:SSRT080016
Reference: URL:http://marc.info/?l=bugtraq&m=120361015026386&w=2
Reference: MS:MS08-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx
Reference: CERT:TA08-043C
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-043C.html
Reference: CERT-VN:VU#692417
Reference: URL:http://www.kb.cert.org/vuls/id/692417
Reference: BID:27656
Reference: URL:http://www.securityfocus.com/bid/27656
Reference: FRSIRT:ADV-2008-0511
Reference: URL:http://www.frsirt.com/english/advisories/2008/0511/references
Reference: OVAL:oval:org.mitre.oval:def:5073
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5073
Reference: SECTRACK:1019374
Reference: URL:http://www.securitytracker.com/id?1019374
Reference: SECUNIA:28901
Reference: URL:http://secunia.com/advisories/28901

Votes:

Name: CVE-2008-0110

Description:
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: CERT-VN:VU#393305
Reference: URL:http://www.kb.cert.org/vuls/id/393305
Reference: BID:28147
Reference: URL:http://www.securityfocus.com/bid/28147
Reference: FRSIRT:ADV-2008-0847
Reference: URL:http://www.frsirt.com/english/advisories/2008/0847/references
Reference: OVAL:oval:org.mitre.oval:def:5278
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5278
Reference: SECTRACK:1019579
Reference: URL:http://www.securitytracker.com/id?1019579
Reference: SECUNIA:29320
Reference: URL:http://secunia.com/advisories/29320

Votes:

Name: CVE-2008-0111

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28094
Reference: URL:http://www.securityfocus.com/bid/28094
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5114
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5114
Reference: SECTRACK:1019582
Reference: URL:http://www.securitytracker.com/id?1019582

Votes:

Name: CVE-2008-0112

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28095
Reference: URL:http://www.securityfocus.com/bid/28095
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5284
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5284
Reference: SECTRACK:1019583
Reference: URL:http://www.securitytracker.com/id?1019583

Votes:

Name: CVE-2008-0113

Description:
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080311 ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489415/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-008
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: FRSIRT:ADV-2008-0848
Reference: URL:http://www.frsirt.com/english/advisories/2008/0848/references
Reference: OVAL:oval:org.mitre.oval:def:5421
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5421
Reference: SECTRACK:1019578
Reference: URL:http://www.securitytracker.com/id?1019578
Reference: SECUNIA:29321
Reference: URL:http://secunia.com/advisories/29321

Votes:

Name: CVE-2008-0114

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28166
Reference: URL:http://www.securityfocus.com/bid/28166
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5456
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5456
Reference: SECTRACK:1019584
Reference: URL:http://www.securitytracker.com/id?1019584

Votes:

Name: CVE-2008-0115

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28167
Reference: URL:http://www.securityfocus.com/bid/28167
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5512
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5512
Reference: SECTRACK:1019585
Reference: URL:http://www.securitytracker.com/id?1019585

Votes:

Name: CVE-2008-0116

Description:
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489430/100/0/threaded
Reference: MISC:http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28168
Reference: URL:http://www.securityfocus.com/bid/28168
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5212
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5212
Reference: SECTRACK:1019586
Reference: URL:http://www.securitytracker.com/id?1019586

Votes:

Name: CVE-2008-0117

Description:
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28170
Reference: URL:http://www.securityfocus.com/bid/28170
Reference: FRSIRT:ADV-2008-0846
Reference: URL:http://www.frsirt.com/english/advisories/2008/0846/references
Reference: OVAL:oval:org.mitre.oval:def:5508
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5508
Reference: SECTRACK:1019587
Reference: URL:http://www.securitytracker.com/id?1019587

Votes:

Name: CVE-2008-0118

Description:
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02320
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: HP:SSRT080028
Reference: URL:http://marc.info/?l=bugtraq&m=120585858807305&w=2
Reference: MS:MS08-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx
Reference: CERT:TA08-071A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-071A.html
Reference: BID:28146
Reference: URL:http://www.securityfocus.com/bid/28146
Reference: FRSIRT:ADV-2008-0848
Reference: URL:http://www.frsirt.com/english/advisories/2008/0848/references
Reference: OVAL:oval:org.mitre.oval:def:5190
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5190
Reference: SECTRACK:1019578
Reference: URL:http://www.securitytracker.com/id?1019578
Reference: SECUNIA:29321
Reference: URL:http://secunia.com/advisories/29321

Votes:

Name: CVE-2008-0119

Description:
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: HP:HPSBST02336
Reference: URL:http://marc.info/?l=bugtraq&m=121129490723574&w=2
Reference: HP:SSRT080071
Reference: URL:http://marc.info/?l=bugtraq&m=121129490723574&w=2
Reference: MS:MS08-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
Reference: CERT:TA08-134A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-134A.html
Reference: BID:29158
Reference: URL:http://www.securityfocus.com/bid/29158
Reference: FRSIRT:ADV-2008-1505
Reference: URL:http://www.frsirt.com/english/advisories/2008/1505/references
Reference: SECTRACK:1020015
Reference: URL:http://www.securitytracker.com/id?1020015
Reference: SECUNIA:30150
Reference: URL:http://secunia.com/advisories/30150

Votes:

Name: CVE-2008-0120

Description:
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: IDEFENSE:20080812 Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=739
Reference: HP:HPSBST02360
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: HP:SSRT080117
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: MS:MS08-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
Reference: BID:30552
Reference: URL:http://www.securityfocus.com/bid/30552
Reference: FRSIRT:ADV-2008-2355
Reference: URL:http://www.frsirt.com/english/advisories/2008/2355
Reference: SECTRACK:1020676
Reference: URL:http://www.securitytracker.com/id?1020676
Reference: SECUNIA:31453
Reference: URL:http://secunia.com/advisories/31453

Votes:

Name: CVE-2008-0121

Description:
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."

Status: Candidate
Phase: Assigned (20080107)
Reference: IDEFENSE:20080812 Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=738
Reference: HP:HPSBST02360
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: HP:SSRT080117
Reference: URL:http://marc.info/?l=bugtraq&m=121915960406986&w=2
Reference: MS:MS08-051
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
Reference: BID:30554
Reference: URL:http://www.securityfocus.com/bid/30554
Reference: FRSIRT:ADV-2008-2355
Reference: URL:http://www.frsirt.com/english/advisories/2008/2355
Reference: SECTRACK:1020676
Reference: URL:http://www.securitytracker.com/id?1020676
Reference: SECUNIA:31453
Reference: URL:http://secunia.com/advisories/31453

Votes:

Name: CVE-2008-0122

Description:
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080124 rPSA-2008-0029-1 bind bind-utils
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487000/100/0/threaded
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=429149
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2169
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167
Reference: FEDORA:FEDORA-2008-0903
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html
Reference: FEDORA:FEDORA-2008-0904
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html
Reference: FREEBSD:FreeBSD-SA-08:02
Reference: URL:http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc
Reference: SUNALERT:238493
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1
Reference: SUSE:SUSE-SR:2008:006
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
Reference: CERT-VN:VU#203611
Reference: URL:http://www.kb.cert.org/vuls/id/203611
Reference: BID:27283
Reference: URL:http://www.securityfocus.com/bid/27283
Reference: FRSIRT:ADV-2008-0193
Reference: URL:http://www.frsirt.com/english/advisories/2008/0193
Reference: FRSIRT:ADV-2008-0703
Reference: URL:http://www.frsirt.com/english/advisories/2008/0703
Reference: FRSIRT:ADV-2008-1743
Reference: URL:http://www.frsirt.com/english/advisories/2008/1743/references
Reference: SECTRACK:1019189
Reference: URL:http://www.securitytracker.com/id?1019189
Reference: SECUNIA:28367
Reference: URL:http://secunia.com/advisories/28367
Reference: SECUNIA:28579
Reference: URL:http://secunia.com/advisories/28579
Reference: SECUNIA:28487
Reference: URL:http://secunia.com/advisories/28487
Reference: SECUNIA:28429
Reference: URL:http://secunia.com/advisories/28429
Reference: SECUNIA:29161
Reference: URL:http://secunia.com/advisories/29161
Reference: SECUNIA:29323
Reference: URL:http://secunia.com/advisories/29323
Reference: SECUNIA:30538
Reference: URL:http://secunia.com/advisories/30538
Reference: SECUNIA:30718
Reference: URL:http://secunia.com/advisories/30718
Reference: XF:freebsd-inetnetwork-bo(39670)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39670

Votes:

Name: CVE-2008-0123

Description:
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080111 Cross site scripting (XSS) in Moodle 1.8.3
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486198/100/0/threaded
Reference: FULLDISC:20080111 Cross site scripting (XSS) in Moodle 1.8.3
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0202.html
Reference: MISC:http://int21.de/cve/CVE-2008-0123-moodle.html
Reference: SUSE:SUSE-SR:2008:003
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Reference: BID:27259
Reference: URL:http://www.securityfocus.com/bid/27259
Reference: FRSIRT:ADV-2008-0164
Reference: URL:http://www.frsirt.com/english/advisories/2008/0164
Reference: SECUNIA:28838
Reference: URL:http://secunia.com/advisories/28838
Reference: XF:moodle-install-xss(39630)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39630

Votes:

Name: CVE-2008-0124

Description:
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.

Status: Candidate
Phase: Assigned (20080107)
Reference: MISC:http://int21.de/cve/CVE-2008-0124-s9y.html
Reference: CONFIRM:http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html
Reference: DEBIAN:DSA-1528
Reference: URL:http://www.debian.org/security/2008/dsa-1528
Reference: BID:28003
Reference: URL:http://www.securityfocus.com/bid/28003
Reference: FRSIRT:ADV-2008-0700
Reference: URL:http://www.frsirt.com/english/advisories/2008/0700/references
Reference: SECTRACK:1019502
Reference: URL:http://www.securitytracker.com/id?1019502
Reference: SECUNIA:29128
Reference: URL:http://secunia.com/advisories/29128
Reference: SECUNIA:29502
Reference: URL:http://secunia.com/advisories/29502
Reference: XF:serendipity-realname-username-xss(40851)
Reference: URL:http://xforce.iss.net/xforce/xfdb/40851

Votes:

Name: CVE-2008-0125

Description:
Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080317 Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489722/100/0/threaded
Reference: BID:28291
Reference: URL:http://www.securityfocus.com/bid/28291
Reference: SREASON:3765
Reference: URL:http://securityreason.com/securityalert/3765
Reference: XF:phpstats-phpstats-xss(41261)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41261

Votes:

Name: CVE-2008-0126

Status: Candidate
Phase: Assigned (20080107)

Votes:

Name: CVE-2008-0127

Description:
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485992/100/0/threaded
Reference: BUGTRAQ:20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486035/100/0/threaded
Reference: MILW0RM:4878
Reference: URL:http://www.milw0rm.com/exploits/4878
Reference: CONFIRM:https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472
Reference: BID:27197
Reference: URL:http://www.securityfocus.com/bid/27197
Reference: FRSIRT:ADV-2008-0087
Reference: URL:http://www.frsirt.com/english/advisories/2008/0087
Reference: SECTRACK:1019170
Reference: URL:http://securitytracker.com/id?1019170
Reference: SECUNIA:28408
Reference: URL:http://secunia.com/advisories/28408
Reference: SREASON:3530
Reference: URL:http://securityreason.com/securityalert/3530
Reference: XF:mcafee-ebusiness-packet-code-execution(39563)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39563
Reference: XF:mcafee-ebusiness-authentication-packet-dos(39561)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39561

Votes:

Name: CVE-2008-0128

Description:
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

Status: Candidate
Phase: Assigned (20080107)
Reference: CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
Reference: CONFIRM:http://security-tracker.debian.net/tracker/CVE-2008-0128
Reference: DEBIAN:DSA-1468
Reference: URL:http://www.debian.org/security/2008/dsa-1468
Reference: REDHAT:RHSA-2008:0261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html
Reference: REDHAT:RHSA-2008:0630
Reference: URL:http://rhn.redhat.com/errata/RHSA-2008-0630.html
Reference: SUSE:SUSE-SR:2008:005
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
Reference: BID:27365
Reference: URL:http://www.securityfocus.com/bid/27365
Reference: FRSIRT:ADV-2008-0192
Reference: URL:http://www.frsirt.com/english/advisories/2008/0192
Reference: SECUNIA:28549
Reference: URL:http://secunia.com/advisories/28549
Reference: SECUNIA:28552
Reference: URL:http://secunia.com/advisories/28552
Reference: SECUNIA:29242
Reference: URL:http://secunia.com/advisories/29242
Reference: SECUNIA:31493
Reference: URL:http://secunia.com/advisories/31493
Reference: XF:apache-singlesignon-information-disclosure(39804)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39804

Votes:

Name: CVE-2008-0129

Description:
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.

Status: Candidate
Phase: Assigned (20080107)
Reference: MILW0RM:4832
Reference: URL:http://www.milw0rm.com/exploits/4832
Reference: BID:27120
Reference: URL:http://www.securityfocus.com/bid/27120
Reference: XF:siteatschool-slideshowfull-sql-injection(39417)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39417

Votes:

Name: CVE-2008-0130

Description:
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080107)
Reference: SECUNIA:28283
Reference: URL:http://secunia.com/advisories/28283
Reference: XF:dating-site-login-sql-injection(39326)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39326

Votes:

Name: CVE-2008-0131

Description:
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080107)
Reference: SECUNIA:28283
Reference: URL:http://secunia.com/advisories/28283

Votes:

Name: CVE-2008-0132

Description:
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.

Status: Candidate
Phase: Assigned (20080107)
Reference: BUGTRAQ:20080104 Some DoS in some telnet servers
Reference: URL:http://marc.info/?l=bugtraq&m=119947184730448&w=2
Reference: MISC:http://aluigi.altervista.org/adv/pragmassh-adv.txt
Reference: MISC:http://aluigi.org/poc/pragmassh.zip
Reference: BID:27141
Reference: URL:http://www.securityfocus.com/bid/27141
Reference: XF:fortressssh-sshd-dos(39354)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39354

Votes:

Name: CVE-2008-0133

Description:
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4840
Reference: URL:http://www.milw0rm.com/exploits/4840
Reference: BID:27149
Reference: URL:http://www.securityfocus.com/bid/27149
Reference: SECUNIA:28362
Reference: URL:http://secunia.com/advisories/28362
Reference: XF:tribisur-catmain-forum-sql-injection(39443)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39443

Votes:

Name: CVE-2008-0134

Description:
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MISC:http://hackerscenter.com/archive/view.asp?id=28145
Reference: MISC:http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
Reference: SECUNIA:28284
Reference: URL:http://secunia.com/advisories/28284

Votes:

Name: CVE-2008-0135

Description:
Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.

Votes:

Name: CVE-2008-0136

Description:
Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path.

Votes:

Name: CVE-2008-0137

Description:
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4838
Reference: URL:http://www.milw0rm.com/exploits/4838
Reference: FRSIRT:ADV-2008-0053
Reference: URL:http://www.frsirt.com/english/advisories/2008/0053
Reference: XF:snetworks-configinc-file-include(39468)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39468

Votes:

Name: CVE-2008-0138

Description:
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4847
Reference: URL:http://www.milw0rm.com/exploits/4847
Reference: BID:27155
Reference: URL:http://www.securityfocus.com/bid/27155
Reference: XF:xoops-modgallery-zendhashkey-file-include(39461)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39461

Votes:

Name: CVE-2008-0139

Description:
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4849
Reference: URL:http://milw0rm.com/exploits/4849
Reference: BID:27157
Reference: URL:http://www.securityfocus.com/bid/27157
Reference: SECUNIA:28336
Reference: URL:http://secunia.com/advisories/28336
Reference: XF:loudblog-template-code-execution(39445)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39445

Votes:

Name: CVE-2008-0140

Description:
Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4846
Reference: URL:http://www.milw0rm.com/exploits/4846
Reference: VIM:20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability
Reference: URL:http://www.attrition.org/pipermail/vim/2008-January/001867.html
Reference: BID:27154
Reference: URL:http://www.securityfocus.com/bid/27154
Reference: XF:uebimiau-webmail-error-directory-traversal(39460)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39460

Votes:

Name: CVE-2008-0141

Description:
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4835
Reference: URL:http://www.milw0rm.com/exploits/4835
Reference: BID:27145
Reference: URL:http://www.securityfocus.com/bid/27145
Reference: XF:webportal-action-weak-security(39486)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39486

Votes:

Name: CVE-2008-0142

Description:
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4835
Reference: URL:http://www.milw0rm.com/exploits/4835

Votes:

Name: CVE-2008-0143

Description:
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4834
Reference: URL:http://www.milw0rm.com/exploits/4834
Reference: CONFIRM:http://www.spacialaudio.com/news/index.html
Reference: BID:27137
Reference: URL:http://www.securityfocus.com/bid/27137
Reference: SECUNIA:28355
Reference: URL:http://secunia.com/advisories/28355
Reference: XF:samPHPweb-db-file-include(39397)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39397

Votes:

Name: CVE-2008-0144

Description:
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=119955114428283&w=2
Reference: MILW0RM:4833
Reference: URL:http://www.milw0rm.com/exploits/4833
Reference: SECUNIA:28328
Reference: URL:http://secunia.com/advisories/28328

Votes:

Name: CVE-2008-0145

Description:
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.

Status: Candidate
Phase: Assigned (20080108)
Reference: CONFIRM:http://bugs.php.net/bug.php?id=41655
Reference: CONFIRM:http://www.php.net/ChangeLog-4.php
Reference: CONFIRM:http://www.php.net/releases/4_4_8.php
Reference: SLACKWARE:SSA:2008-045-03
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.335136
Reference: SECUNIA:28318
Reference: URL:http://secunia.com/advisories/28318
Reference: SECUNIA:28936
Reference: URL:http://secunia.com/advisories/28936
Reference: XF:php-glob-openbasedir-security-bypass(39401)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39401

Votes:

Name: CVE-2008-0146

Description:
Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080103 xss in w3-msql error page
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485736/100/0/threaded
Reference: BID:27116
Reference: URL:http://www.securityfocus.com/bid/27116
Reference: SECUNIA:28294
Reference: URL:http://secunia.com/advisories/28294
Reference: SREASON:3521
Reference: URL:http://securityreason.com/securityalert/3521

Votes:

Name: CVE-2008-0147

Description:
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4863
Reference: URL:http://www.milw0rm.com/exploits/4863
Reference: BID:27180
Reference: URL:http://www.securityfocus.com/bid/27180
Reference: SECUNIA:28301
Reference: URL:http://secunia.com/advisories/28301
Reference: XF:smallnuke-index-sql-injection(39525)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39525

Votes:

Name: CVE-2008-0148

Description:
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4861
Reference: URL:http://milw0rm.com/exploits/4861
Reference: SECUNIA:28291
Reference: URL:http://secunia.com/advisories/28291
Reference: XF:tutos-cmd-command-execution(39531)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39531

Votes:

Name: CVE-2008-0149

Description:
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function.

