Contents
Cal Poly Pomona

Latest Unix and Other Bulletins

UNIX and Other

Report date: March 02, 2009  Date posted: Mar 3, 2009

This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.

At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.

Tip: highlight any link below to reveal the criticality or priority.

SANS Bulletin - Vol 8 Num 9

None relevant

Secunia Bulletin - 2009-9

CERT Bulletin - SB09-061

Note:there may be multiple issues for each product link. Scroll down after clicking the link.

BULLETIN DETAIL

CERT Bulletin

Vulnerability Summary for the Week of February 23, 2009

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back phpbb -- Tag Board
 SQL injection vulnerability in tag board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.2009-02-277.5CVE-2008-6314
XF
BID
MILW0RM
SECUNIA
OSVDB
back 1scripts -- z1exchange
 SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.2009-02-257.5CVE-2008-6284
XF
BID
MILW0RM
back accscripts -- acc php email
 Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin".2009-02-267.5CVE-2008-6291
XF
BID
MILW0RM
SECUNIA
back accscripts -- acc autos
 Acc Autos 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) username cookie to "admin," (2) right cookie to "1," and (3) id cookie to "1."2009-02-267.5CVE-2008-6292
XF
BID
MILW0RM
SECUNIA
back accscripts -- acc real estate
 admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username cookie to "admin."2009-02-267.5CVE-2008-6293
XF
BID
MILW0RM
SECUNIA
back accscripts -- acc statistics
 admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username cookie cookie to "admin."2009-02-267.5CVE-2008-6294
BID
MILW0RM
SECUNIA
back activewebsoftwares -- active newsletter
 Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information.2009-02-257.5CVE-2008-6286
XF
MILW0RM
SECUNIA
back adobe -- acrobat
adobe -- acrobat reader
adobe -- reader
 Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.2009-02-209.3CVE-2009-0658
CERT
CERT-VN
XF
MISC
MISC
SECTRACK
BID
FRSIRT
CONFIRM
SECUNIA
OSVDB
MISC
back adobe -- air
adobe -- flash player
adobe -- flash player for linux
adobe -- flex
 Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file.2009-02-269.3CVE-2009-0519
BID
CONFIRM
back adobe -- air
adobe -- flash player
adobe -- flash player for linux
adobe -- flex
 Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a "buffer overflow issue."2009-02-269.3CVE-2009-0520
VUPEN
BID
CONFIRM
MISC
back appstate -- phpwebsite
 SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.2009-02-257.5CVE-2008-6266
XF
BID
BUGTRAQ
back aspthai.net -- aspthai.net webboard
 SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-237.5CVE-2009-0703
XF
BID
MILW0RM
back bluocms -- bluo cms
 SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-257.5CVE-2008-6281
BID
MILW0RM
SECUNIA
back bookingcentre -- booking system for hotels group
 SQL injection vulnerability in cadena ofertas ext.php in Venalsur Booking center Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter.2009-02-207.5CVE-2008-6216
MILW0RM
back businessvein -- php tv portal
 SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.2009-02-257.5CVE-2008-6285
XF
VUPEN
BID
MILW0RM
SECUNIA
back butterflymedia -- butterfly organizer
 SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.2009-02-277.5CVE-2008-6311
MILW0RM
SECUNIA
back butterflymedia -- butterfly organizer
 SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-277.5CVE-2008-6328
MILW0RM
MILW0RM
SECUNIA
back cafuego -- sdms
 SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-217.5CVE-2008-6236
XF
BID
SECUNIA
back cfmsource -- cf calendar
 SQL injection vulnerability in calendarevent.cfm in CF Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.2009-02-277.5CVE-2008-6319
BID
MILW0RM
SECUNIA
back cfmsource -- cfmblog
 SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.2009-02-277.5CVE-2008-6322
BID
MILW0RM
SECUNIA
back cfmsource -- cf auction
 SQL injection vulnerability in forummessages.cfm in CFMSource CF Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.2009-02-277.5CVE-2008-6323
BID
MILW0RM
back cfmsource -- cf forum
 SQL injection vulnerability in forummessages.cfm in CF Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.2009-02-277.5CVE-2008-6324
BID
MILW0RM
SECUNIA
back cfshopkart -- cf shopkart
 SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows remote attackers to execute arbitrary SQL commands via the Category parameter in a ViewCategory action.2009-02-277.5CVE-2008-6320
BID
MILW0RM
SECUNIA
back cisco -- meetingplace web confrencing
 Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL.2009-02-269.0CVE-2009-0614
BID
CISCO