Votes:

Name: CVE-2008-0150

Description:
Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080104 Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485831/100/0/threaded
Reference: CONFIRM:http://www.arubanetworks.com/support/alerts/aid-122207.asc
Reference: BID:27144
Reference: URL:http://www.securityfocus.com/bid/27144
Reference: SECUNIA:28357
Reference: URL:http://secunia.com/advisories/28357
Reference: SREASON:3529
Reference: URL:http://securityreason.com/securityalert/3529

Votes:

Name: CVE-2008-0151

Description:
Foxit WAC Server 2.1.0.910 and earlier allows remote attackers to cause a denial of service (crash) via a Telnet request with long options.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080104 Some DoS in some telnet servers
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485812/100/0/threaded
Reference: MISC:http://aluigi.altervista.org/adv/waccaz-adv.txt
Reference: BID:27142
Reference: URL:http://www.securityfocus.com/bid/27142
Reference: SECUNIA:28272
Reference: URL:http://secunia.com/advisories/28272
Reference: SREASON:3525
Reference: URL:http://securityreason.com/securityalert/3525

Votes:

Name: CVE-2008-0152

Description:
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unpsecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080104 Some DoS in some telnet servers
Reference: URL:http://marc.info/?l=bugtraq&m=119947184730448&w=2
Reference: MISC:http://aluigi.altervista.org/adv/slnetmsg-adv.txt
Reference: BID:27134
Reference: URL:http://www.securityfocus.com/bid/27134
Reference: SECUNIA:28316
Reference: URL:http://secunia.com/advisories/28316

Votes:

Name: CVE-2008-0153

Description:
telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080104 Some DoS in some telnet servers
Reference: URL:http://marc.info/?l=bugtraq&m=119947184730448&w=2
Reference: MISC:http://aluigi.altervista.org/adv/pragmatel-adv.txt
Reference: BID:27143
Reference: URL:http://www.securityfocus.com/bid/27143
Reference: XF:pragmatelnetserver-telnetd-dos(39353)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39353

Votes:

Name: CVE-2008-0154

Description:
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4865
Reference: URL:http://www.milw0rm.com/exploits/4865
Reference: XF:evilboard-index-sql-injection(39529)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39529

Votes:

Name: CVE-2008-0155

Description:
Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4865
Reference: URL:http://www.milw0rm.com/exploits/4865
Reference: XF:evilboard-index-xss(39526)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39526

Votes:

Name: CVE-2008-0156

Description:
Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: BUGTRAQ:20080107 Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485882/100/0/threaded
Reference: BID:27174
Reference: URL:http://www.securityfocus.com/bid/27174
Reference: SREASON:3524
Reference: URL:http://securityreason.com/securityalert/3524
Reference: XF:milliondollarscript-index-dir-traversal(39492)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39492

Votes:

Name: CVE-2008-0157

Description:
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4858
Reference: URL:http://www.milw0rm.com/exploits/4858
Reference: BID:27164
Reference: URL:http://www.securityfocus.com/bid/27164
Reference: SECUNIA:28373
Reference: URL:http://secunia.com/advisories/28373
Reference: XF:flexbb-flexbbtempid-sql-injection(39475)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39475

Votes:

Name: CVE-2008-0158

Description:
Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4855
Reference: URL:http://www.milw0rm.com/exploits/4855
Reference: MISC:http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt
Reference: BID:27165
Reference: URL:http://www.securityfocus.com/bid/27165
Reference: XF:shopscript-index-directory-traversal(39449)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39449

Votes:

Name: CVE-2008-0159

Description:
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

Status: Candidate
Phase: Assigned (20080108)
Reference: MILW0RM:4860
Reference: URL:http://www.milw0rm.com/exploits/4860
Reference: BID:27168
Reference: URL:http://www.securityfocus.com/bid/27168
Reference: SECUNIA:28371
Reference: URL:http://secunia.com/advisories/28371
Reference: XF:eggblog-eggblogmail-sql-injection(39473)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39473

Votes:

Name: CVE-2008-0160

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0161

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0162

Description:
misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20080109)
Reference: DEBIAN:DSA-1500
Reference: URL:http://www.debian.org/security/2008/dsa-1500
Reference: GENTOO:GLSA-200803-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200803-05.xml
Reference: BID:27936
Reference: URL:http://www.securityfocus.com/bid/27936
Reference: SECUNIA:29064
Reference: URL:http://secunia.com/advisories/29064
Reference: SECUNIA:29080
Reference: URL:http://secunia.com/advisories/29080
Reference: SECUNIA:29190
Reference: URL:http://secunia.com/advisories/29190

Votes:

Name: CVE-2008-0163

Description:
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.

Status: Candidate
Phase: Assigned (20080109)
Reference: DEBIAN:DSA-1494
Reference: URL:http://www.debian.org/security/2008/dsa-1494
Reference: BID:27704
Reference: URL:http://www.securityfocus.com/bid/27704
Reference: BID:27798
Reference: URL:http://www.securityfocus.com/bid/27798
Reference: SECUNIA:28875
Reference: URL:http://secunia.com/advisories/28875
Reference: XF:linux-kernel-proc-unauth-access(40486)
Reference: URL:http://xforce.iss.net/xforce/xfdb/40486

Votes:

Name: CVE-2008-0164

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080313 PR08-02: Plone CMS Security Research - the Art of Plowning
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489544/100/0/threaded
Reference: MISC:http://plone.org/about/security/advisories/cve-2008-0164
Reference: MISC:http://www.procheckup.com/Hacking_Plone_CMS.pdf
Reference: SECUNIA:29361
Reference: URL:http://secunia.com/advisories/29361
Reference: SREASON:3754
Reference: URL:http://securityreason.com/securityalert/3754
Reference: XF:plone-joinform-csrf(41263)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41263

Votes:

Name: CVE-2008-0165

Description:
Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445
Reference: CONFIRM:http://ikiwiki.info/security/#index31h2
Reference: DEBIAN:DSA-1553
Reference: URL:http://www.debian.org/security/2008/dsa-1553
Reference: FRSIRT:ADV-2008-1297
Reference: URL:http://www.frsirt.com/english/advisories/2008/1297/references
Reference: SECUNIA:29907
Reference: URL:http://secunia.com/advisories/29907
Reference: SECUNIA:29932
Reference: URL:http://secunia.com/advisories/29932
Reference: XF:ikiwiki-change-password-csrf(41904)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41904

Votes:

Name: CVE-2008-0166

Description:
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080515 Debian generated SSH-Keys working exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/492112/100/0/threaded
Reference: MILW0RM:5622
Reference: URL:http://www.milw0rm.com/exploits/5622
Reference: MILW0RM:5632
Reference: URL:http://www.milw0rm.com/exploits/5632
Reference: MILW0RM:5720
Reference: URL:http://www.milw0rm.com/exploits/5720
Reference: MLIST:[rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem
Reference: URL:http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel
Reference: MISC:http://metasploit.com/users/hdm/tools/debian-openssl/
Reference: DEBIAN:DSA-1571
Reference: URL:http://www.debian.org/security/2008/dsa-1571
Reference: DEBIAN:DSA-1576
Reference: URL:http://www.debian.org/security/2008/dsa-1576
Reference: UBUNTU:USN-612-1
Reference: URL:http://www.ubuntu.com/usn/usn-612-1
Reference: UBUNTU:USN-612-2
Reference: URL:http://www.ubuntu.com/usn/usn-612-2
Reference: UBUNTU:USN-612-3
Reference: URL:http://www.ubuntu.com/usn/usn-612-3
Reference: UBUNTU:USN-612-4
Reference: URL:http://www.ubuntu.com/usn/usn-612-4
Reference: UBUNTU:USN-612-7
Reference: URL:http://www.ubuntu.com/usn/usn-612-7
Reference: CERT-VN:VU#925211
Reference: URL:http://www.kb.cert.org/vuls/id/925211
Reference: BID:29179
Reference: URL:http://www.securityfocus.com/bid/29179
Reference: SECTRACK:1020017
Reference: URL:http://www.securitytracker.com/id?1020017
Reference: SECUNIA:30220
Reference: URL:http://secunia.com/advisories/30220
Reference: SECUNIA:30221
Reference: URL:http://secunia.com/advisories/30221
Reference: SECUNIA:30231
Reference: URL:http://secunia.com/advisories/30231
Reference: SECUNIA:30239
Reference: URL:http://secunia.com/advisories/30239
Reference: SECUNIA:30249
Reference: URL:http://secunia.com/advisories/30249
Reference: SECUNIA:30136
Reference: URL:http://secunia.com/advisories/30136
Reference: XF:openssl-rng-weak-security(42375)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42375

Votes:

Name: CVE-2008-0167

Description:
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz
Reference: DEBIAN:DSA-1577
Reference: URL:http://www.debian.org/security/2008/dsa-1577
Reference: BID:29215
Reference: URL:http://www.securityfocus.com/bid/29215
Reference: FRSIRT:ADV-2008-1537
Reference: URL:http://www.frsirt.com/english/advisories/2008/1537/references
Reference: SECUNIA:30088
Reference: URL:http://secunia.com/advisories/30088
Reference: SECUNIA:30286
Reference: URL:http://secunia.com/advisories/30286
Reference: XF:gforge-unspecified-symlink(42456)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42456

Votes:

Name: CVE-2008-0168

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0169

Description:
Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.

Status: Candidate
Phase: Assigned (20080109)
Reference: MLIST:[oss-security] 20080531 Re: CVE id request: ikiwiki
Reference: URL:http://www.openwall.com/lists/oss-security/2008/05/31/3
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
Reference: CONFIRM:http://ikiwiki.info/news/version_2.48/index.html
Reference: CONFIRM:http://ikiwiki.info/security/#index33h2
Reference: BID:29479
Reference: URL:http://www.securityfocus.com/bid/29479
Reference: FRSIRT:ADV-2008-1710
Reference: URL:http://www.frsirt.com/english/advisories/2008/1710
Reference: SECUNIA:30468
Reference: URL:http://secunia.com/advisories/30468
Reference: XF:ikiwiki-openid-passwordauth-auth-bypass(42798)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42798

Votes:

Name: CVE-2008-0170

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0171

Description:
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080213 rPSA-2008-0063-1 boost
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/488102/100/0/threaded
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=205955
Reference: CONFIRM:http://svn.boost.org/trac/boost/changeset/42674
Reference: CONFIRM:http://svn.boost.org/trac/boost/changeset/42745
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2143
Reference: CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2008-0063
Reference: FEDORA:FEDORA-2008-0880
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html
Reference: GENTOO:GLSA-200802-08
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml
Reference: MANDRIVA:MDVSA-2008:032
Reference: URL:http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032
Reference: SUSE:SUSE-SR:2008:006
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
Reference: UBUNTU:USN-570-1
Reference: URL:http://www.ubuntu.com/usn/usn-570-1
Reference: BID:27325
Reference: URL:http://www.securityfocus.com/bid/27325
Reference: FRSIRT:ADV-2008-0249
Reference: URL:http://www.frsirt.com/english/advisories/2008/0249
Reference: SECUNIA:28545
Reference: URL:http://secunia.com/advisories/28545
Reference: SECUNIA:28705
Reference: URL:http://secunia.com/advisories/28705
Reference: SECUNIA:28511
Reference: URL:http://secunia.com/advisories/28511
Reference: SECUNIA:28527
Reference: URL:http://secunia.com/advisories/28527
Reference: SECUNIA:28943
Reference: URL:http://secunia.com/advisories/28943
Reference: SECUNIA:28860
Reference: URL:http://secunia.com/advisories/28860
Reference: SECUNIA:29323
Reference: URL:http://secunia.com/advisories/29323

Votes:

Name: CVE-2008-0172

Description:
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

Votes:

Name: CVE-2008-0173

Description:
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.

Status: Candidate
Phase: Assigned (20080109)
Reference: DEBIAN:DSA-1459
Reference: URL:http://www.debian.org/security/2008/dsa-1459
Reference: BID:27266
Reference: URL:http://www.securityfocus.com/bid/27266
Reference: FRSIRT:ADV-2008-0115
Reference: URL:http://www.frsirt.com/english/advisories/2008/0115
Reference: SECUNIA:28395
Reference: URL:http://secunia.com/advisories/28395
Reference: SECUNIA:28451
Reference: URL:http://secunia.com/advisories/28451
Reference: XF:gforge-multiple-sql-injection(39666)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39666

Votes:

Name: CVE-2008-0174

Description:
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487075/100/0/threaded
Reference: BUGTRAQ:20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487244/100/0/threaded
Reference: CONFIRM:http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459
Reference: CERT-VN:VU#180876
Reference: URL:http://www.kb.cert.org/vuls/id/180876
Reference: BID:30754
Reference: URL:http://www.securityfocus.com/bid/30754
Reference: SECTRACK:1019273
Reference: URL:http://securitytracker.com/id?1019273
Reference: SREASON:3590
Reference: URL:http://securityreason.com/securityalert/3590

Votes:

Name: CVE-2008-0175

Description:
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487079/100/0/threaded
Reference: BUGTRAQ:20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487242/100/0/threaded
Reference: CONFIRM:http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
Reference: CERT-VN:VU#339345
Reference: URL:http://www.kb.cert.org/vuls/id/339345
Reference: BID:27446
Reference: URL:http://www.securityfocus.com/bid/27446
Reference: FRSIRT:ADV-2008-0307
Reference: URL:http://www.frsirt.com/english/advisories/2008/0307/references
Reference: SECTRACK:1019274
Reference: URL:http://www.securitytracker.com/id?1019274
Reference: SECUNIA:28678
Reference: URL:http://secunia.com/advisories/28678
Reference: SREASON:3591
Reference: URL:http://securityreason.com/securityalert/3591

Votes:

Name: CVE-2008-0176

Description:
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080125 C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487076/100/0/threaded
Reference: BUGTRAQ:20080129 Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487241/100/0/threaded
Reference: CONFIRM:http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
Reference: CERT-VN:VU#308556
Reference: URL:http://www.kb.cert.org/vuls/id/308556
Reference: BID:27447
Reference: URL:http://www.securityfocus.com/bid/27447
Reference: FRSIRT:ADV-2008-0306
Reference: URL:http://www.frsirt.com/english/advisories/2008/0306
Reference: SECTRACK:1019275
Reference: URL:http://www.securitytracker.com/id?1019275
Reference: SECUNIA:28663
Reference: URL:http://secunia.com/advisories/28663
Reference: SREASON:3592
Reference: URL:http://securityreason.com/securityalert/3592

Votes:

Name: CVE-2008-0177

Description:
The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header.

Status: Candidate
Phase: Assigned (20080109)
Reference: MILW0RM:5191
Reference: URL:http://www.milw0rm.com/exploits/5191
Reference: CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1
Reference: CONFIRM:http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37
Reference: APPLE:APPLE-SA-2008-05-28
Reference: URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Reference: APPLE:APPLE-SA-2008-07-11
Reference: URL:http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
Reference: FREEBSD:FreeBSD-SA-08:04
Reference: URL:http://security.freebsd.org/advisories/FreeBSD-SA-08:04.ipsec.asc
Reference: CERT:TA08-150A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Reference: CERT-VN:VU#110947
Reference: URL:http://www.kb.cert.org/vuls/id/110947
Reference: BID:27642
Reference: URL:http://www.securityfocus.com/bid/27642
Reference: FRSIRT:ADV-2008-0441
Reference: URL:http://www.frsirt.com/english/advisories/2008/0441
Reference: FRSIRT:ADV-2008-0688
Reference: URL:http://www.frsirt.com/english/advisories/2008/0688
Reference: FRSIRT:ADV-2008-1697
Reference: URL:http://www.frsirt.com/english/advisories/2008/1697
Reference: FRSIRT:ADV-2008-2094
Reference: URL:http://www.frsirt.com/english/advisories/2008/2094/references
Reference: SECTRACK:1019314
Reference: URL:http://securitytracker.com/id?1019314
Reference: SECUNIA:28788
Reference: URL:http://secunia.com/advisories/28788
Reference: SECUNIA:28816
Reference: URL:http://secunia.com/advisories/28816
Reference: SECUNIA:28979
Reference: URL:http://secunia.com/advisories/28979
Reference: SECUNIA:29130
Reference: URL:http://secunia.com/advisories/29130
Reference: SECUNIA:30430
Reference: URL:http://secunia.com/advisories/30430
Reference: SECUNIA:31074
Reference: URL:http://secunia.com/advisories/31074

Votes:

Name: CVE-2008-0178

Description:
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://support.liferay.com/browse/LEP-4736
Reference: CERT-VN:VU#326065
Reference: URL:http://www.kb.cert.org/vuls/id/326065
Reference: BID:27547
Reference: URL:http://www.securityfocus.com/bid/27547
Reference: SECUNIA:28742
Reference: URL:http://secunia.com/advisories/28742

Votes:

Name: CVE-2008-0179

Description:
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://support.liferay.com/browse/LEP-4737
Reference: CERT-VN:VU#888209
Reference: URL:http://www.kb.cert.org/vuls/id/888209
Reference: BID:27550
Reference: URL:http://www.securityfocus.com/bid/27550
Reference: SECUNIA:28742
Reference: URL:http://secunia.com/advisories/28742

Votes:

Name: CVE-2008-0180

Description:
Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://support.liferay.com/browse/LEP-4738
Reference: CERT-VN:VU#732449
Reference: URL:http://www.kb.cert.org/vuls/id/732449
Reference: BID:27546
Reference: URL:http://www.securityfocus.com/bid/27546
Reference: SECUNIA:28742
Reference: URL:http://secunia.com/advisories/28742

Votes:

Name: CVE-2008-0181

Description:
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://support.liferay.com/browse/LEP-4739
Reference: CERT-VN:VU#217825
Reference: URL:http://www.kb.cert.org/vuls/id/217825
Reference: BID:27554
Reference: URL:http://www.securityfocus.com/bid/27554
Reference: SECUNIA:28742
Reference: URL:http://secunia.com/advisories/28742

Votes:

Name: CVE-2008-0182

Description:
Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

Status: Candidate
Phase: Assigned (20080109)
Reference: CONFIRM:http://support.liferay.com/browse/LEP-4739
Reference: CERT-VN:VU#767825
Reference: URL:http://www.kb.cert.org/vuls/id/767825
Reference: SECUNIA:28742
Reference: URL:http://secunia.com/advisories/28742

Votes:

Name: CVE-2008-0183

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0184

Description:
Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080108 sysHotel On Line Remote File Disclosure Vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485940/100/0/threaded
Reference: BID:27184
Reference: URL:http://www.securityfocus.com/bid/27184
Reference: SREASON:3528
Reference: URL:http://securityreason.com/securityalert/3528

Votes:

Name: CVE-2008-0185

Description:
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485834/100/0/threaded
Reference: MILW0RM:4852
Reference: URL:http://www.milw0rm.com/exploits/4852
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681
Reference: SECUNIA:28328
Reference: URL:http://secunia.com/advisories/28328

Votes:

Name: CVE-2008-0186

Description:
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485834/100/0/threaded
Reference: MILW0RM:4852
Reference: URL:http://www.milw0rm.com/exploits/4852
Reference: SECUNIA:28369
Reference: URL:http://secunia.com/advisories/28369

Votes:

Name: CVE-2008-0187

Description:
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: MILW0RM:4836
Reference: URL:http://www.milw0rm.com/exploits/4836
Reference: BID:27147
Reference: URL:http://www.securityfocus.com/bid/27147
Reference: XF:sambroadcaster-songinfo-sql-injection(39463)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39463

Votes:

Name: CVE-2008-0188

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none.