back cisco -- application control engine device manager
cisco -- application networking manager
 Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."2009-02-269.0CVE-2009-0615
BID
CISCO
back cisco -- application networking manager
 Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation."2009-02-2610.0CVE-2009-0616
BID
CISCO
back cisco -- application networking manager
 Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.2009-02-2610.0CVE-2009-0617
BID
CISCO
back cisco -- application networking manager
 Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.2009-02-268.5CVE-2009-0618
CISCO
back cisco -- application control engine module
 Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.2009-02-2610.0CVE-2009-0620
BID
CISCO
back cisco -- ace 4710
 Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.2009-02-2610.0CVE-2009-0621
CISCO
back cisco -- ace 4710
cisco -- application control engine module
 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).2009-02-269.0CVE-2009-0622
CISCO
back cisco -- ace 4710
cisco -- application control engine module
 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.2009-02-267.8CVE-2009-0623
BID
CISCO
back cisco -- ace 4710
cisco -- application control engine module
 Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.2009-02-267.8CVE-2009-0625
BID
CISCO
back cisco -- ace 4710
cisco -- application control engine module
 The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.2009-02-267.8CVE-2009-0742
CISCO
back craftsilicon -- banking@home
 SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.2009-02-257.5CVE-2009-0741
BID
BUGTRAQ
SECUNIA
FULLDISC
back e-topbiz -- admanager
 SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter.2009-02-247.5CVE-2008-6261
XF
BID
MILW0RM
SECUNIA
back e-topbiz -- slide popups
 SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.2009-02-247.5CVE-2008-6264
XF
VUPEN
BID
MISC
back e-topbiz -- link back checker
 E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."2009-02-267.5CVE-2008-6307
BID
MILW0RM
SECUNIA
OSVDB
back emc -- networker client
emc -- networker module
emc -- networker powersnap
emc -- networker server
emc -- networker storage node
 nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.2009-02-207.8CVE-2008-6219
SECTRACK
BID
BUGTRAQ
BUGTRAQ
VUPEN
MISC
SECUNIA
back fivedollarscripts -- drinks
 SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.2009-02-207.5CVE-2008-6233
BID
MILW0RM
VUPEN
SECUNIA
back frankmancuso -- auth php
 SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.2009-02-257.5CVE-2009-0738
BID
MILW0RM
SECUNIA
back frankmancuso -- mynews
 SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.2009-02-257.5CVE-2009-0739
BID
MILW0RM
back frankmancuso -- bluebird
 SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.2009-02-257.5CVE-2009-0740
BID
MILW0RM
back getmiro -- broadcast machine
 Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/.2009-02-257.5CVE-2008-6287
XF
VUPEN
BID
MILW0RM
back gigcalendar -- gigcalendar component
 SQL injection vulnerability in the GigCalendar (com gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal gigs id parameter in a details action to index.php.2009-02-247.5CVE-2009-0726
XF
BID
MILW0RM
back gwm -- galatolo webmanager
 SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-237.5CVE-2008-6249
BID
MILW0RM
SECUNIA
back gwm -- galatolo webmanager
 Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative access by setting the (1) gwm user and (2) gwm pass cookies to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-267.5CVE-2008-6300
XF
MISC
BID
back hp -- mercury quality center
hp -- testdirector
 HP Mercury Quality Center (QC) 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture (OTA) API, as demonstrated by modifying (1) common.tds, (2) defects.tds, (3) manrun.tds, (4) req.tds, (5) testlab.tds, or (6) testplan.tds in %tmp%\TD 80, and then setting the file's properties to read-only.2009-02-247.6CVE-2007-5289
CERT-VN
XF
BID
BUGTRAQ
SECUNIA
MISC
back hp -- virtual rooms
 Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.2009-02-267.5CVE-2009-0208
HP
HP
back ibm -- websphere mq
 Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.2009-02-247.2CVE-2009-0439
XF
MISC
back ibm -- txseries
 The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for a forcepurge acknowledgement from the CICS Application Server (CICSAS) after an eci response timeout, which might allow remote authenticated users to cause a denial of service (forcepurge handling delay), or have unspecified other impact, via vectors involving slow or nonexistent acknowledgement.2009-02-259.0CVE-2009-0505
CONFIRM
back infireal -- saturncms
 SQL injection vulnerability in lib/url/meta url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-247.5CVE-2008-6262
XF
SECUNIA
back infireal -- saturncms
 SQL injection vulnerability in lib/user/t user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the userLoggedIn function. NOTE: some of these details are obtained from third party information.2009-02-247.5CVE-2008-6263
XF
BID
MILW0RM
SECUNIA
back interface-medien -- ibase
 Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.2009-02-257.8CVE-2008-6288
XF
BID
MILW0RM
SECUNIA
back jadu -- jadu galaxies
 SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter.2009-02-247.5CVE-2008-6254
BID
MILW0RM
SECUNIA
back joomla -- com musica
mambo-foundation -- com musica
 SQL injection vulnerability in the com musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.2009-02-207.5CVE-2008-6234
BID
BUGTRAQ
MILW0RM
back joovili -- joovili
 Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session id, session logged in, and session username cookies for user privileges; (2) session admin id, session admin username, and session admin cookies for admin privileges; and (3) session staff id, session staff username, and session staff cookies for staff users.2009-02-257.5CVE-2008-6269
XF
VUPEN
BID
MILW0RM
SECUNIA
back libpng -- libpng
 Memory leak in the png handle tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.2009-02-207.1CVE-2008-6218
VUPEN
CONFIRM
CONFIRM
back manzovi -- proquiz
 SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.2009-02-277.5CVE-2008-6312
XF
BID
MILW0RM
back manzovi -- proquiz
 SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.2009-02-277.5CVE-2008-6327
XF
MILW0RM
back maran -- php shop
 admin.php in Maran PHP Shop allows remote attackers to bypass authentication and gain administrative access by setting the user cookie to "demo."2009-02-267.5CVE-2008-6296
XF
BID
MILW0RM
back maxdev -- my egallery
 SQL injection vulnerability in the My eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.2009-02-247.5CVE-2009-0728
BID
MILW0RM
back microsoft -- excel
microsoft -- excel viewer
microsoft -- office
microsoft -- office compatibility pack
microsoft -- office excel
microsoft -- office excel viewer
 Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.2009-02-259.3CVE-2009-0238
XF
MISC
BID
CONFIRM
SECTRACK
MISC
MISC
back miticdjd -- apoll
 SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter.2009-02-257.5CVE-2008-6270
XF
BID
MILW0RM
back miticdjd -- apoll
 SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.2009-02-257.5CVE-2008-6272
XF
MILW0RM
back mole-group -- airline ticket sale script
 ** DISPUTED ** SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist."2009-02-207.5CVE-2008-6225
MISC
MILW0RM
VUPEN
SECUNIA
back nokia -- nokia pc suite
 Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.2009-02-259.3CVE-2009-0734
VUPEN
BUGTRAQ
SECUNIA
OSVDB
back openasp -- openasp
 SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module.2009-02-247.5CVE-2008-6257
XF
BID
MILW0RM
SECUNIA
back orbitdownloader -- orbit downloader
 Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.2009-02-269.3CVE-2009-0187
VUPEN
BID
back phoca -- phoca documentation
 SQL injection vulnerability in the Phoca Documentation (com phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.2009-02-237.5CVE-2009-0702
VUPEN
BID
MILW0RM
back phpfootball -- phpfootball
 SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-237.5CVE-2009-0709
XF
SECUNIA
OSVDB
back phpfootball -- phpfootball
 filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.2009-02-237.5CVE-2009-0711
OSVDB
MILW0RM
SECUNIA
back phpmygallery -- phpmygallery
 PHP remote file inclusion vulnerability in conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316.2009-02-277.5CVE-2008-6315
BID
MILW0RM
back phpmygallery -- phpmygallery
 PHP remote file inclusion vulnerability in conf/ php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.2009-02-277.5CVE-2008-6318
BID
MILW0RM
back potato-scripts -- potato news
 Directory traversal vulnerability in admin.php in Potato News 1.0.0 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the user cookie parameter.2009-02-247.5CVE-2009-0722
BID
MILW0RM
back powerscripts -- powerclan
 SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.2009-02-237.5CVE-2009-0707
XF
BID
MILW0RM
SECUNIA
OSVDB
back preproject -- pre multi-vendor shopping malls
 SQL injection vulnerability in buyer detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.2009-02-207.5CVE-2008-6227
BID
MILW0RM
VUPEN
back preproject -- pre multi-vendor shopping malls
 Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".2009-02-207.5CVE-2008-6228
MILW0RM
VUPEN