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0189

Status: Candidate
Phase: Assigned (20080109)

Votes:

Name: CVE-2008-0190

Description:
Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument784.html
Reference: MISC:http://websecurity.com.ua/1694/
Reference: BID:27125
Reference: URL:http://www.securityfocus.com/bid/27125
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539
Reference: XF:awesometemplateengine-multiple-xss(39396)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39396

Votes:

Name: CVE-2008-0191

Description:
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument663.html
Reference: MISC:http://websecurity.com.ua/1634/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539
Reference: XF:wordpress-p-path-disclosure(39423)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39423

Votes:

Name: CVE-2008-0192

Description:
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument714.html
Reference: MISC:http://websecurity.com.ua/1658/
Reference: BID:27123
Reference: URL:http://www.securityfocus.com/bid/27123
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539
Reference: XF:wordpress-popuptitle-xss(39426)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39426

Votes:

Name: CVE-2008-0193

Description:
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument755.html
Reference: MISC:http://websecurity.com.ua/1676/
Reference: DEBIAN:DSA-1502
Reference: URL:http://www.debian.org/security/2008/dsa-1502
Reference: BID:27123
Reference: URL:http://www.securityfocus.com/bid/27123
Reference: SECUNIA:29014
Reference: URL:http://secunia.com/advisories/29014
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0194

Description:
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument755.html
Reference: MISC:http://websecurity.com.ua/1676/
Reference: DEBIAN:DSA-1502
Reference: URL:http://www.debian.org/security/2008/dsa-1502
Reference: BID:27123
Reference: URL:http://www.securityfocus.com/bid/27123
Reference: SECUNIA:29014
Reference: URL:http://secunia.com/advisories/29014
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0195

Description:
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument762.html
Reference: MISC:http://securityvulns.ru/Sdocument768.html
Reference: MISC:http://securityvulns.ru/Sdocument772.html
Reference: MISC:http://securityvulns.ru/Sdocument773.html
Reference: MISC:http://websecurity.com.ua/1679/
Reference: MISC:http://websecurity.com.ua/1683/
Reference: MISC:http://websecurity.com.ua/1686/
Reference: MISC:http://websecurity.com.ua/1687/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0196

Description:
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument762.html
Reference: MISC:http://securityvulns.ru/Sdocument768.html
Reference: MISC:http://securityvulns.ru/Sdocument772.html
Reference: MISC:http://securityvulns.ru/Sdocument773.html
Reference: MISC:http://websecurity.com.ua/1679/
Reference: MISC:http://websecurity.com.ua/1683/
Reference: MISC:http://websecurity.com.ua/1686/
Reference: MISC:http://websecurity.com.ua/1687/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0197

Description:
Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument546.html
Reference: MISC:http://securityvulns.ru/Sdocument667.html
Reference: MISC:http://websecurity.com.ua/1600/
Reference: MISC:http://websecurity.com.ua/1641/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0198

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument546.html
Reference: MISC:http://securityvulns.ru/Sdocument667.html
Reference: MISC:http://websecurity.com.ua/1600/
Reference: MISC:http://websecurity.com.ua/1641/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0199

Description:
PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument731.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797
Reference: MISC:http://websecurity.com.ua/1259/
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0200

Description:
Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter.

Votes:

Name: CVE-2008-0201

Description:
Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument472.html
Reference: MISC:http://websecurity.com.ua/1454/
Reference: BID:27128
Reference: URL:http://www.securityfocus.com/bid/27128
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539
Reference: XF:expressionengine-index-xss(39442)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39442

Votes:

Name: CVE-2008-0202

Description:
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument472.html
Reference: MISC:http://websecurity.com.ua/1454/
Reference: BID:27128
Reference: URL:http://www.securityfocus.com/bid/27128
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0203

Description:
Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.

Votes:

Name: CVE-2008-0204

Description:
Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.

Votes:

Name: CVE-2008-0205

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php.

Votes:

Name: CVE-2008-0206

Description:
Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter.

Votes:

Name: CVE-2008-0207

Description:
Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI.

Status: Candidate
Phase: Assigned (20080109)
Reference: BUGTRAQ:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485786/100/0/threaded
Reference: FULLDISC:20080103 securityvulns.com russian vulnerabilities digest
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Reference: MISC:http://securityvulns.ru/Sdocument731.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797
Reference: MISC:http://websecurity.com.ua/1259/
Reference: BID:27126
Reference: URL:http://www.securityfocus.com/bid/27126
Reference: SECUNIA:28335
Reference: URL:http://secunia.com/advisories/28335
Reference: SREASON:3539
Reference: URL:http://securityreason.com/securityalert/3539

Votes:

Name: CVE-2008-0208

Description:
Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter.

Status: Candidate
Phase: Assigned (20080109)
Reference: MISC:http://hackerscenter.com/archive/view.asp?id=28145
Reference: MISC:http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
Reference: SECUNIA:28284
Reference: URL:http://secunia.com/advisories/28284

Votes:

Name: CVE-2008-0209

Description:
Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter.

Votes:

Name: CVE-2008-0210

Description:
Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

Status: Candidate
Phase: Assigned (20080109)
Reference: MILW0RM:4846
Reference: URL:http://www.milw0rm.com/exploits/4846
Reference: BID:27154
Reference: URL:http://www.securityfocus.com/bid/27154

Votes:

Name: CVE-2008-0211

Description:
Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors.

Status: Candidate
Phase: Assigned (20080110)
Reference: HP:HPSBGN02305
Reference: URL:http://marc.info/?l=bugtraq&m=120672155821700&w=2
Reference: HP:SSRT080004
Reference: URL:http://marc.info/?l=bugtraq&m=120672155821700&w=2
Reference: BID:28494
Reference: URL:http://www.securityfocus.com/bid/28494
Reference: FRSIRT:ADV-2008-1042
Reference: URL:http://www.frsirt.com/english/advisories/2008/1042/references
Reference: SECTRACK:1019729
Reference: URL:http://securitytracker.com/id?1019729
Reference: XF:compaq-businessnotebook-pcbios-dos(41520)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41520

Votes:

Name: CVE-2008-0212

Description:
ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.

Status: Candidate
Phase: Assigned (20080110)
Reference: IDEFENSE:20080204 Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=652
Reference: HP:HPSBMA02307
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487586/100/0/threaded
Reference: HP:SSRT071420
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487586/100/0/threaded
Reference: BID:27629
Reference: URL:http://www.securityfocus.com/bid/27629
Reference: FRSIRT:ADV-2008-0424
Reference: URL:http://www.frsirt.com/english/advisories/2008/0424
Reference: SECTRACK:1019306
Reference: URL:http://www.securitytracker.com/id?1019306
Reference: SECUNIA:28798
Reference: URL:http://secunia.com/advisories/28798

Votes:

Name: CVE-2008-0213

Description:
Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors.

Status: Candidate
Phase: Assigned (20080110)
Reference: HP:HPSBGN02310
Reference: URL:http://marc.info/?l=bugtraq&m=120231595903371&w=2
Reference: HP:SSRT080007
Reference: URL:http://marc.info/?l=bugtraq&m=120231595903371&w=2
Reference: SECTRACK:1019311
Reference: URL:http://www.securitytracker.com/id?1019311

Votes:

Name: CVE-2008-0214

Description:
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors.

Status: Candidate
Phase: Assigned (20080110)
Reference: HP:HPSBMA02309
Reference: URL:http://marc.info/?l=bugtraq&m=120239931201443&w=2
Reference: HP:SSRT080013
Reference: URL:http://marc.info/?l=bugtraq&m=120239931201443&w=2
Reference: BID:27667
Reference: URL:http://www.securityfocus.com/bid/27667
Reference: FRSIRT:ADV-2008-0472
Reference: URL:http://www.frsirt.com/english/advisories/2008/0472
Reference: SECTRACK:1019322
Reference: URL:http://www.securitytracker.com/id?1019322
Reference: SECUNIA:28844
Reference: URL:http://secunia.com/advisories/28844

Votes:

Name: CVE-2008-0215

Description:
Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.

Status: Candidate
Phase: Assigned (20080110)
Reference: HP:HPSBST02302
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01316132
Reference: HP:SSRT071474
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01316132
Reference: BID:27643
Reference: URL:http://www.securityfocus.com/bid/27643
Reference: FRSIRT:ADV-2008-0440
Reference: URL:http://www.frsirt.com/english/advisories/2008/0440
Reference: SECTRACK:1019312
Reference: URL:http://www.securitytracker.com/id?1019312
Reference: SECUNIA:28813
Reference: URL:http://secunia.com/advisories/28813

Votes:

Name: CVE-2008-0216

Description:
The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user.

Status: Candidate
Phase: Assigned (20080110)
Reference: FREEBSD:FreeBSD-SA-08:01
Reference: URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
Reference: BID:27284
Reference: URL:http://www.securityfocus.com/bid/27284
Reference: SECTRACK:1019191
Reference: URL:http://www.securitytracker.com/id?1019191
Reference: SECUNIA:28498
Reference: URL:http://secunia.com/advisories/28498
Reference: XF:freebsd-ptsname-information-disclosure(39667)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39667

Votes:

Name: CVE-2008-0217

Description:
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.

Status: Candidate
Phase: Assigned (20080110)
Reference: FREEBSD:FreeBSD-SA-08:01
Reference: URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
Reference: BID:27284
Reference: URL:http://www.securityfocus.com/bid/27284
Reference: SECTRACK:1019191
Reference: URL:http://www.securitytracker.com/id?1019191
Reference: SECUNIA:28498
Reference: URL:http://secunia.com/advisories/28498
Reference: XF:freebsd-openpty-information-disclosure(39665)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39665

Votes:

Name: CVE-2008-0218

Description:
Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080110)
Reference: MISC:http://www.securityfocus.com/data/vulnerabilities/exploits/27189.html
Reference: BID:27189
Reference: URL:http://www.securityfocus.com/bid/27189
Reference: FRSIRT:ADV-2008-0135
Reference: URL:http://www.frsirt.com/english/advisories/2008/0135
Reference: SECUNIA:28460
Reference: URL:http://secunia.com/advisories/28460
Reference: XF:icewarpmailserver-index-xss(39564)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39564

Votes:

Name: CVE-2008-0219

Description:
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4867
Reference: URL:http://www.milw0rm.com/exploits/4867
Reference: BID:27192
Reference: URL:http://www.securityfocus.com/bid/27192
Reference: SECUNIA:26821
Reference: URL:http://secunia.com/advisories/26821
Reference: XF:webquest-soportehorizontalw-sql-injection(39560)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39560

Votes:

Name: CVE-2008-0220

Description:
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080110)
Reference: FULLDISC:20080109 Gateway WebLaunch ActiveX Control Insecure Method
Reference: URL:http://marc.info/?l=full-disclosure&m=119984138526735&w=2
Reference: MILW0RM:4869
Reference: URL:http://www.milw0rm.com/exploits/4869
Reference: CERT-VN:VU#735441
Reference: URL:http://www.kb.cert.org/vuls/id/735441
Reference: BID:27193
Reference: URL:http://www.securityfocus.com/bid/27193
Reference: FRSIRT:ADV-2008-0077
Reference: URL:http://www.frsirt.com/english/advisories/2008/0077
Reference: SECUNIA:28379
Reference: URL:http://secunia.com/advisories/28379

Votes:

Name: CVE-2008-0221

Description:
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080110)
Reference: FULLDISC:20080109 Gateway WebLaunch ActiveX Control Insecure Method
Reference: URL:http://marc.info/?l=full-disclosure&m=119984138526735&w=2
Reference: MILW0RM:4869
Reference: URL:http://www.milw0rm.com/exploits/4869
Reference: FRSIRT:ADV-2008-0077
Reference: URL:http://www.frsirt.com/english/advisories/2008/0077
Reference: SECUNIA:28379
Reference: URL:http://secunia.com/advisories/28379

Votes:

Name: CVE-2008-0222

Description:
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4844
Reference: URL:http://www.milw0rm.com/exploits/4844
Reference: BID:27151
Reference: URL:http://www.securityfocus.com/bid/27151
Reference: XF:wordpress-wpfilemanager-file-upload(39462)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39462

Votes:

Name: CVE-2008-0223

Description:
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.

Status: Candidate
Phase: Assigned (20080110)
Reference: MISC:http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107
Reference: CONFIRM:http://www.justsystems.com/jp/info/pd8001.html
Reference: JVN:JVN#08237857
Reference: URL:http://jvn.jp/jp/JVN%2308237857/index.html
Reference: BID:27153
Reference: URL:http://www.securityfocus.com/bid/27153
Reference: FRSIRT:ADV-2008-0045
Reference: URL:http://www.frsirt.com/english/advisories/2008/0045
Reference: SECTRACK:1019168
Reference: URL:http://www.securitytracker.com/id?1019168
Reference: SECUNIA:28275
Reference: URL:http://secunia.com/advisories/28275
Reference: XF:justsystems-jsfc-bo(39501)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39501

Votes:

Name: CVE-2008-0224

Description:
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4845
Reference: URL:http://milw0rm.com/exploits/4845
Reference: BID:27152
Reference: URL:http://www.securityfocus.com/bid/27152
Reference: SECUNIA:28340
Reference: URL:http://secunia.com/advisories/28340
Reference: XF:runcms-newbb-client-sql-injection(39478)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39478

Votes:

Name: CVE-2008-0225

Description:
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080110)
Reference: MISC:http://aluigi.altervista.org/adv/xinermffhof-adv.txt
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=428620
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=567872
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=205197
Reference: DEBIAN:DSA-1472
Reference: URL:http://www.debian.org/security/2008/dsa-1472
Reference: FEDORA:FEDORA-2008-0718
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00592.html
Reference: GENTOO:GLSA-200801-12
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-12.xml
Reference: MANDRIVA:MDVSA-2008:020
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:020
Reference: MANDRIVA:MDVSA-2008:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
Reference: SUSE:SUSE-SR:2008:002
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
Reference: UBUNTU:USN-635-1
Reference: URL:http://www.ubuntu.com/usn/usn-635-1
Reference: BID:27198
Reference: URL:http://www.securityfocus.com/bid/27198
Reference: FRSIRT:ADV-2008-0163
Reference: URL:http://www.frsirt.com/english/advisories/2008/0163
Reference: SECUNIA:28384
Reference: URL:http://secunia.com/advisories/28384
Reference: SECUNIA:28489
Reference: URL:http://secunia.com/advisories/28489
Reference: SECUNIA:28636
Reference: URL:http://secunia.com/advisories/28636
Reference: SECUNIA:28674
Reference: URL:http://secunia.com/advisories/28674
Reference: SECUNIA:28507
Reference: URL:http://secunia.com/advisories/28507
Reference: SECUNIA:28955
Reference: URL:http://secunia.com/advisories/28955
Reference: SECUNIA:31393
Reference: URL:http://secunia.com/advisories/31393

Votes:

Name: CVE-2008-0226

Description:
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080104 Multiple vulnerabilities in yaSSL 1.7.5
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded
Reference: BUGTRAQ:20080104 Pre-auth buffer-overflow in mySQL through yaSSL
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485811/100/0/threaded
Reference: CONFIRM:http://bugs.mysql.com/33814
Reference: CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
Reference: CONFIRM:http://support.apple.com/kb/HT3216
Reference: APPLE:APPLE-SA-2008-10-09
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Reference: DEBIAN:DSA-1478
Reference: URL:http://www.debian.org/security/2008/dsa-1478
Reference: MANDRIVA:MDVSA-2008:150
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
Reference: UBUNTU:USN-588-1
Reference: URL:http://www.ubuntu.com/usn/usn-588-1
Reference: BID:27140
Reference: URL:http://www.securityfocus.com/bid/27140
Reference: BID:31681
Reference: URL:http://www.securityfocus.com/bid/31681
Reference: FRSIRT:ADV-2008-0560
Reference: URL:http://www.frsirt.com/english/advisories/2008/0560/references
Reference: FRSIRT:ADV-2008-2780
Reference: URL:http://www.frsirt.com/english/advisories/2008/2780
Reference: SECUNIA:28324
Reference: URL:http://secunia.com/advisories/28324
Reference: SECUNIA:28419
Reference: URL:http://secunia.com/advisories/28419
Reference: SECUNIA:28597
Reference: URL:http://secunia.com/advisories/28597
Reference: SECUNIA:29443
Reference: URL:http://secunia.com/advisories/29443
Reference: SECUNIA:32222
Reference: URL:http://secunia.com/advisories/32222
Reference: SREASON:3531
Reference: URL:http://securityreason.com/securityalert/3531
Reference: XF:yassl-inputbufferoperator-bo(39431)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39431
Reference: XF:yassl-processoldclienthello-bo(39429)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39429

Votes:

Name: CVE-2008-0227

Description:
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080104 Multiple vulnerabilities in yaSSL 1.7.5
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded
Reference: CONFIRM:http://bugs.mysql.com/33814
Reference: CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
Reference: CONFIRM:http://support.apple.com/kb/HT3216
Reference: APPLE:APPLE-SA-2008-10-09
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Reference: DEBIAN:DSA-1478
Reference: URL:http://www.debian.org/security/2008/dsa-1478
Reference: MANDRIVA:MDVSA-2008:150
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
Reference: UBUNTU:USN-588-1
Reference: URL:http://www.ubuntu.com/usn/usn-588-1
Reference: BID:27140
Reference: URL:http://www.securityfocus.com/bid/27140
Reference: BID:31681
Reference: URL:http://www.securityfocus.com/bid/31681
Reference: FRSIRT:ADV-2008-0560
Reference: URL:http://www.frsirt.com/english/advisories/2008/0560/references
Reference: FRSIRT:ADV-2008-2780
Reference: URL:http://www.frsirt.com/english/advisories/2008/2780
Reference: SECUNIA:28324
Reference: URL:http://secunia.com/advisories/28324
Reference: SECUNIA:28597
Reference: URL:http://secunia.com/advisories/28597
Reference: SECUNIA:29443
Reference: URL:http://secunia.com/advisories/29443
Reference: SECUNIA:32222
Reference: URL:http://secunia.com/advisories/32222
Reference: SREASON:3531
Reference: URL:http://securityreason.com/securityalert/3531
Reference: XF:yassl-hashwithtransformupdate-dos(39433)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39433

Votes:

Name: CVE-2008-0228

Description:
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080107 Linksys WRT54 GL - Session riding (CSRF)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485853/100/0/threaded
Reference: BUGTRAQ:20080115 Re: Linksys WRT54 GL - Session riding (CSRF)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486362/100/0/threaded
Reference: SECUNIA:28364
Reference: URL:http://secunia.com/advisories/28364
Reference: SREASON:3534
Reference: URL:http://securityreason.com/securityalert/3534
Reference: XF:linksys-apply-csrf(39502)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39502

Votes:

Name: CVE-2008-0229

Description:
The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless Modem Router with firmware 1.00.11 and 1.00.12 does not require authentication, which allows remote attackers on the local or wireless network to obtain administrative access.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080108 Level-One WBR-3460A Grants Root Access
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485935/100/0/threaded
Reference: BID:27183
Reference: URL:http://www.securityfocus.com/bid/27183
Reference: SECTRACK:1019162
Reference: URL:http://www.securitytracker.com/id?1019162
Reference: SECUNIA:28397
Reference: URL:http://secunia.com/advisories/28397
Reference: SREASON:3533
Reference: URL:http://securityreason.com/securityalert/3533

Votes:

Name: CVE-2008-0230

Description:
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4870
Reference: URL:http://www.milw0rm.com/exploits/4870
Reference: MISC:http://packetstormsecurity.org/0801-exploits/osdata-lfi.txt
Reference: BID:27208
Reference: URL:http://www.securityfocus.com/bid/27208
Reference: SECUNIA:28420
Reference: URL:http://secunia.com/advisories/28420
Reference: XF:osdate-php121db-file-include(39567)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39567

Votes:

Name: CVE-2008-0231

Description:
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze Theme, (3) Orange Cutout, (4) Lonely Maple, (5) Endless, (6) Classic Theme, and (7) Music Theme webpage templates allow remote attackers to include and execute arbitrary files via ".." sequences in the page parameter. NOTE: this can be leveraged for remote file inclusion when running in some PHP 5 environments.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080109 LFI in Tuned Studios Templates
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485991/100/0/threaded
Reference: MILW0RM:4876
Reference: URL:http://www.milw0rm.com/exploits/4876
Reference: BID:27196
Reference: URL:http://www.securityfocus.com/bid/27196
Reference: SREASON:3532
Reference: URL:http://securityreason.com/securityalert/3532
Reference: XF:tunedstudiostemplates-index-file-include(39555)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39555

Votes:

Name: CVE-2008-0232

Description:
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4864
Reference: URL:http://www.milw0rm.com/exploits/4864
Reference: MISC:http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt
Reference: BID:27186
Reference: URL:http://www.securityfocus.com/bid/27186
Reference: XF:zerocms-index-sql-injection(39530)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39530

Votes:

Name: CVE-2008-0233

Description:
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.

Votes:

Name: CVE-2008-0234

Description:
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.

Status: Candidate
Phase: Assigned (20080110)
Reference: BUGTRAQ:20080110 Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486091/100/0/threaded
Reference: BUGTRAQ:20080110 Re: Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486114/100/0/threaded
Reference: BUGTRAQ:20080111 Re: Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486174/100/0/threaded
Reference: BUGTRAQ:20080111 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486161/100/0/threaded
Reference: BUGTRAQ:20080112 Re: Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486268/100/0/threaded
Reference: BUGTRAQ:20080112 Re: Re: Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486241/100/0/threaded
Reference: BUGTRAQ:20080114 Re: [Full-disclosure] Buffer-overflow in Quicktime Player 7.3.1.70
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486238/100/0/threaded
Reference: MILW0RM:4885
Reference: URL:http://www.milw0rm.com/exploits/4885
Reference: MILW0RM:4906
Reference: URL:http://www.milw0rm.com/exploits/4906
Reference: APPLE:APPLE-SA-2008-02-06
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Feb/msg00001.html
Reference: CERT-VN:VU#112179
Reference: URL:http://www.kb.cert.org/vuls/id/112179
Reference: BID:27225
Reference: URL:http://www.securityfocus.com/bid/27225
Reference: FRSIRT:ADV-2008-0107
Reference: URL:http://www.frsirt.com/english/advisories/2008/0107
Reference: FRSIRT:ADV-2008-2064
Reference: URL:http://www.frsirt.com/english/advisories/2008/2064/references
Reference: SECTRACK:1019178
Reference: URL:http://www.securitytracker.com/id?1019178
Reference: SECUNIA:28423
Reference: URL:http://secunia.com/advisories/28423
Reference: SECUNIA:31034
Reference: URL:http://secunia.com/advisories/31034
Reference: SREASON:3537
Reference: URL:http://securityreason.com/securityalert/3537
Reference: XF:quicktime-rtsp-responses-bo(39601)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39601

Votes:

Name: CVE-2008-0235

Description:
The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4875
Reference: URL:http://www.milw0rm.com/exploits/4875
Reference: MISC:http://packetstormsecurity.org/0801-exploits/msvfpole-exec.txt
Reference: MISC:http://shinnai.altervista.org/exploits/txt/TXT_rNowA1916DKFNUF48NyS.html
Reference: BID:27199
Reference: URL:http://www.securityfocus.com/bid/27199
Reference: SECUNIA:28417
Reference: URL:http://secunia.com/advisories/28417
Reference: XF:microsoft-vfpoleserver-command-execution(39559)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39559

Votes:

Name: CVE-2008-0236

Description:
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4873
Reference: URL:http://www.milw0rm.com/exploits/4873
Reference: MISC:http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html
Reference: BID:27205
Reference: URL:http://www.securityfocus.com/bid/27205
Reference: SECUNIA:28417
Reference: URL:http://secunia.com/advisories/28417
Reference: XF:microsoft-foxserver-command-execution(39558)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39558

Votes:

Name: CVE-2008-0237

Description:
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.

Status: Candidate
Phase: Assigned (20080110)
Reference: MILW0RM:4874
Reference: URL:http://www.milw0rm.com/exploits/4874
Reference: MISC:http://shinnai.altervista.org/exploits/txt/TXT_DZVN8CwCha0I2fI3NeEs.html
Reference: BID:27201
Reference: URL:http://www.securityfocus.com/bid/27201
Reference: XF:microsoft-richtextbox-file-overwrite(39557)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39557

Votes:

Name: CVE-2008-0238

Description:
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080111)
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=205197
Reference: GENTOO:GLSA-200801-12
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-12.xml
Reference: MANDRIVA:MDVSA-2008:020
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:020
Reference: MANDRIVA:MDVSA-2008:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
Reference: UBUNTU:USN-635-1
Reference: URL:http://www.ubuntu.com/usn/usn-635-1
Reference: SECUNIA:28384
Reference: URL:http://secunia.com/advisories/28384
Reference: SECUNIA:28674
Reference: URL:http://secunia.com/advisories/28674
Reference: SECUNIA:28955
Reference: URL:http://secunia.com/advisories/28955
Reference: SECUNIA:31393
Reference: URL:http://secunia.com/advisories/31393

Votes:

Name: CVE-2008-0239

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

Status: Candidate
Phase: Assigned (20080111)
Reference: BUGTRAQ:20080110 PR07-06, PR07-07, PR07-08, PR07-09, PR07-10, PR07-12: Several XSS, Cross-domain Redirection and Frame Injection on Sun Java System Identity Manager
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486076/100/0/threaded
Reference: MISC:http://www.procheckup.com/Vulnerability_PR07-06.php
Reference: MISC:http://www.procheckup.com/Vulnerability_PR07-07.php
Reference: MISC:http://www.procheckup.com/Vulnerability_PR07-08.php
Reference: SUNALERT:103180
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
Reference: SUNALERT:200558
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
Reference: BID:27214
Reference: URL:http://www.securityfocus.com/bid/27214
Reference: FRSIRT:ADV-2008-0089
Reference: URL:http://www.frsirt.com/english/advisories/2008/0089
Reference: SECTRACK:1019175
Reference: URL:http://www.securitytracker.com/id?1019175
Reference: SECUNIA:28356
Reference: URL:http://secunia.com/advisories/28356
Reference: SREASON:3535
Reference: URL:http://securityreason.com/securityalert/3535
Reference: XF:sun-identity-lang-xss(39581)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39581
Reference: XF:sun-identity-login-xss(39580)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39580
Reference: XF:sun-identity-main-xss(39583)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39583
Reference: XF:sun-identity-resultsform-xss(39582)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39582

Votes:

Name: CVE-2008-0240

Description:
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

Votes:

Name: CVE-2008-0241

Description:
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 to allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.

Votes:

Name: CVE-2008-0242

Description:
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.

Status: Candidate
Phase: Assigned (20080111)
Reference: SUNALERT:103165
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103165-1
Reference: SUNALERT:200641
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200641-1
Reference: BID:27253
Reference: URL:http://www.securityfocus.com/bid/27253
Reference: FRSIRT:ADV-2008-0131
Reference: URL:http://www.frsirt.com/english/advisories/2008/0131
Reference: OVAL:oval:org.mitre.oval:def:5211
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5211
Reference: SECTRACK:1019187
Reference: URL:http://www.securitytracker.com/id?1019187
Reference: SECUNIA:28493
Reference: URL:http://secunia.com/advisories/28493
Reference: XF:solaris-libdevinfo-privilege-escalation(39629)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39629

Votes:

Name: CVE-2008-0243

Description:
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.

Status: Candidate
Phase: Assigned (20080111)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27011539
Reference: BID:27215
Reference: URL:http://www.securityfocus.com/bid/27215
Reference: FRSIRT:ADV-2008-0086
Reference: URL:http://www.frsirt.com/english/advisories/2008/0086
Reference: SECUNIA:28411
Reference: URL:http://secunia.com/advisories/28411
Reference: XF:lotus-domino-unspecified-dos(39588)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39588

Votes:

Name: CVE-2008-0244

Description:
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.

Status: Candidate
Phase: Assigned (20080111)
Reference: BUGTRAQ:20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486039/100/0/threaded
Reference: MILW0RM:4877
Reference: URL:http://www.milw0rm.com/exploits/4877
Reference: MISC:http://aluigi.altervista.org/adv/sapone-adv.txt
Reference: BID:27206
Reference: URL:http://www.securityfocus.com/bid/27206
Reference: FRSIRT:ADV-2008-0104
Reference: URL:http://www.frsirt.com/english/advisories/2008/0104
Reference: SECTRACK:1019171
Reference: URL:http://www.securitytracker.com/id?1019171
Reference: SECUNIA:28409
Reference: URL:http://secunia.com/advisories/28409
Reference: SREASON:3536
Reference: URL:http://securityreason.com/securityalert/3536
Reference: XF:maxdb-system-command-execution(39573)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39573

Votes:

Name: CVE-2008-0245

Description:
admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Status: Candidate
Phase: Assigned (20080111)
Reference: MILW0RM:4871
Reference: URL:http://www.milw0rm.com/exploits/4871
Reference: BID:27203
Reference: URL:http://www.securityfocus.com/bid/27203
Reference: XF:uploadimage-admin-command-execution(39571)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39571

Votes:

Name: CVE-2008-0246

Description:
admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

Status: Candidate
Phase: Assigned (20080111)
Reference: MILW0RM:4871
Reference: URL:http://www.milw0rm.com/exploits/4871
Reference: BID:27203
Reference: URL:http://www.securityfocus.com/bid/27203
Reference: XF:uploadscript-admin-command-execution(39570)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39570

Votes:

Name: CVE-2008-0247

Description:
Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.

Status: Candidate
Phase: Assigned (20080111)
Reference: BUGTRAQ:20080114 ZDI-08-001: IBM Tivoli Storage Manager Express Backup Server Heap Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486270/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-08-001.html
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21291536
Reference: BID:27235
Reference: URL:http://www.securityfocus.com/bid/27235
Reference: FRSIRT:ADV-2008-0106
Reference: URL:http://www.frsirt.com/english/advisories/2008/0106
Reference: SECTRACK:1019182
Reference: URL:http://www.securitytracker.com/id?1019182
Reference: SECUNIA:28440
Reference: URL:http://secunia.com/advisories/28440
Reference: XF:ibm-tsmexpressserver-bo(39604)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39604

Votes:

Name: CVE-2008-0248

Description:
Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ChainCast ProxyManager allows remote attackers to execute arbitrary code via a long URL argument to the InternalTuneIn method.

Status: Candidate
Phase: Assigned (20080111)
Reference: FULLDISC:20080111 StreamAudio ChainCast ProxyManager ccpm_0237.dll Buffer Overflow
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059572.html
Reference: MILW0RM:4894
Reference: URL:http://www.milw0rm.com/exploits/4894
Reference: BID:27247
Reference: URL:http://www.securityfocus.com/bid/27247
Reference: FRSIRT:ADV-2008-0133
Reference: URL:http://www.frsirt.com/english/advisories/2008/0133
Reference: SECUNIA:28461
Reference: URL:http://secunia.com/advisories/28461
Reference: XF:streamaudio-chaincastproxymanager-bo(39622)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39622

Votes:

Name: CVE-2008-0249

Description:
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.

Status: Candidate
Phase: Assigned (20080111)
Reference: MILW0RM:4872
Reference: URL:http://www.milw0rm.com/exploits/4872
Reference: BID:27202
Reference: URL:http://www.securityfocus.com/bid/27202
Reference: XF:phpwebquest-backup-information-disclosure(39572)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39572

Votes:

Name: CVE-2008-0250

Description:
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.

Status: Candidate
Phase: Assigned (20080111)
Reference: MILW0RM:4892
Reference: URL:http://www.milw0rm.com/exploits/4892
Reference: MISC:http://shinnai.altervista.org/exploits/txt/TXT_PoEOrFM8py30PXrDF7IY.html
Reference: BID:27250
Reference: URL:http://www.securityfocus.com/bid/27250
Reference: SECUNIA:28482
Reference: URL:http://secunia.com/advisories/28482
Reference: XF:visualinterdev-sln-project-bo(41826)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41826

Votes:

Name: CVE-2008-0251

Description:
Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.

Status: Candidate
Phase: Assigned (20080111)
Reference: CONFIRM:http://www.photopost.com/forum/showthread.php?t=134909
Reference: CONFIRM:http://www.photopost.com/forum/showthread.php?t=134910
Reference: SECUNIA:28430
Reference: URL:http://secunia.com/advisories/28430
Reference: XF:vbgallery-unspecified-code-execution(39621)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39621

Votes:

Name: CVE-2008-0252

Description:
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.

Status: Candidate
Phase: Assigned (20080111)
Reference: BUGTRAQ:20080124 rPSA-2008-0030-1 CherryPy
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487001/100/0/threaded
Reference: CONFIRM:http://www.cherrypy.org/changeset/1774
Reference: CONFIRM:http://www.cherrypy.org/changeset/1775
Reference: CONFIRM:http://www.cherrypy.org/changeset/1776
Reference: CONFIRM:http://www.cherrypy.org/ticket/744
Reference: CONFIRM:https://bugs.gentoo.org/show_bug.cgi?id=204829
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-2127
Reference: DEBIAN:DSA-1481
Reference: URL:http://www.debian.org/security/2008/dsa-1481
Reference: FEDORA:FEDORA-2008-0299
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00240.html
Reference: FEDORA:FEDORA-2008-0333
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00297.html
Reference: GENTOO:GLSA-200801-11
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-11.xml
Reference: BID:27181
Reference: URL:http://www.securityfocus.com/bid/27181
Reference: FRSIRT:ADV-2008-0039
Reference: URL:http://www.frsirt.com/english/advisories/2008/0039
Reference: SECUNIA:28354
Reference: URL:http://secunia.com/advisories/28354
Reference: SECUNIA:28611
Reference: URL:http://secunia.com/advisories/28611
Reference: SECUNIA:28620
Reference: URL:http://secunia.com/advisories/28620
Reference: SECUNIA:28769
Reference: URL:http://secunia.com/advisories/28769
Reference: SECUNIA:28353
Reference: URL:http://secunia.com/advisories/28353

Votes:

Name: CVE-2008-0253

Description:
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080114 Binn SBuilder (nid) Remote Blind Sql Injection Vulnerabily
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486265/100/0/threaded
Reference: MILW0RM:4904
Reference: URL:http://www.milw0rm.com/exploits/4904
Reference: BID:27264
Reference: URL:http://www.securityfocus.com/bid/27264
Reference: XF:binnsbuilder-fulltext-sql-injection(39634)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39634

Votes:

Name: CVE-2008-0254

Description:
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4901
Reference: URL:http://www.milw0rm.com/exploits/4901
Reference: BID:27263
Reference: URL:http://www.securityfocus.com/bid/27263
Reference: SECUNIA:28446
Reference: URL:http://secunia.com/advisories/28446
Reference: XF:tutorialcms-activate-sql-injection(39642)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39642

Votes:

Name: CVE-2008-0255

Description:
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4886
Reference: URL:http://www.milw0rm.com/exploits/4886
Reference: BID:27230
Reference: URL:http://www.securityfocus.com/bid/27230
Reference: SECUNIA:28426
Reference: URL:http://secunia.com/advisories/28426
Reference: XF:igamingcms-archive-sql-injection(39598)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39598

Votes:

Name: CVE-2008-0256

Description:
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4900
Reference: URL:http://www.milw0rm.com/exploits/4900
Reference: BID:27262
Reference: URL:http://www.securityfocus.com/bid/27262
Reference: SECUNIA:28447
Reference: URL:http://secunia.com/advisories/28447
Reference: XF:aspphotogallery-multiple-sql-injection(39646)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39646

Votes:

Name: CVE-2008-0257

Description:
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080115)
Reference: BID:27269
Reference: URL:http://www.securityfocus.com/bid/27269
Reference: SECUNIA:28465
Reference: URL:http://secunia.com/advisories/28465
Reference: XF:dansiesearchengine-search-xss(39636)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39636

Votes:

Name: CVE-2008-0258

Description:
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=568237&group_id=103505
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1204199&group_id=103505&atid=634992
Reference: BID:27268
Reference: URL:http://www.securityfocus.com/bid/27268
Reference: SECUNIA:28474
Reference: URL:http://secunia.com/advisories/28474
Reference: XF:phprunningmanagement-index-xss(39639)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39639

Votes:

Name: CVE-2008-0259

Description:
Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php in minimal Gallery 0.8 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) thumbcat and (2) thumb parameters.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4902
Reference: URL:http://www.milw0rm.com/exploits/4902
Reference: BID:27265
Reference: URL:http://www.securityfocus.com/bid/27265
Reference: SECUNIA:28391
Reference: URL:http://secunia.com/advisories/28391
Reference: XF:minimalgallery-mgthumbs-file-include(39649)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39649

Votes:

Name: CVE-2008-0260

Description:
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to php_info.php, which calls the phpinfo function.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4902
Reference: URL:http://www.milw0rm.com/exploits/4902
Reference: SECUNIA:28391
Reference: URL:http://secunia.com/advisories/28391

Votes:

Name: CVE-2008-0261

Description:
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://forum.mambo-foundation.org/showthread.php?t=9651
Reference: BID:27239
Reference: URL:http://www.securityfocus.com/bid/27239
Reference: SECUNIA:28392
Reference: URL:http://secunia.com/advisories/28392
Reference: XF:mambo-search-dos(39613)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39613

Votes:

Name: CVE-2008-0262

Description:
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4898
Reference: URL:http://www.milw0rm.com/exploits/4898
Reference: MILW0RM:4905
Reference: URL:http://www.milw0rm.com/exploits/4905
Reference: BID:27258
Reference: URL:http://www.securityfocus.com/bid/27258
Reference: XF:agares-articleblock-sql-injection(39641)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39641

Votes:

Name: CVE-2008-0263

Description:
The SIP module in Ingate Firewall before 4.6.1 and SIParator before 4.6.1 does not reuse SIP media ports in unspecified call hold and send-only stream scenarios, which allows remote attackers to cause a denial of service (port exhaustion) via unspecified vectors.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://www.ingate.com/relnote-461.php
Reference: BID:27222
Reference: URL:http://www.securityfocus.com/bid/27222
Reference: FRSIRT:ADV-2008-0108
Reference: URL:http://www.frsirt.com/english/advisories/2008/0108
Reference: SECTRACK:1019176
Reference: URL:http://www.securitytracker.com/id?1019176
Reference: SECTRACK:1019177
Reference: URL:http://www.securitytracker.com/id?1019177
Reference: SECUNIA:28394
Reference: URL:http://secunia.com/advisories/28394

Votes:

Name: CVE-2008-0264

Description:
Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 module for Drupal, when images are permitted in node bodies, allows remote authenticated users to execute arbitrary code via unspecified vectors involving creation of a node.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/209759
Reference: FRSIRT:ADV-2008-0129
Reference: URL:http://www.frsirt.com/english/advisories/2008/0129
Reference: SECUNIA:28478
Reference: URL:http://secunia.com/advisories/28478
Reference: XF:drupal-metatags-code-execution(39638)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39638

Votes:

Name: CVE-2008-0265

Description:
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080114 F5 BIG-IP Web Management List Search XSS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486217/100/0/threaded
Reference: BID:27272
Reference: URL:http://www.securityfocus.com/bid/27272
Reference: FRSIRT:ADV-2008-0181
Reference: URL:http://www.frsirt.com/english/advisories/2008/0181
Reference: SECTRACK:1019190
Reference: URL:http://www.securitytracker.com/id?1019190
Reference: SECUNIA:28505
Reference: URL:http://secunia.com/advisories/28505
Reference: SREASON:3545
Reference: URL:http://securityreason.com/securityalert/3545
Reference: XF:f5bigip-searchstring-xss(39632)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39632

Votes:

Name: CVE-2008-0266

Description:
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080106 eTicket 1.5.5.2 Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485835/100/0/threaded
Reference: BID:27173
Reference: URL:http://www.securityfocus.com/bid/27173
Reference: SECUNIA:28331
Reference: URL:http://secunia.com/advisories/28331
Reference: SREASON:3542
Reference: URL:http://securityreason.com/securityalert/3542
Reference: XF:eticket-admin-csrf(39490)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39490

Votes:

Name: CVE-2008-0267

Description:
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080106 eTicket 1.5.5.2 Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485835/100/0/threaded
Reference: BID:27173
Reference: URL:http://www.securityfocus.com/bid/27173
Reference: SECUNIA:28331
Reference: URL:http://secunia.com/advisories/28331
Reference: SREASON:3542
Reference: URL:http://securityreason.com/securityalert/3542
Reference: XF:eticket-search-sql-injection(39489)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39489

Votes:

Name: CVE-2008-0268

Description:
Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080106 eTicket 1.5.5.2 Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485835/100/0/threaded
Reference: BID:27173
Reference: URL:http://www.securityfocus.com/bid/27173
Reference: SECUNIA:28331
Reference: URL:http://secunia.com/advisories/28331
Reference: SREASON:3542
Reference: URL:http://securityreason.com/securityalert/3542
Reference: XF:eticket-view-xss(39488)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39488

Votes:

Name: CVE-2008-0269

Description:
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.

Status: Candidate
Phase: Assigned (20080115)
Reference: SUNALERT:103188
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103188-1
Reference: SUNALERT:201513
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201513-1
Reference: BID:27260
Reference: URL:http://www.securityfocus.com/bid/27260
Reference: FRSIRT:ADV-2008-0130
Reference: URL:http://www.frsirt.com/english/advisories/2008/0130
Reference: OVAL:oval:org.mitre.oval:def:5400
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5400
Reference: SECTRACK:1019186
Reference: URL:http://www.securitytracker.com/id?1019186
Reference: SECUNIA:28491
Reference: URL:http://secunia.com/advisories/28491
Reference: XF:solaris-dotoprocs-dos(39631)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39631

Votes:

Name: CVE-2008-0270

Description:
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4899
Reference: URL:http://www.milw0rm.com/exploits/4899
Reference: BID:27257
Reference: URL:http://www.securityfocus.com/bid/27257
Reference: SECUNIA:28448
Reference: URL:http://secunia.com/advisories/28448
Reference: XF:taskfreak-index-sql-injection(39645)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39645

Votes:

Name: CVE-2008-0271

Description:
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208534
Reference: FRSIRT:ADV-2008-0128
Reference: URL:http://www.frsirt.com/english/advisories/2008/0128
Reference: SECUNIA:28418
Reference: URL:http://secunia.com/advisories/28418
Reference: XF:drupal-bueditor-csrf(39614)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39614

Votes:

Name: CVE-2008-0272

Description:
Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208562
Reference: BID:27238
Reference: URL:http://www.securityfocus.com/bid/27238
Reference: FRSIRT:ADV-2008-0127
Reference: URL:http://www.frsirt.com/english/advisories/2008/0127
Reference: SECUNIA:28422
Reference: URL:http://secunia.com/advisories/28422
Reference: XF:drupal-aggregator-csrf(39617)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39617

Votes:

Name: CVE-2008-0273

Description:
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208564
Reference: BID:27238
Reference: URL:http://www.securityfocus.com/bid/27238
Reference: FRSIRT:ADV-2008-0127
Reference: URL:http://www.frsirt.com/english/advisories/2008/0127
Reference: SECUNIA:28422
Reference: URL:http://secunia.com/advisories/28422
Reference: XF:drupal-utf8-xss(39619)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39619

Votes:

Name: CVE-2008-0274

Description:
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208565
Reference: BID:27238
Reference: URL:http://www.securityfocus.com/bid/27238
Reference: FRSIRT:ADV-2008-0127
Reference: URL:http://www.frsirt.com/english/advisories/2008/0127
Reference: SECUNIA:28422
Reference: URL:http://secunia.com/advisories/28422
Reference: XF:drupal-theme-xss(39605)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39605

Votes:

Name: CVE-2008-0275

Description:
The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal does not properly manage permissions for node (1) titles, (2) teasers, and (3) bodies, which might allow remote attackers to gain access to syndicated content.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208527
Reference: XF:drupal-atom-security-bypass(39607)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39607

Votes:

Name: CVE-2008-0276

Description:
Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208524
Reference: XF:drupal-devel-variable-xss(39606)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39606

Votes:

Name: CVE-2008-0277

Description:
Unspecified vulnerability in the Fileshare module for Drupal allows remote authenticated users with node-creation privileges to execute arbitrary code via unspecified vectors.

Status: Candidate
Phase: Assigned (20080115)
Reference: CONFIRM:http://drupal.org/node/208537
Reference: XF:drupal-fileshare-code-execution(39609)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39609

Votes:

Name: CVE-2008-0278

Description:
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4907
Reference: URL:http://www.milw0rm.com/exploits/4907
Reference: BID:27277
Reference: URL:http://www.securityfocus.com/bid/27277
Reference: SECUNIA:28503
Reference: URL:http://secunia.com/advisories/28503
Reference: XF:x7chatday-sql-injection(39656)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39656

Votes:

Name: CVE-2008-0279

Description:
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4908
Reference: URL:http://www.milw0rm.com/exploits/4908
Reference: BID:27278
Reference: URL:http://www.securityfocus.com/bid/27278
Reference: XF:xforum-liretopic-sql-injection(39654)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39654

Votes:

Name: CVE-2008-0280

Description:
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080110 MTCMS <=2.0 SQL Injection Vulnerbility
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486090/100/0/threaded
Reference: MILW0RM:4882
Reference: URL:http://www.milw0rm.com/exploits/4882
Reference: BID:27224
Reference: URL:http://www.securityfocus.com/bid/27224
Reference: SECUNIA:28428
Reference: URL:http://secunia.com/advisories/28428
Reference: SREASON:3544
Reference: URL:http://securityreason.com/securityalert/3544
Reference: XF:mtcms-a-sql-injection(39597)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39597

Votes:

Name: CVE-2008-0281

Description:
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: FULLDISC:20080110 (( PoC)) ID-Commerce Security Advisory - SLR-2007-001 (( PoC))
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059537.html
Reference: FULLDISC:20080110 ID-Commerce Security Advisory - SLR-2007-001
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059533.html
Reference: FULLDISC:20080110 ID-Commerce Security Advisory - SLR-2007-001
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059538.html
Reference: BID:27220
Reference: URL:http://www.securityfocus.com/bid/27220
Reference: XF:idcommerce-liste-sql-injection(39594)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39594

Votes:

Name: CVE-2008-0282

Description:
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4880
Reference: URL:http://www.milw0rm.com/exploits/4880
Reference: BID:27212
Reference: URL:http://www.securityfocus.com/bid/27212
Reference: SECUNIA:28393
Reference: URL:http://secunia.com/advisories/28393
Reference: XF:domphp-inscription-sql-injection(39593)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39593

Votes:

Name: CVE-2008-0283

Description:
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4883
Reference: URL:http://www.milw0rm.com/exploits/4883
Reference: BID:27226
Reference: URL:http://www.securityfocus.com/bid/27226

Votes:

Name: CVE-2008-0284

Description:
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080110 Simple Machines Forum Cross-Site Scripting Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486074/100/0/threaded
Reference: SREASON:3540
Reference: URL:http://securityreason.com/securityalert/3540
Reference: XF:simplemachinesforum-itemid-xss(39585)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39585

Votes:

Name: CVE-2008-0285

Description:
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.

Status: Candidate
Phase: Assigned (20080115)
Reference: MISC:http://arthur.barton.de/cgi-bin/viewcvs.cgi/ngircd/ngircd/src/ngircd/irc-channel.c?r1=1.40&r2=1.41&diff_format=h
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=204834
Reference: CONFIRM:http://ngircd.barton.de/doc/ChangeLog
Reference: GENTOO:GLSA-200801-13
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-13.xml
Reference: BID:27318
Reference: URL:http://www.securityfocus.com/bid/27318
Reference: SECUNIA:28425
Reference: URL:http://secunia.com/advisories/28425
Reference: SECUNIA:28673
Reference: URL:http://secunia.com/advisories/28673

Votes:

Name: CVE-2008-0286

Description:
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080115 Article DashBoard all version SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486323/100/0/threaded
Reference: BUGTRAQ:20080116 Re: Article DashBoard all version SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486646/100/0/threaded
Reference: BID:27286
Reference: URL:http://www.securityfocus.com/bid/27286
Reference: SECUNIA:28495
Reference: URL:http://secunia.com/advisories/28495
Reference: SREASON:3546
Reference: URL:http://securityreason.com/securityalert/3546
Reference: XF:articledashboard-login-sql-injection(39657)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39657

Votes:

Name: CVE-2008-0287

Description:
PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php and (2) checkout.php.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4889
Reference: URL:http://www.milw0rm.com/exploits/4889
Reference: BID:27231
Reference: URL:http://www.securityfocus.com/bid/27231
Reference: SECUNIA:28424
Reference: URL:http://secunia.com/advisories/28424
Reference: XF:vcart-checkout-index-file-include(39616)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39616

Votes:

Name: CVE-2008-0288

Description:
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080111 ImageAlbum Remote SQL Injection Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486162/100/0/threaded
Reference: MILW0RM:4895
Reference: URL:http://www.milw0rm.com/exploits/4895
Reference: BID:27240
Reference: URL:http://www.securityfocus.com/bid/27240
Reference: SREASON:3548
Reference: URL:http://securityreason.com/securityalert/3548

Votes:

Name: CVE-2008-0289

Description:
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."

Status: Candidate
Phase: Assigned (20080115)
Reference: BUGTRAQ:20080111 Member Area System (MAS) Remote File Include Vulnerability (view_func.php)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486172/100/0/threaded
Reference: BUGTRAQ:20080118 Re: Member Area System (MAS) Remote File Include Vulnerability (view_func.php)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486618/100/0/threaded
Reference: BID:27244
Reference: URL:http://www.securityfocus.com/bid/27244
Reference: SREASON:3547
Reference: URL:http://securityreason.com/securityalert/3547
Reference: XF:mas-viewfunc-file-include(39611)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39611

Votes:

Name: CVE-2008-0290

Description:
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.

Status: Candidate
Phase: Assigned (20080115)
Reference: MILW0RM:4887
Reference: URL:http://www.milw0rm.com/exploits/4887
Reference: BID:27232
Reference: URL:http://www.securityfocus.com/bid/27232
Reference: XF:digitalhive-base-sql-injection(39602)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39602

Votes:

Name: CVE-2008-0291

Description:
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Status: Candidate
Phase: Assigned (20080116)
Reference: BUGTRAQ:20080116 RichStrong CMS (showproduct.asp?cat=) Remote SQL Injection Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486402/100/0/threaded
Reference: MILW0RM:4910
Reference: URL:http://www.milw0rm.com/exploits/4910
Reference: BID:27281
Reference: URL:http://www.securityfocus.com/bid/27281
Reference: BID:27310
Reference: URL:http://www.securityfocus.com/bid/27310
Reference: SECUNIA:28449
Reference: URL:http://secunia.com/advisories/28449
Reference: XF:richstrongcms-showproduct-sql-injection(39668)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39668

Votes:

Name: CVE-2008-0292

Description:
Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20080116)
Reference: SECUNIA:28501
Reference: URL:http://secunia.com/advisories/28501
Reference: XF:dansiephotoalbum-photoalbum-xss(39664)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39664

Votes:

Name: CVE-2008-0293

Description:
Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when format.php has certain modifications, allows remote attackers to bypass authentication and gain privileges via unspecified vectors related to the show_foot function.

Status: Candidate
Phase: Assigned (20080116)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=160239&release_id=568374
Reference: SECUNIA:28459
Reference: URL:http://secunia.com/advisories/28459
Reference: XF:freeseat-cron-security-bypass(39648)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39648

Votes:

Name: CVE-2008-0294

Description:
Unspecified vulnerability in the seat-locking implementation in FreeSeat before 1.1.5d allows attackers to book a seat more than once via unspecified vectors.

Status: Candidate
Phase: Assigned (20080116)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=568374&group_id=160239
Reference: BID:27270
Reference: URL:http://www.securityfocus.com/bid/27270
Reference: SECUNIA:28459
Reference: URL:http://secunia.com/advisories/28459
Reference: XF:freeseat-seatlocking-security-bypass(39647)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39647

Votes:

Name: CVE-2008-0295

Description:
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Status: Candidate
Phase: Assigned (20080116)
Reference: MISC:http://aluigi.altervista.org/adv/vlcxhof-adv.txt
Reference: DEBIAN:DSA-1543
Reference: URL:http://www.debian.org/security/2008/dsa-1543
Reference: GENTOO:GLSA-200803-13
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
Reference: BID:27221
Reference: URL:http://www.securityfocus.com/bid/27221
Reference: FRSIRT:ADV-2008-0105
Reference: URL:http://www.frsirt.com/english/advisories/2008/0105
Reference: SECUNIA:28383
Reference: URL:http://secunia.com/advisories/28383
Reference: SECUNIA:29284
Reference: URL:http://secunia.com/advisories/29284
Reference: SECUNIA:29766
Reference: URL:http://secunia.com/advisories/29766

Votes:

Name: CVE-2008-0296

Description:
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.

Status: Candidate
Phase: Assigned (20080116)
Reference: MISC:http://aluigi.altervista.org/adv/vlcxhof-adv.txt
Reference: DEBIAN:DSA-1543
Reference: URL:http://www.debian.org/security/2008/dsa-1543
Reference: GENTOO:GLSA-200803-13
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
Reference: FRSIRT:ADV-2008-0105
Reference: URL:http://www.frsirt.com/english/advisories/2008/0105
Reference: SECUNIA:29284
Reference: URL:http://secunia.com/advisories/29284
Reference: SECUNIA:29766
Reference: URL:http://secunia.com/advisories/29766

Votes:

Name: CVE-2008-0297

Description:
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.

Status: Candidate
Phase: Assigned (20080116)
Reference: MILW0RM:4897
Reference: URL:http://www.milw0rm.com/exploits/4897
Reference: XF:photokorn-update3-information-disclosure(39652)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39652

Votes:

Name: CVE-2008-0298

Description:
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

Status: Candidate
Phase: Assigned (20080116)
Reference: BUGTRAQ:20080112 Safari 2 Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486202/100/0/threaded
Reference: MISC:http://www.s21sec.com/avisos/s21sec-039-en.txt
Reference: BID:27261
Reference: URL:http://www.securityfocus.com/bid/27261
Reference: SREASON:3549
Reference: URL:http://securityreason.com/securityalert/3549
Reference: XF:safari-khtml-webkit-dos(39635)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39635

Votes:

Name: CVE-2008-0299

Description:
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Status: Candidate
Phase: Assigned (20080116)
Reference: MISC:http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch
Reference: MISC:http://www.lag.net/pipermail/paramiko/2008-January/000599.html
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=428727
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
Reference: FEDORA:FEDORA-2008-0644
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html
Reference: FEDORA:FEDORA-2008-0722
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html
Reference: GENTOO:GLSA-200803-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200803-07.xml
Reference: BID:27307
Reference: URL:http://www.securityfocus.com/bid/27307
Reference: SECUNIA:28488
Reference: URL:http://secunia.com/advisories/28488
Reference: SECUNIA:28510
Reference: URL:http://secunia.com/advisories/28510
Reference: SECUNIA:29168
Reference: URL:http://secunia.com/advisories/29168
Reference: XF:paramiko-randompool-info-disclosure(39749)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39749

Votes:

Name: CVE-2008-0300

Description:
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.

Status: Candidate
Phase: Assigned (20080116)
Reference: MILW0RM:5232
Reference: URL:http://www.milw0rm.com/exploits/5232
Reference: MISC:http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php
Reference: BID:28195
Reference: URL:http://www.securityfocus.com/bid/28195
Reference: SECUNIA:29329
Reference: URL:http://secunia.com/advisories/29329
Reference: XF:mapbender-mapfilter-code-execution(41131)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41131
Reference: XF:mapbender-mapfiler-code-execution(41131)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41131

Votes:

Name: CVE-2008-0301

Description:
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.

Status: Candidate
Phase: Assigned (20080116)
Reference: BUGTRAQ:20080311 Advisory: SQL-Injections in Mapbender
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/489383/100/0/threaded
Reference: FULLDISC:20080311 Advisory: SQL-Injections in Mapbender
Reference: URL:http://marc.info/?l=full-disclosure&m=120523564611595&w=2
Reference: MILW0RM:5233
Reference: URL:http://www.milw0rm.com/exploits/5233
Reference: MISC:http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php
Reference: BID:28193
Reference: URL:http://www.securityfocus.com/bid/28193
Reference: SECUNIA:29329
Reference: URL:http://secunia.com/advisories/29329
Reference: SREASON:3728
Reference: URL:http://securityreason.com/securityalert/3728
Reference: XF:mapbender-gaz-sql-injection(41139)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41139

Votes:

Name: CVE-2008-0302

Description:
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

Status: Candidate
Phase: Assigned (20080116)
Reference: CONFIRM:http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog
Reference: CONFIRM:http://git.madism.org/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
Reference: DEBIAN:DSA-1465
Reference: URL:http://www.debian.org/security/2008/dsa-1465
Reference: UBUNTU:USN-572-1
Reference: URL:http://www.ubuntu.com/usn/usn-572-1
Reference: BID:27331
Reference: URL:http://www.securityfocus.com/bid/27331
Reference: SECUNIA:28513
Reference: URL:http://secunia.com/advisories/28513
Reference: SECUNIA:28574
Reference: URL:http://secunia.com/advisories/28574

Votes:

Name: CVE-2008-0303

Description:
The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce.

Status: Candidate
Phase: Assigned (20080116)
Reference: MISC:http://itso.iu.edu/20080229_Canon_MFD_FTP_bounce_attack
Reference: CONFIRM:http://www.usa.canon.com/html/security/pdf/CVA-001.pdf
Reference: CERT-VN:VU#568073
Reference: URL:http://www.kb.cert.org/vuls/id/568073
Reference: BID:28042
Reference: URL:http://www.securityfocus.com/bid/28042
Reference: SECTRACK:1019528
Reference: URL:http://securitytracker.com/id?1019528

Votes:

Name: CVE-2008-0304

Description:
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080226 Mozilla Thunderbird MIME External-Body Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668
Reference: CONFIRM:http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
Reference: DEBIAN:DSA-1621
Reference: URL:http://www.debian.org/security/2008/dsa-1621
Reference: FEDORA:FEDORA-2008-2060
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html
Reference: FEDORA:FEDORA-2008-2118
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html
Reference: MANDRIVA:MDVSA-2008:062
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:062
Reference: SLACKWARE:SSA:2008-061-01
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399
Reference: SUNALERT:239546
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Reference: UBUNTU:USN-582-1
Reference: URL:http://www.ubuntu.com/usn/usn-582-1
Reference: UBUNTU:USN-582-2
Reference: URL:http://www.ubuntu.com/usn/usn-582-2
Reference: CERT-VN:VU#661651
Reference: URL:http://www.kb.cert.org/vuls/id/661651
Reference: BID:28012
Reference: URL:http://www.securityfocus.com/bid/28012
Reference: FRSIRT:ADV-2008-2091
Reference: URL:http://www.frsirt.com/english/advisories/2008/2091/references
Reference: SECTRACK:1019504
Reference: URL:http://securitytracker.com/id?1019504
Reference: SECUNIA:29133
Reference: URL:http://secunia.com/advisories/29133
Reference: SECUNIA:29167
Reference: URL:http://secunia.com/advisories/29167
Reference: SECUNIA:29098
Reference: URL:http://secunia.com/advisories/29098
Reference: SECUNIA:29211
Reference: URL:http://secunia.com/advisories/29211
Reference: SECUNIA:30327
Reference: URL:http://secunia.com/advisories/30327
Reference: SECUNIA:31043
Reference: URL:http://secunia.com/advisories/31043
Reference: SECUNIA:31253
Reference: URL:http://secunia.com/advisories/31253

Votes:

Name: CVE-2008-0305

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0306

Description:
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
Reference: BID:28185
Reference: URL:http://www.securityfocus.com/bid/28185
Reference: FRSIRT:ADV-2008-0844
Reference: URL:http://www.frsirt.com/english/advisories/2008/0844/references
Reference: SECTRACK:1019570
Reference: URL:http://www.securitytracker.com/id?1019570
Reference: SECUNIA:29312
Reference: URL:http://secunia.com/advisories/29312
Reference: XF:maxdb-sdbstarter-privilege-escalation(41104)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41104

Votes:

Name: CVE-2008-0307

Description:
Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080310 SAP MaxDB Signedness Error Heap Corruption Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
Reference: BID:28183
Reference: URL:http://www.securityfocus.com/bid/28183
Reference: FRSIRT:ADV-2008-0844
Reference: URL:http://www.frsirt.com/english/advisories/2008/0844/references
Reference: SECTRACK:1019571
Reference: URL:http://www.securitytracker.com/id?1019571
Reference: SECUNIA:29312
Reference: URL:http://secunia.com/advisories/29312
Reference: XF:maxdb-vserver-code-execution(41107)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41107

Votes:

Name: CVE-2008-0308

Description:
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080226 Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=666
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2008.02.27.html
Reference: BID:27911
Reference: URL:http://www.securityfocus.com/bid/27911
Reference: FRSIRT:ADV-2008-0680
Reference: URL:http://www.frsirt.com/english/advisories/2008/0680
Reference: SECTRACK:1019503
Reference: URL:http://www.securitytracker.com/id?1019503
Reference: SECUNIA:29140
Reference: URL:http://secunia.com/advisories/29140

Votes:

Name: CVE-2008-0309

Description:
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2008.02.27.html
Reference: BID:27913
Reference: URL:http://www.securityfocus.com/bid/27913
Reference: FRSIRT:ADV-2008-0680
Reference: URL:http://www.frsirt.com/english/advisories/2008/0680
Reference: SECTRACK:1019503
Reference: URL:http://www.securitytracker.com/id?1019503
Reference: SECUNIA:29140
Reference: URL:http://secunia.com/advisories/29140

Votes:

Name: CVE-2008-0310

Description:
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080403 SCO UnixWare pkgadd Directory Traversal Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=676
Reference: MILW0RM:5355
Reference: URL:http://www.milw0rm.com/exploits/5355
Reference: CONFIRM:http://www.sco.com/support/update/download/release.php?rid=324
Reference: SCO:SCOSA-2008.1
Reference: URL:http://ftp.sco.com/pub/unixware7/714/security/p534589/p534589.txt
Reference: SECTRACK:1019787
Reference: URL:http://www.securitytracker.com/id?1019787
Reference: SECUNIA:29657
Reference: URL:http://secunia.com/advisories/29657
Reference: XF:sco-unixware-pkgadd-directory-traversal(41759)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41759

Votes:

Name: CVE-2008-0311

Description:
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080402 Borland CaliberRM StarTeam Multicast Service Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675
Reference: BID:28602
Reference: URL:http://www.securityfocus.com/bid/28602
Reference: FRSIRT:ADV-2008-1100
Reference: URL:http://www.frsirt.com/english/advisories/2008/1100
Reference: SECTRACK:1019786
Reference: URL:http://securitytracker.com/id?1019786
Reference: SECUNIA:29631
Reference: URL:http://secunia.com/advisories/29631
Reference: XF:starteam-pgmwebhandlerparserequest-bo(41647)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41647

Votes:

Name: CVE-2008-0312

Description:
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
Reference: BID:28507
Reference: URL:http://www.securityfocus.com/bid/28507
Reference: FRSIRT:ADV-2008-1077
Reference: URL:http://www.frsirt.com/english/advisories/2008/1077/references
Reference: SECTRACK:1019751
Reference: URL:http://www.securitytracker.com/id?1019751
Reference: SECTRACK:1019752
Reference: URL:http://www.securitytracker.com/id?1019752
Reference: SECTRACK:1019753
Reference: URL:http://www.securitytracker.com/id?1019753
Reference: SECUNIA:29660
Reference: URL:http://secunia.com/advisories/29660

Votes:

Name: CVE-2008-0313

Description:
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
Reference: BID:28509
Reference: URL:http://www.securityfocus.com/bid/28509
Reference: FRSIRT:ADV-2008-1077
Reference: URL:http://www.frsirt.com/english/advisories/2008/1077/references
Reference: SECTRACK:1019751
Reference: URL:http://www.securitytracker.com/id?1019751
Reference: SECTRACK:1019752
Reference: URL:http://www.securitytracker.com/id?1019752
Reference: SECTRACK:1019753
Reference: URL:http://www.securitytracker.com/id?1019753
Reference: SECUNIA:29660
Reference: URL:http://secunia.com/advisories/29660

Votes:

Name: CVE-2008-0314

Description:
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876
Reference: CONFIRM:http://kolab.org/security/kolab-vendor-notice-20.txt
Reference: CONFIRM:http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
Reference: CONFIRM:http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html
Reference: APPLE:APPLE-SA-2008-09-15
Reference: URL:http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Reference: DEBIAN:DSA-1549
Reference: URL:http://www.debian.org/security/2008/dsa-1549
Reference: FEDORA:FEDORA-2008-3358
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html
Reference: FEDORA:FEDORA-2008-3420
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html
Reference: FEDORA:FEDORA-2008-3900
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html
Reference: MANDRIVA:MDVSA-2008:088
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:088
Reference: SUSE:SUSE-SA:2008:024
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html
Reference: CERT-VN:VU#858595
Reference: URL:http://www.kb.cert.org/vuls/id/858595
Reference: BID:28784
Reference: URL:http://www.securityfocus.com/bid/28784
Reference: FRSIRT:ADV-2008-1227
Reference: URL:http://www.frsirt.com/english/advisories/2008/1227/references
Reference: FRSIRT:ADV-2008-2584
Reference: URL:http://www.frsirt.com/english/advisories/2008/2584
Reference: SECTRACK:1019851
Reference: URL:http://www.securitytracker.com/id?1019851
Reference: SECUNIA:29863
Reference: URL:http://secunia.com/advisories/29863
Reference: SECUNIA:29891
Reference: URL:http://secunia.com/advisories/29891
Reference: SECUNIA:29886
Reference: URL:http://secunia.com/advisories/29886
Reference: SECUNIA:29975
Reference: URL:http://secunia.com/advisories/29975
Reference: SECUNIA:30253
Reference: URL:http://secunia.com/advisories/30253
Reference: SECUNIA:30328
Reference: URL:http://secunia.com/advisories/30328
Reference: SECUNIA:31576
Reference: URL:http://secunia.com/advisories/31576
Reference: SECUNIA:31882
Reference: URL:http://secunia.com/advisories/31882
Reference: XF:clamav-spin-bo(41823)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41823

Votes:

Name: CVE-2008-0315

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0316

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0317

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0318

Description:
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080212 ClamAV libclamav PE File Integer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=575703
Reference: CONFIRM:http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html
Reference: CONFIRM:http://kolab.org/security/kolab-vendor-notice-19.txt
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=209915
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307562
Reference: APPLE:APPLE-SA-2008-03-18
Reference: URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Reference: DEBIAN:DSA-1497
Reference: URL:http://www.debian.org/security/2008/dsa-1497
Reference: FEDORA:FEDORA-2008-1608
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html
Reference: FEDORA:FEDORA-2008-1625
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html
Reference: GENTOO:GLSA-200802-09
Reference: URL:http://security.gentoo.org/glsa/glsa-200802-09.xml
Reference: MANDRIVA:MDVSA-2008:088
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:088
Reference: SUSE:SUSE-SR:2008:004
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Reference: BID:27751
Reference: URL:http://www.securityfocus.com/bid/27751
Reference: FRSIRT:ADV-2008-0503
Reference: URL:http://www.frsirt.com/english/advisories/2008/0503
Reference: FRSIRT:ADV-2008-0606
Reference: URL:http://www.frsirt.com/english/advisories/2008/0606
Reference: FRSIRT:ADV-2008-0924
Reference: URL:http://www.frsirt.com/english/advisories/2008/0924/references
Reference: SECTRACK:1019394
Reference: URL:http://securitytracker.com/id?1019394
Reference: SECUNIA:28907
Reference: URL:http://secunia.com/advisories/28907
Reference: SECUNIA:28913
Reference: URL:http://secunia.com/advisories/28913
Reference: SECUNIA:28949
Reference: URL:http://secunia.com/advisories/28949
Reference: SECUNIA:29001
Reference: URL:http://secunia.com/advisories/29001
Reference: SECUNIA:29026
Reference: URL:http://secunia.com/advisories/29026
Reference: SECUNIA:29060
Reference: URL:http://secunia.com/advisories/29060
Reference: SECUNIA:29048
Reference: URL:http://secunia.com/advisories/29048
Reference: SECUNIA:29420
Reference: URL:http://secunia.com/advisories/29420

Votes:

Name: CVE-2008-0319

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0320

Description:
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080417 Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
Reference: CONFIRM:http://www.openoffice.org/security/bulletin.html
Reference: CONFIRM:http://www.openoffice.org/security/cves/CVE-2008-0320.html
Reference: CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-4770.html
Reference: CONFIRM:http://www.openoffice.org/security/cves/CVE-2007-5745.html
Reference: DEBIAN:DSA-1547
Reference: URL:http://www.debian.org/security/2008/dsa-1547
Reference: FEDORA:FEDORA-2008-3251
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html
Reference: MANDRIVA:MDVSA-2008:090
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:090
Reference: MANDRIVA:MDVSA-2008:095
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:095
Reference: REDHAT:RHSA-2008:0175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0175.html
Reference: REDHAT:RHSA-2008:0176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0176.html
Reference: SUNALERT:231642
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-231642-1
Reference: SUSE:SUSE-SA:2008:023
Reference: URL:http://www.novell.com/linux/security/advisories/2008_23_openoffice.html
Reference: BID:28819
Reference: URL:http://www.securityfocus.com/bid/28819
Reference: FRSIRT:ADV-2008-1253
Reference: URL:http://www.frsirt.com/english/advisories/2008/1253/references
Reference: FRSIRT:ADV-2008-1375
Reference: URL:http://www.frsirt.com/english/advisories/2008/1375/references
Reference: SECTRACK:1019890
Reference: URL:http://www.securitytracker.com/id?1019890
Reference: SECUNIA:29864
Reference: URL:http://secunia.com/advisories/29864
Reference: SECUNIA:29913
Reference: URL:http://secunia.com/advisories/29913
Reference: SECUNIA:29852
Reference: URL:http://secunia.com/advisories/29852
Reference: SECUNIA:29910
Reference: URL:http://secunia.com/advisories/29910
Reference: SECUNIA:29844
Reference: URL:http://secunia.com/advisories/29844
Reference: SECUNIA:29871
Reference: URL:http://secunia.com/advisories/29871
Reference: SECUNIA:29987
Reference: URL:http://secunia.com/advisories/29987
Reference: XF:openoffice-ole-bo(41860)
Reference: URL:http://xforce.iss.net/xforce/xfdb/41860

Votes:

Name: CVE-2008-0321

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0322

Description:
The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for Microsoft Windows XP sets Everyone/Write permissions for the "\\.\I2OExc" device interface, which allows local users to gain privileges. NOTE: this issue can be leveraged to overwrite arbitrary memory and execute code via an IOCTL call with a crafted DeviceObject pointer.

Status: Candidate
Phase: Assigned (20080116)
Reference: IDEFENSE:20080512 Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=699
Reference: BID:29171
Reference: URL:http://www.securityfocus.com/bid/29171
Reference: FRSIRT:ADV-2008-1476
Reference: URL:http://www.frsirt.com/english/advisories/2008/1476/references
Reference: SECTRACK:1020006
Reference: URL:http://www.securitytracker.com/id?1020006
Reference: SECUNIA:30203
Reference: URL:http://secunia.com/advisories/30203
Reference: XF:win-i2omgmt-code-execution(42358)
Reference: URL:http://xforce.iss.net/xforce/xfdb/42358

Votes:

Name: CVE-2008-0323

Status: Candidate
Phase: Assigned (20080116)

Votes:

Name: CVE-2008-0324

Description:
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20080116)
Reference: MILW0RM:4911
Reference: URL:http://www.milw0rm.com/exploits/4911
Reference: BID:27289
Reference: URL:http://www.securityfocus.com/bid/27289
Reference: FRSIRT:ADV-2008-0170
Reference: URL:http://www.frsirt.com/english/advisories/2008/0170
Reference: SECTRACK:1019240
Reference: URL:http://www.securitytracker.com/id?1019240
Reference: SECUNIA:28472
Reference: URL:http://secunia.com/advisories/28472
Reference: XF:cisco-vpnclient-cvpndrva-dos(39694)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39694

Votes:

Name: CVE-2008-0325

Description:
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4916
Reference: URL:http://www.milw0rm.com/exploits/4916
Reference: BID:27302
Reference: URL:http://www.securityfocus.com/bid/27302
Reference: SECUNIA:28522
Reference: URL:http://secunia.com/advisories/28522
Reference: XF:fascriptfapersian-show-sql-injection(39716)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39716

Votes:

Name: CVE-2008-0326

Description:
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4917
Reference: URL:http://www.milw0rm.com/exploits/4917
Reference: BID:27302
Reference: URL:http://www.securityfocus.com/bid/27302
Reference: SECUNIA:28565
Reference: URL:http://secunia.com/advisories/28565
Reference: XF:fascriptfapersianhack-show-sql-injection(39717)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39717

Votes:

Name: CVE-2008-0327

Description:
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4914
Reference: URL:http://www.milw0rm.com/exploits/4914
Reference: BID:27302
Reference: URL:http://www.securityfocus.com/bid/27302
Reference: SECUNIA:28566
Reference: URL:http://secunia.com/advisories/28566
Reference: XF:fascriptfamp3-show-sql-injection(39714)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39714

Votes:

Name: CVE-2008-0328

Description:
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4915
Reference: URL:http://www.milw0rm.com/exploits/4915
Reference: BID:27303
Reference: URL:http://www.securityfocus.com/bid/27303
Reference: SECUNIA:28528
Reference: URL:http://secunia.com/advisories/28528
Reference: XF:fascriptfaname-page-sql-injection(39715)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39715

Votes:

Name: CVE-2008-0329

Description:
LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) article_suppr.php, (2) comment_accepter.php, and (3) comment_refuser.php in Admin/, which allows remote attackers to accept comments, delete comments, and delete articles via the id parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4912
Reference: URL:http://www.milw0rm.com/exploits/4912
Reference: BID:27290
Reference: URL:http://www.securityfocus.com/bid/27290
Reference: SECUNIA:28432
Reference: URL:http://secunia.com/advisories/28432
Reference: XF:lulieblog-admin-security-bypass(39669)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39669

Votes:

Name: CVE-2008-0330

Description:
Open System Consultants (OSC) Radiator before 4.0 allows remote attackers to cause a denial of service (daemon crash) via malformed RADIUS requests, as demonstrated by packets sent by nmap.

Status: Candidate
Phase: Assigned (20080117)
Reference: CONFIRM:http://www.open.com.au/radiator/history.html
Reference: BID:27306
Reference: URL:http://www.securityfocus.com/bid/27306
Reference: FRSIRT:ADV-2008-0598
Reference: URL:http://www.frsirt.com/english/advisories/2008/0598
Reference: SECUNIA:28463
Reference: URL:http://secunia.com/advisories/28463
Reference: XF:radiator-radius-dos(39730)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39730

Votes:

Name: CVE-2008-0331

Description:
Unspecified vulnerability in Funkwerk System Software before 7.4.1 PATCH 9 for certain Funkwerk Router / VPN devices allows remote attackers to cause a denial of service (panic and reboot) via unspecified DNS requests.

Status: Candidate
Phase: Assigned (20080117)
Reference: CONFIRM:http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf
Reference: BID:27314
Reference: URL:http://www.securityfocus.com/bid/27314
Reference: SECUNIA:28085
Reference: URL:http://secunia.com/advisories/28085
Reference: XF:x2300-dns-dos(39731)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39731

Votes:

Name: CVE-2008-0332

Description:
Directory traversal vulnerability in arias/help/effect.php in aria 0.99-6 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: BUGTRAQ:20080116 [DSECRG-08-002] Local File Include in arias 0.99-6
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486406/100/0/threaded
Reference: MILW0RM:4920
Reference: URL:http://www.milw0rm.com/exploits/4920
Reference: BID:27311
Reference: URL:http://www.securityfocus.com/bid/27311
Reference: XF:aria-effect-file-include(39712)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39712

Votes:

Name: CVE-2008-0333

Description:
Directory traversal vulnerability in download_view_attachment.aspx in AfterLogic MailBee WebMail Pro 4.1 for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the temp_filename parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4921
Reference: URL:http://www.milw0rm.com/exploits/4921
Reference: BID:27312
Reference: URL:http://www.securityfocus.com/bid/27312
Reference: SECUNIA:28521
Reference: URL:http://secunia.com/advisories/28521
Reference: XF:mailbeewebmail-download-directory-traversal(39724)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39724

Votes:

Name: CVE-2008-0334

Description:
Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.

Status: Candidate
Phase: Assigned (20080117)
Reference: MISC:http://packetstormsecurity.org/0801-exploits/pMachinePro-241-xss.txt
Reference: BID:27282
Reference: URL:http://www.securityfocus.com/bid/27282

Votes:

Name: CVE-2008-0335

Description:
Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.

Status: Candidate
Phase: Assigned (20080117)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=568160
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837
Reference: BID:27275
Reference: URL:http://www.securityfocus.com/bid/27275
Reference: SECUNIA:28481
Reference: URL:http://secunia.com/advisories/28481
Reference: XF:bugtrackernet-bug-xss(39650)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39650

Votes:

Name: CVE-2008-0336

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.

Status: Candidate
Phase: Assigned (20080117)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160
Reference: CONFIRM:http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837
Reference: SECUNIA:28481
Reference: URL:http://secunia.com/advisories/28481
Reference: XF:bugtrackernet-http-csrf(39651)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39651

Votes:

Name: CVE-2008-0337

Description:
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4923
Reference: URL:http://www.milw0rm.com/exploits/4923
Reference: MISC:http://www.bugtraq.ir/adv/miniweb_english.pdf
Reference: BID:27319
Reference: URL:http://www.securityfocus.com/bid/27319
Reference: FRSIRT:ADV-2008-0176
Reference: URL:http://www.frsirt.com/english/advisories/2008/0176
Reference: SECUNIA:28512
Reference: URL:http://secunia.com/advisories/28512
Reference: XF:miniweb-mwprocessreadsocket-bo(39718)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39718

Votes:

Name: CVE-2008-0338

Description:
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4923
Reference: URL:http://www.milw0rm.com/exploits/4923
Reference: MISC:http://www.bugtraq.ir/adv/miniweb_english.pdf
Reference: BID:27319
Reference: URL:http://www.securityfocus.com/bid/27319
Reference: FRSIRT:ADV-2008-0176
Reference: URL:http://www.frsirt.com/english/advisories/2008/0176
Reference: SECUNIA:28512
Reference: URL:http://secunia.com/advisories/28512
Reference: XF:miniweb-mwgetlocal-directory-traversal(39713)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39713

Votes:

Name: CVE-2008-0339

Description:
Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.

Status: Candidate
Phase: Assigned (20080117)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
Reference: HP:HPSBMA02133
Reference: URL:http://marc.info/?l=bugtraq&m=120058413923005&w=2
Reference: HP:SSRT061201
Reference: URL:http://marc.info/?l=bugtraq&m=120058413923005&w=2
Reference: CERT:TA08-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-017A.html
Reference: BID:27229
Reference: URL:http://www.securityfocus.com/bid/27229
Reference: FRSIRT:ADV-2008-0150
Reference: URL:http://www.frsirt.com/english/advisories/2008/0150
Reference: FRSIRT:ADV-2008-0180
Reference: URL:http://www.frsirt.com/english/advisories/2008/0180
Reference: SECTRACK:1019218
Reference: URL:http://securitytracker.com/id?1019218
Reference: SECUNIA:28518
Reference: URL:http://secunia.com/advisories/28518
Reference: SECUNIA:28556
Reference: URL:http://secunia.com/advisories/28556

Votes:

Name: CVE-2008-0340

Description:
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).

Votes:

Name: CVE-2008-0341

Description:
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+ and 10.1.0.5 has unknown impact and remote attack vectors, aka DB03.

Votes:

Name: CVE-2008-0342

Description:
Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.

Votes:

Name: CVE-2008-0343

Description:
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.

Votes:

Name: CVE-2008-0344

Description:
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.

Votes:

Name: CVE-2008-0345

Description:
Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

Votes:

Name: CVE-2008-0346

Description:
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.

Votes:

Name: CVE-2008-0347

Description:
Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.

Status: Candidate
Phase: Assigned (20080117)
Reference: BUGTRAQ:20080130 PeteFinnigan.com Limited advisory for Oracle January 2008 CPU
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487322/100/100/threaded
Reference: MISC:http://www.petefinnigan.com/Advisory_CPU_Jan_2008.htm
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
Reference: HP:HPSBMA02133
Reference: URL:http://marc.info/?l=bugtraq&m=120058413923005&w=2
Reference: HP:SSRT061201
Reference: URL:http://marc.info/?l=bugtraq&m=120058413923005&w=2
Reference: CERT:TA08-017A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA08-017A.html
Reference: BID:27229
Reference: URL:http://www.securityfocus.com/bid/27229
Reference: FRSIRT:ADV-2008-0150
Reference: URL:http://www.frsirt.com/english/advisories/2008/0150
Reference: FRSIRT:ADV-2008-0180
Reference: URL:http://www.frsirt.com/english/advisories/2008/0180
Reference: SECTRACK:1019218
Reference: URL:http://securitytracker.com/id?1019218
Reference: SECUNIA:28518
Reference: URL:http://secunia.com/advisories/28518
Reference: SECUNIA:28556
Reference: URL:http://secunia.com/advisories/28556

Votes:

Name: CVE-2008-0348

Description:
Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.

Votes:

Name: CVE-2008-0349

Description:
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.

Votes:

Name: CVE-2008-0350

Description:
admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to gain administrative privileges and make arbitrary configuration changes.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4884
Reference: URL:http://www.milw0rm.com/exploits/4884
Reference: CONFIRM:http://evilsentinel.altervista.org/forum/index.php?topic=49.0
Reference: SECUNIA:28427
Reference: URL:http://secunia.com/advisories/28427

Votes:

Name: CVE-2008-0351

Description:
admin/config.php in Evilsentinel 1.0.9 and earlier allows remote attackers to bypass the CAPTCHA test by omitting the es_security_captcha parameter and not invoking captcha.php.

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4884
Reference: URL:http://www.milw0rm.com/exploits/4884

Votes:

Name: CVE-2008-0352

Description:
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).

Status: Candidate
Phase: Assigned (20080117)
Reference: MILW0RM:4893
Reference: URL:http://www.milw0rm.com/exploits/4893
Reference: MISC:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.2
Reference: CONFIRM:http://bugzilla.kernel.org/show_bug.cgi?id=8450
Reference: XF:linux-kernel-ipv6-jumbogram-dos(39643)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39643

Votes:

Name: CVE-2008-0353

Description:
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080118)
Reference: MILW0RM:4925
Reference: URL:http://www.milw0rm.com/exploits/4925
Reference: BID:27320
Reference: URL:http://www.securityfocus.com/bid/27320
Reference: SECUNIA:28516
Reference: URL:http://secunia.com/advisories/28516
Reference: XF:phpresidence-visualizza-sql-injection(39739)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39739

Votes:

Name: CVE-2008-0354

Description:
Cross-site scripting (XSS) vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim.

Status: Candidate
Phase: Assigned (20080118)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg21292938
Reference: BID:27316
Reference: URL:http://www.securityfocus.com/bid/27316
Reference: FRSIRT:ADV-2008-0168
Reference: URL:http://www.frsirt.com/english/advisories/2008/0168
Reference: SECTRACK:1019224
Reference: URL:http://www.securitytracker.com/id?1019224
Reference: SECUNIA:27942
Reference: URL:http://secunia.com/advisories/27942
Reference: XF:sametime-client-mouseover-xss(39726)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39726

Votes:

Name: CVE-2008-0355

Description:
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.

Status: Candidate
Phase: Assigned (20080118)
Reference: MILW0RM:4929
Reference: URL:http://www.milw0rm.com/exploits/4929
Reference: BID:27326
Reference: URL:http://www.securityfocus.com/bid/27326
Reference: XF:phpechocms-index-sql-injection(39741)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39741

Votes:

Name: CVE-2008-0356

Description:
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486585/100/0/threaded
Reference: CONFIRM:http://support.citrix.com/article/CTX114487
Reference: MISC:http://zerodayinitiative.com/advisories/ZDI-08-002.html
Reference: CERT-VN:VU#412228
Reference: URL:http://www.kb.cert.org/vuls/id/412228
Reference: BID:27329
Reference: URL:http://www.securityfocus.com/bid/27329
Reference: FRSIRT:ADV-2008-0172
Reference: URL:http://www.frsirt.com/english/advisories/2008/0172
Reference: SECTRACK:1019231
Reference: URL:http://www.securitytracker.com/id?1019231
Reference: SECUNIA:28508
Reference: URL:http://secunia.com/advisories/28508

Votes:

Name: CVE-2008-0357

Description:
Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.

Status: Candidate
Phase: Assigned (20080118)
Reference: MILW0RM:4930
Reference: URL:http://www.milw0rm.com/exploits/4930
Reference: BID:27327
Reference: URL:http://www.securityfocus.com/bid/27327
Reference: SECUNIA:28504
Reference: URL:http://secunia.com/advisories/28504
Reference: XF:minifilehost-uploadphp-file-include(39799)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39799

Votes:

Name: CVE-2008-0358

Description:
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.

Status: Candidate
Phase: Assigned (20080118)
Reference: MILW0RM:4924
Reference: URL:http://www.milw0rm.com/exploits/4924
Reference: CONFIRM:http://www.pixelpost.org/forum/showthread.php?t=7716
Reference: BID:27242
Reference: URL:http://www.securityfocus.com/bid/27242
Reference: SECTRACK:1019238
Reference: URL:http://www.securitytracker.com/id?1019238
Reference: SECUNIA:28499
Reference: URL:http://secunia.com/advisories/28499
Reference: XF:pixelpost-indexphp-sql-injection(39721)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39721

Votes:

Name: CVE-2008-0359

Description:
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080116 [DSECRG-08-003] blogcms 4.2.1b Multiple Security Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=120049816924383&w=2
Reference: MILW0RM:4919
Reference: URL:http://milw0rm.com/exploits/4919
Reference: CONFIRM:http://blogcms.com/wiki/changelog
Reference: BID:27317
Reference: URL:http://www.securityfocus.com/bid/27317
Reference: SECUNIA:28523
Reference: URL:http://secunia.com/advisories/28523

Votes:

Name: CVE-2008-0360

Description:
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.

Votes:

Name: CVE-2008-0361

Description:
Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080116 Gradman <= 0.1.3 (agregar_info.php?tabla=) Local File Inclusion Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486444/100/0/threaded
Reference: MILW0RM:4926
Reference: URL:http://www.milw0rm.com/exploits/4926
Reference: BID:27324
Reference: URL:http://www.securityfocus.com/bid/27324
Reference: SECUNIA:28520
Reference: URL:http://secunia.com/advisories/28520
Reference: SREASON:3552
Reference: URL:http://securityreason.com/securityalert/3552
Reference: XF:gradman-agregarinfo-file-include(39732)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39732

Votes:

Name: CVE-2008-0362

Description:
Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486492/100/0/threaded
Reference: BID:27335
Reference: URL:http://www.securityfocus.com/bid/27335
Reference: SECUNIA:28560
Reference: URL:http://secunia.com/advisories/28560
Reference: SREASON:3553
Reference: URL:http://securityreason.com/securityalert/3553
Reference: XF:clevercopy-gallery-xss(39747)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39747

Votes:

Name: CVE-2008-0363

Description:
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080117 Clever Copy <=3.0 Multiple Remote Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486492/100/0/threaded
Reference: BID:27335
Reference: URL:http://www.securityfocus.com/bid/27335
Reference: SECUNIA:28560
Reference: URL:http://secunia.com/advisories/28560
Reference: SREASON:3553
Reference: URL:http://securityreason.com/securityalert/3553
Reference: XF:clevercopy-postcomment-sql-injection(39746)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39746

Votes:

Name: CVE-2008-0364

Description:
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080116 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486426/100/0/threaded
Reference: MISC:http://aluigi.altervista.org/adv/ruttorrent-adv.txt
Reference: MISC:http://aluigi.org/poc/ruttorrent.zip
Reference: CONFIRM:http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt
Reference: CONFIRM:http://forum.utorrent.com/viewtopic.php?id=29330
Reference: BID:27321
Reference: URL:http://www.securityfocus.com/bid/27321
Reference: SECUNIA:28533
Reference: URL:http://secunia.com/advisories/28533
Reference: SECUNIA:28537
Reference: URL:http://secunia.com/advisories/28537
Reference: SREASON:3554
Reference: URL:http://securityreason.com/securityalert/3554
Reference: XF:bittorrent-peers-bo(39719)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39719
Reference: XF:utorrent-peers-bo(39720)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39720

Votes:

Name: CVE-2008-0365

Description:
Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080117 CORE-2007-1119: CORE FORCE Kernel Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486513/100/0/threaded
Reference: CONFIRM:http://www.coresecurity.com/?action=item&id=2025
Reference: CONFIRM:http://force.coresecurity.com/index.php?module=articles&func=display&aid=32
Reference: BID:27341
Reference: URL:http://www.securityfocus.com/bid/27341
Reference: FRSIRT:ADV-2008-0242
Reference: URL:http://www.frsirt.com/english/advisories/2008/0242
Reference: SECTRACK:1019245
Reference: URL:http://www.securitytracker.com/id?1019245
Reference: SREASON:3555
Reference: URL:http://securityreason.com/securityalert/3555
Reference: XF:coreforce-firewall-registry-bo(39758)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39758

Votes:

Name: CVE-2008-0366

Description:
CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.

Votes:

Name: CVE-2008-0367

Description:
Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Status: Candidate
Phase: Assigned (20080118)
Reference: BUGTRAQ:20080103 Re: [Full-disclosure] Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485738/100/200/threaded
Reference: BUGTRAQ:20080103 Yet another Dialog Spoofing Vulnerability - Firefox Basic Authentication
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/485732/100/200/threaded
Reference: MISC:http://aviv.raffon.net/2008/01/02/YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
Reference: MISC:http://aviv.raffon.net/2008/01/05/FirefoxDialogSpoofingFAQ.aspx
Reference: CONFIRM:http://blog.mozilla.com/security/2008/01/04/basicauth-dialog-realm-value-spoofing/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=244273
Reference: BID:27111
Reference: URL:http://www.securityfocus.com/bid/27111

Votes:

Name: CVE-2008-0368

Description:
onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.

Status: Candidate
Phase: Assigned (20080118)
Reference: IDEFENSE:20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27011556
Reference: AIXAPAR:IC54307
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307
Reference: BID:27328
Reference: URL:http://www.securityfocus.com/bid/27328
Reference: FRSIRT:ADV-2008-0169
Reference: URL:http://www.frsirt.com/english/advisories/2008/0169
Reference: SECTRACK:1019237
Reference: URL:http://www.securitytracker.com/id?1019237
Reference: SECUNIA:28534
Reference: URL:http://secunia.com/advisories/28534
Reference: XF:ibm-ids-onedcu-sqlidebug-unspecified(39751)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39751

Votes:

Name: CVE-2008-0369

Description:
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.

Status: Candidate
Phase: Assigned (20080118)
Reference: IDEFENSE:20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27011556
Reference: AIXAPAR:IC54309
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
Reference: BID:27328
Reference: URL:http://www.securityfocus.com/bid/27328
Reference: FRSIRT:ADV-2008-0169
Reference: URL:http://www.frsirt.com/english/advisories/2008/0169
Reference: SECTRACK:1019237
Reference: URL:http://www.securitytracker.com/id?1019237
Reference: SECUNIA:28534
Reference: URL:http://secunia.com/advisories/28534
Reference: XF:ibm-ids-onedcu-sqlidebug-unspecified(39751)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39751
Reference: XF:ibm-ids-sqlidebug-unspecified(40009)
Reference: URL:http://xforce.iss.net/xforce/xfdb/40009

Votes:

Name: CVE-2008-0370

Description:
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080116 cPanel Hosting Manager (dohtaccess.html)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486404/100/0/threaded
Reference: MISC:http://aria-security.net/forum/showthread.php?p=1238
Reference: BID:27308
Reference: URL:http://www.securityfocus.com/bid/27308
Reference: SECUNIA:28561
Reference: URL:http://secunia.com/advisories/28561
Reference: SREASON:3561
Reference: URL:http://securityreason.com/securityalert/3561

Votes:

Name: CVE-2008-0371

Description:
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4922
Reference: URL:http://www.milw0rm.com/exploits/4922
Reference: BID:27315
Reference: URL:http://www.securityfocus.com/bid/27315
Reference: SECUNIA:28515
Reference: URL:http://secunia.com/advisories/28515
Reference: XF:alitalk-adminindex-sql-injection(39735)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39735
Reference: XF:alitalk-index-sql-injection(39745)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39745
Reference: XF:alitalk-receivertwo-sql-injection(39733)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39733
Reference: XF:alitalk-usercp-sql-injection(39736)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39736

Votes:

Name: CVE-2008-0372

Description:
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080116 8e6 Technologies R3000 Internet Filter Bypass by Request Split
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486398/100/0/threaded
Reference: BUGTRAQ:20080121 Re: 8e6 Technologies R3000 Internet Filter Bypass by Request Split
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486770/100/0/threaded
Reference: BID:27309
Reference: URL:http://www.securityfocus.com/bid/27309
Reference: SECUNIA:28524
Reference: URL:http://secunia.com/advisories/28524
Reference: SREASON:3557
Reference: URL:http://securityreason.com/securityalert/3557
Reference: XF:r3000-urlfilter-security-bypass(39723)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39723

Votes:

Name: CVE-2008-0373

Description:
Unrestricted file upload vulnerability in PHP F1 Max's File Uploader allows remote attackers to upload and execute arbitrary PHP files.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080115 Max's File Uploader File Upload Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486335/100/0/threaded
Reference: BID:27285
Reference: URL:http://www.securityfocus.com/bid/27285
Reference: SREASON:3572
Reference: URL:http://securityreason.com/securityalert/3572
Reference: XF:max-index-file-upload(39740)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39740

Votes:

Name: CVE-2008-0374

Description:
OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080117 [CSNC] OKI C5510MFP Printer Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486511/100/0/threaded
Reference: MISC:http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html
Reference: BID:27339
Reference: URL:http://www.securityfocus.com/bid/27339
Reference: SECUNIA:28553
Reference: URL:http://secunia.com/advisories/28553
Reference: SREASON:3569
Reference: URL:http://securityreason.com/securityalert/3569
Reference: XF:c5510mfp-configuration-info-disclosure(39775)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39775

Votes:

Name: CVE-2008-0375

Description:
Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080117 [CSNC] OKI C5510MFP Printer Password Disclosure
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486511/100/0/threaded
Reference: MISC:http://www.csnc.ch/en/modules/news/news_0004.html_1394092626.html
Reference: BID:27339
Reference: URL:http://www.securityfocus.com/bid/27339
Reference: SECUNIA:28553
Reference: URL:http://secunia.com/advisories/28553
Reference: SREASON:3569
Reference: URL:http://securityreason.com/securityalert/3569
Reference: XF:c5510mfp-password-security-bypass(39776)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39776

Votes:

Name: CVE-2008-0376

Description:
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4937
Reference: URL:http://www.milw0rm.com/exploits/4937
Reference: BID:27345
Reference: URL:http://www.securityfocus.com/bid/27345
Reference: SECUNIA:28568
Reference: URL:http://secunia.com/advisories/28568
Reference: XF:smallaxeweblog-linkbar-file-include(39765)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39765

Votes:

Name: CVE-2008-0377

Description:
MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080115 MicroNews Admin Direct Access vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486349/100/0/threaded
Reference: SREASON:3556
Reference: URL:http://securityreason.com/securityalert/3556
Reference: XF:micronews-admin-authentication-bypass(39702)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39702

Votes:

Name: CVE-2008-0378

Description:
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080118 SocksCap Stack Overflow (<= 2.40-051231)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486632/100/0/threaded
Reference: BID:27357
Reference: URL:http://www.securityfocus.com/bid/27357
Reference: SREASON:3560
Reference: URL:http://securityreason.com/securityalert/3560
Reference: XF:sockscap-hostname-bo(39781)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39781

Votes:

Name: CVE-2008-0379

Description:
Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession method, which triggers a buffer overflow.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4931
Reference: URL:http://www.milw0rm.com/exploits/4931
Reference: BID:27333
Reference: URL:http://www.securityfocus.com/bid/27333
Reference: SECTRACK:1019239
Reference: URL:http://www.securitytracker.com/id?1019239
Reference: XF:crystalreports-enterprisetree-bo(39743)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39743

Votes:

Name: CVE-2008-0380

Description:
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4932
Reference: URL:http://www.milw0rm.com/exploits/4932
Reference: BID:27337
Reference: URL:http://www.securityfocus.com/bid/27337
Reference: FRSIRT:ADV-2008-0182
Reference: URL:http://www.frsirt.com/english/advisories/2008/0182
Reference: SECUNIA:28492
Reference: URL:http://secunia.com/advisories/28492

Votes:

Name: CVE-2008-0381

Description:
Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files.

Status: Candidate
Phase: Assigned (20080122)
Reference: CONFIRM:https://eduforge.org/frs/shownotes.php?release_id=342
Reference: BID:27348
Reference: URL:http://www.securityfocus.com/bid/27348
Reference: SECUNIA:28484
Reference: URL:http://secunia.com/advisories/28484

Votes:

Name: CVE-2008-0382

Description:
Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080116 [waraxe-2008-SA#061] - Remote Code Execution in MyBB 1.2.10
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486434/100/0/threaded
Reference: MILW0RM:4927
Reference: URL:http://www.milw0rm.com/exploits/4927
Reference: MILW0RM:4928
Reference: URL:http://www.milw0rm.com/exploits/4928
Reference: BID:27322
Reference: URL:http://www.securityfocus.com/bid/27322
Reference: SECUNIA:28509
Reference: URL:http://secunia.com/advisories/28509
Reference: SREASON:3559
Reference: URL:http://securityreason.com/securityalert/3559

Votes:

Name: CVE-2008-0383

Description:
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080116 [waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486433/100/0/threaded
Reference: MISC:http://www.waraxe.us/advisory-62.html
Reference: CONFIRM:http://community.mybboard.net/showthread.php?tid=27227
Reference: BID:27323
Reference: URL:http://www.securityfocus.com/bid/27323
Reference: SECUNIA:28509
Reference: URL:http://secunia.com/advisories/28509
Reference: SREASON:3558
Reference: URL:http://securityreason.com/securityalert/3558
Reference: XF:mybb-moderationphp-sql-injection(39728)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39728
Reference: XF:mybb-usergroups-sql-injection(39729)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39729

Votes:

Name: CVE-2008-0384

Description:
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4935
Reference: URL:http://www.milw0rm.com/exploits/4935
Reference: MLIST:[openbsd-security-announce] 20080111 errata 005 for OpenBSD 4.2: local users can provoke a kernel panic
Reference: URL:http://marc.info/?l=openbsd-security-announce&m=120007327504064
Reference: OPENBSD:[4.2] 20080111 005: RELIABILITY FIX: January 11, 2008
Reference: URL:http://www.openbsd.org/errata42.html#005_ifrtlabel
Reference: BID:27252
Reference: URL:http://www.securityfocus.com/bid/27252
Reference: SECTRACK:1019188
Reference: URL:http://www.securitytracker.com/id?1019188
Reference: SECUNIA:28473
Reference: URL:http://secunia.com/advisories/28473

Votes:

Name: CVE-2008-0385

Description:
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080228 Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/488909/100/0/threaded
Reference: MISC:http://www.csnc.ch/misc/files/advisories/CVE-2008-0385.txt
Reference: BID:28032
Reference: URL:http://www.securityfocus.com/bid/28032
Reference: SECUNIA:29162
Reference: URL:http://secunia.com/advisories/29162
Reference: SREASON:3707
Reference: URL:http://securityreason.com/securityalert/3707

Votes:

Name: CVE-2008-0386

Description:
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.

Status: Candidate
Phase: Assigned (20080122)
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=207331
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open.in?r1=1.17&r2=1.18
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33
Reference: CONFIRM:http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?view=log
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=429513
Reference: GENTOO:GLSA-200801-21
Reference: URL:http://security.gentoo.org/glsa/glsa-200801-21.xml
Reference: MANDRIVA:MDVSA-2008:031
Reference: URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:031
Reference: SUSE:SUSE-SR:2008:004
Reference: URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Reference: BID:27528
Reference: URL:http://www.securityfocus.com/bid/27528
Reference: FRSIRT:ADV-2008-0342
Reference: URL:http://www.frsirt.com/english/advisories/2008/0342
Reference: SECTRACK:1019284
Reference: URL:http://www.securitytracker.com/id?1019284
Reference: SECUNIA:28638
Reference: URL:http://secunia.com/advisories/28638
Reference: SECUNIA:28728
Reference: URL:http://secunia.com/advisories/28728
Reference: SECUNIA:29048
Reference: URL:http://secunia.com/advisories/29048

Votes:

Name: CVE-2008-0387

Description:
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080128 CORE-2007-1219: Firebird Remote Memory Corruption
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/487173/100/0/threaded
Reference: MISC:http://www.coresecurity.com/?action=item&id=2095
Reference: CONFIRM:http://tracker.firebirdsql.org/browse/CORE-1681
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800
Reference: DEBIAN:DSA-1529
Reference: URL:http://www.debian.org/security/2008/dsa-1529
Reference: GENTOO:GLSA-200803-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200803-02.xml
Reference: BID:27403
Reference: URL:http://www.securityfocus.com/bid/27403
Reference: SECUNIA:29203
Reference: URL:http://secunia.com/advisories/29203
Reference: SECUNIA:29501
Reference: URL:http://secunia.com/advisories/29501
Reference: SREASON:3580
Reference: URL:http://securityreason.com/securityalert/3580
Reference: XF:firebird-xdrprotocol-integer-overflow(39996)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39996

Votes:

Name: CVE-2008-0388

Description:
SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4939
Reference: URL:http://www.milw0rm.com/exploits/4939
Reference: CONFIRM:http://weblogtoolscollection.com/archives/2008/01/21/wp-forum-plugin-security-bulletin/
Reference: BID:27362
Reference: URL:http://www.securityfocus.com/bid/27362
Reference: FRSIRT:ADV-2008-0235
Reference: URL:http://www.frsirt.com/english/advisories/2008/0235
Reference: SECUNIA:28567
Reference: URL:http://secunia.com/advisories/28567
Reference: XF:wpforum-index-sql-injection(39800)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39800

Votes:

Name: CVE-2008-0389

Description:
Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.

Status: Candidate
Phase: Assigned (20080122)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg24018067
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51118
Reference: AIXAPAR:PK52059
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=swg24018067
Reference: BID:27371
Reference: URL:http://www.securityfocus.com/bid/27371
Reference: FRSIRT:ADV-2008-0219
Reference: URL:http://www.frsirt.com/english/advisories/2008/0219
Reference: FRSIRT:ADV-2008-1133
Reference: URL:http://www.frsirt.com/english/advisories/2008/1133
Reference: SECTRACK:1019251
Reference: URL:http://www.securitytracker.com/id?1019251
Reference: SECTRACK:1019894
Reference: URL:http://www.securitytracker.com/id?1019894
Reference: SECUNIA:28576
Reference: URL:http://secunia.com/advisories/28576
Reference: SECUNIA:29687
Reference: URL:http://secunia.com/advisories/29687
Reference: XF:websphere-serveservlets-unspecified(39808)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39808

Votes:

Name: CVE-2008-0390

Description:
stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows remote attackers to inject arbitrary PHP code into online.db.txt via the X-Forwarded-For HTTP header in a stat action to index.php, and execute online.db.txt via a certain request to index.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4933
Reference: URL:http://www.milw0rm.com/exploits/4933
Reference: BID:27342
Reference: URL:http://www.securityfocus.com/bid/27342
Reference: XF:auracms-stat-code-execution(39777)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39777

Votes:

Name: CVE-2008-0391

Description:
inc/elementz.php in aliTalk 1.9.1.1 does not properly verify authentication, which allows remote attackers to add an arbitrary user account via a modified lilil parameter, in conjunction with the ubild and pa parameters.

Votes:

Name: CVE-2008-0392

Description:
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4938
Reference: URL:http://www.milw0rm.com/exploits/4938
Reference: BID:27349
Reference: URL:http://www.securityfocus.com/bid/27349
Reference: FRSIRT:ADV-2008-0195
Reference: URL:http://www.frsirt.com/english/advisories/2008/0195
Reference: SECTRACK:1019258
Reference: URL:http://www.securitytracker.com/id?1019258
Reference: SECUNIA:28563
Reference: URL:http://secunia.com/advisories/28563
Reference: XF:visualbasic-enterprise-dsr-bo(39773)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39773

Votes:

Name: CVE-2008-0393

Description:
Directory traversal vulnerability in info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter, a different vector than CVE-2008-0361.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4936
Reference: URL:http://www.milw0rm.com/exploits/4936
Reference: BID:27343
Reference: URL:http://www.securityfocus.com/bid/27343
Reference: SECUNIA:28520
Reference: URL:http://secunia.com/advisories/28520
Reference: XF:gradman-info-file-include(39768)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39768

Votes:

Name: CVE-2008-0394

Description:
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4949
Reference: URL:http://www.milw0rm.com/exploits/4949
Reference: MISC:http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz
Reference: BID:27376
Reference: URL:http://www.securityfocus.com/bid/27376
Reference: FRSIRT:ADV-2008-0252
Reference: URL:http://www.frsirt.com/english/advisories/2008/0252
Reference: SECTRACK:1019255
Reference: URL:http://www.securitytracker.com/id?1019255
Reference: SECUNIA:28590
Reference: URL:http://secunia.com/advisories/28590
Reference: XF:citadel-makeuserkey-bo(39807)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39807

Votes:

Name: CVE-2008-0395

Description:
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486762/100/0/threaded
Reference: MISC:http://www.waraxe.us/advisory-63.html
Reference: SECUNIA:28613
Reference: URL:http://secunia.com/advisories/28613
Reference: SREASON:3573
Reference: URL:http://securityreason.com/securityalert/3573

Votes:

Name: CVE-2008-0396

Description:
Directory traversal vulnerability in BitDefender Update Server (http.exe), as used in BitDefender products including Security for Fileservers and Enterprise Manager (BDEM), allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080119 BitDefender Update Server - Unauthorized Remote File Access Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486701/100/0/threaded
Reference: MISC:http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/
Reference: MISC:http://www.oliverkarow.de/research/bitdefender.txt
Reference: BID:27358
Reference: URL:http://www.securityfocus.com/bid/27358
Reference: FRSIRT:ADV-2008-0213
Reference: URL:http://www.frsirt.com/english/advisories/2008/0213
Reference: SECUNIA:28578
Reference: URL:http://secunia.com/advisories/28578
Reference: SREASON:3568
Reference: URL:http://securityreason.com/securityalert/3568
Reference: XF:bitdefender-http-server-directory-traversal(39802)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39802

Votes:

Name: CVE-2008-0397

Description:
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4958
Reference: URL:http://www.milw0rm.com/exploits/4958
Reference: BID:27398
Reference: URL:http://www.securityfocus.com/bid/27398
Reference: FRSIRT:ADV-2008-0255
Reference: URL:http://www.frsirt.com/english/advisories/2008/0255
Reference: SECUNIA:28594
Reference: URL:http://secunia.com/advisories/28594
Reference: XF:aflog-comments-sql-injection(39825)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39825

Votes:

Name: CVE-2008-0398

Description:
Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form.

Votes:

Name: CVE-2008-0399

Description:
Multiple buffer overflows in Toshiba Surveillance (Surveillix) RecordSend ActiveX control (MeIpCamX.DLL 1.0.0.4) allow remote attackers to execute arbitrary code via long arguments to the (1) SetPort and (2) SetIpAddress methods.

Status: Candidate
Phase: Assigned (20080122)
Reference: MILW0RM:4946
Reference: URL:http://www.milw0rm.com/exploits/4946
Reference: MISC:http://retrogod.altervista.org/rgod_toshiba_control.html
Reference: BID:27360
Reference: URL:http://www.securityfocus.com/bid/27360
Reference: FRSIRT:ADV-2008-0214
Reference: URL:http://www.frsirt.com/english/advisories/2008/0214
Reference: SECUNIA:28557
Reference: URL:http://secunia.com/advisories/28557
Reference: XF:toshiba-recordsend-bo(39792)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39792

Votes:

Name: CVE-2008-0400

Description:
Cross-site scripting (XSS) vulnerability in header.tpl.php in the modern template for Singapore 0.10.1 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter to default.php.

Status: Candidate
Phase: Assigned (20080122)
Reference: MISC:http://trew.icenetx.net/toolz/advisory-singapore-modern-template.txt
Reference: BID:27382
Reference: URL:http://www.securityfocus.com/bid/27382
Reference: FRSIRT:ADV-2008-0234
Reference: URL:http://www.frsirt.com/english/advisories/2008/0234
Reference: SECUNIA:28573
Reference: URL:http://secunia.com/advisories/28573

Votes:

Name: CVE-2008-0401

Description:
Buffer overflow in the logging functionality of the HTTP server in IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) before 5.1.0.3 Interim Fix 3 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an HTTP request with a long method string to port 443/tcp.

Status: Candidate
Phase: Assigned (20080122)
Reference: IDEFENSE:20080122 IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
Reference: URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg24018010
Reference: CERT-VN:VU#158609
Reference: URL:http://www.kb.cert.org/vuls/id/158609
Reference: BID:27387
Reference: URL:http://www.securityfocus.com/bid/27387
Reference: FRSIRT:ADV-2008-0239
Reference: URL:http://www.frsirt.com/english/advisories/2008/0239
Reference: SECTRACK:1019249
Reference: URL:http://www.securitytracker.com/id?1019249
Reference: SECUNIA:28604
Reference: URL:http://secunia.com/advisories/28604
Reference: XF:tivoli-provisioning-http-unspecified(39819)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39819

Votes:

Name: CVE-2008-0402

Description:
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.

Status: Candidate
Phase: Assigned (20080122)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg24018060
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg24018061
Reference: AIXAPAR:JR28175
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=JR28175&apar=only
Reference: BID:27389
Reference: URL:http://www.securityfocus.com/bid/27389
Reference: FRSIRT:ADV-2008-0254
Reference: URL:http://www.frsirt.com/english/advisories/2008/0254
Reference: SECTRACK:1019252
Reference: URL:http://www.securitytracker.com/id?1019252
Reference: SECUNIA:28586
Reference: URL:http://secunia.com/advisories/28586
Reference: XF:websphere-repository-weak-security(39830)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39830

Votes:

Name: CVE-2008-0403

Description:
The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does not require authentication for SaveCfgFile.cgi, which allows remote attackers to read and modify configuration via a direct request to SaveCfgFile.cgi.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080119 Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486748/100/0/threaded
Reference: MILW0RM:4941
Reference: URL:http://www.milw0rm.com/exploits/4941
Reference: BID:27359
Reference: URL:http://www.securityfocus.com/bid/27359
Reference: FRSIRT:ADV-2008-0215
Reference: URL:http://www.frsirt.com/english/advisories/2008/0215
Reference: SECUNIA:28554
Reference: URL:http://secunia.com/advisories/28554
Reference: SREASON:3566
Reference: URL:http://securityreason.com/securityalert/3566
Reference: XF:belkin-savecfgfile-authentication-bypass(39793)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39793

Votes:

Name: CVE-2008-0404

Description:
Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Most active bugs" summary.

Status: Candidate
Phase: Assigned (20080122)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=569765
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=429552
Reference: FEDORA:FEDORA-2008-0796
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00676.html
Reference: FEDORA:FEDORA-2008-0856
Reference: URL:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00734.html
Reference: BID:27367
Reference: URL:http://www.securityfocus.com/bid/27367
Reference: FRSIRT:ADV-2008-0232
Reference: URL:http://www.frsirt.com/english/advisories/2008/0232
Reference: SECUNIA:28577
Reference: URL:http://secunia.com/advisories/28577
Reference: SECUNIA:28591
Reference: URL:http://secunia.com/advisories/28591
Reference: XF:mantis-mostactive-xss(39801)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39801

Votes:

Name: CVE-2008-0405

Description:
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486873/100/0/threaded
Reference: MISC:http://www.rejetto.com/hfs/?f=wn
Reference: MISC:http://www.syhunt.com/advisories/hfs-1-log.txt
Reference: MISC:http://www.syhunt.com/advisories/hfshack.txt
Reference: SECUNIA:28631
Reference: URL:http://secunia.com/advisories/28631
Reference: SREASON:3581
Reference: URL:http://securityreason.com/securityalert/3581
Reference: XF:hfs-unspecified-command-execution(39873)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39873

Votes:

Name: CVE-2008-0406

Description:
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486873/100/0/threaded
Reference: MISC:http://www.rejetto.com/hfs/?f=wn
Reference: MISC:http://www.syhunt.com/advisories/hfs-1-log.txt
Reference: MISC:http://www.syhunt.com/advisories/hfshack.txt
Reference: SECUNIA:28631
Reference: URL:http://secunia.com/advisories/28631
Reference: SREASON:3581
Reference: URL:http://securityreason.com/securityalert/3581
Reference: XF:hfs-filename-dos(39875)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39875

Votes:

Name: CVE-2008-0407

Description:
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486874/100/0/threaded
Reference: MISC:http://www.rejetto.com/hfs/?f=wn
Reference: MISC:http://www.syhunt.com/advisories/hfs-1-username.txt
Reference: MISC:http://www.syhunt.com/advisories/hfshack.txt
Reference: SECUNIA:28631
Reference: URL:http://secunia.com/advisories/28631
Reference: SREASON:3582
Reference: URL:http://securityreason.com/securityalert/3582
Reference: XF:hfs-username-spoofing(39877)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39877

Votes:

Name: CVE-2008-0408

Description:
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486874/100/0/threaded
Reference: MISC:http://www.rejetto.com/hfs/?f=wn
Reference: MISC:http://www.syhunt.com/advisories/hfs-1-username.txt
Reference: MISC:http://www.syhunt.com/advisories/hfshack.txt
Reference: SECUNIA:28631
Reference: URL:http://secunia.com/advisories/28631
Reference: SREASON:3582
Reference: URL:http://securityreason.com/securityalert/3582
Reference: XF:hfs-unspecified-log-injection(39876)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39876

Votes:

Name: CVE-2008-0409

Description:
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.

Status: Candidate
Phase: Assigned (20080122)
Reference: BUGTRAQ:20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/486872/100/0/threaded
Reference: MISC:http://www.rejetto.com/hfs/?f=wn
Reference: MISC:http://www.syhunt.com/advisories/hfs-1-template.txt
Reference: MISC:http://www.syhunt.com/advisories/hfshack.tx