back preprojects -- pre podcast portal
 SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-207.5CVE-2008-6230
BID
MILW0RM
VUPEN
SECUNIA
back preprojects -- pre classified listings
 Pre Classified Listing PHP allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".2009-02-207.5CVE-2008-6231
MILW0RM
VUPEN
SECUNIA
back preprojects -- pre shopping mall
 Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin".2009-02-207.5CVE-2008-6232
MILW0RM
VUPEN
SECUNIA
back prezmo -- small shoutbox
 SQL injection vulnerability in shoutbox view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.2009-02-267.5CVE-2008-6301
BID
MILW0RM
SECUNIA
back quadcomm -- q-shop
 SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.2009-02-247.5CVE-2008-6258
XF
BID
MILW0RM
SECUNIA
back rakhisoftware -- rakhisoftware shopping cart
 SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory id parameter.2009-02-257.5CVE-2008-6277
OSVDB
MILW0RM
SECUNIA
MISC
back sadi samami -- multi languages webshop online
 SQL injection vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-257.5CVE-2008-6268
BID
MILW0RM
back scripts-for-sites -- ez gaming cheats
 SQL injection vulnerability in view reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-237.5CVE-2008-6244
XF
MILW0RM
SECUNIA
back scripts-for-sites -- ez biz pro
 SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-237.5CVE-2008-6245
XF
BID
MILW0RM
back scripts-for-sites -- ez webring
 SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.2009-02-237.5CVE-2008-6246
XF
BID
SECUNIA
MILW0RM
back scripts-for-sites -- ez top sites
 SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.2009-02-237.5CVE-2008-6247
XF
BID
SECUNIA
MILW0RM
back scripts for sites -- hotscripts-like site
 SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.2009-02-237.5CVE-2008-6237
XF
MILW0RM
SECUNIA
back scripts for sites -- ez e-store
 SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.2009-02-237.5CVE-2008-6242
XF
BID
MILW0RM
SECUNIA
back scripts for sites -- ez hotscripts-likesite
 SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter.2009-02-237.5CVE-2008-6243
XF
MILW0RM
SECUNIA
back simple-review -- simple review component
 SQL injection vulnerability in the Simple Review (com simple review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.2009-02-237.5CVE-2009-0706
XF
BID
MISC
back simplecustomer -- simple customer
 SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-277.5CVE-2008-6326
XF
OSVDB
SECUNIA
back smcfancontrol -- smcfancontrol
 Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.2009-02-247.2CVE-2008-6252
VUPEN
CONFIRM
back tony iha kazungu -- taifajobs
 SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.2009-02-247.5CVE-2009-0727
BID
BUGTRAQ
MILW0RM
MISC
back toursmanager -- tours manager
 SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.2009-02-267.5CVE-2008-6289
BID
MILW0RM
SECUNIA
back toursmanager -- tours manager
 SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.2009-02-267.5CVE-2008-6303
BID
MILW0RM
SECUNIA
back turnkeyforms -- local classifieds
 TurnkeyForms Local Classifieds allows remote attackers to bypass authentication and gain administrative access via a direct request to Site Admin/admin.php.2009-02-267.5CVE-2008-6302
MILW0RM
SECUNIA
back ultrastats -- ultrastats
 SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter.2009-02-247.5CVE-2008-6260
BID
MILW0RM
SECUNIA
back vim -- tar.vim
vim -- vim
 The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.2009-02-219.3CVE-2008-3074
MISC
MLIST
back vim -- vim
vim -- zipplugin.vim
 The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.2009-02-219.3CVE-2008-3075
MISC
MLIST
back vim -- vim
 The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.2009-02-219.3CVE-2008-3076
MISC
MISC
MLIST
back vim -- vim
 The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.2009-02-219.3CVE-2008-6235
MISC
MISC
back w3matter -- askpert
 SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.2009-02-267.5CVE-2008-6309
BID
MILW0RM
SECUNIA
back w3matter -- revsense
 SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.2009-02-267.5CVE-2008-6310
BID
MILW0RM
SECUNIA
back webmastersite -- wsn guest
 SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.2009-02-237.5CVE-2009-0704
XF
BID
MILW0RM
back wotw -- way of the warrior
 PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php.2009-02-207.5CVE-2008-6223
XF
BID
SECUNIA
MILW0RM
back xine -- xine-lib
 Integer overflow in the 4xm demuxer (demuxers/demux 4xm.c) in xine-lib 1.1.16.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a 4X movie file with a large current track value, a similar issue to CVE-2009-0385.2009-02-237.5CVE-2009-0698
CONFIRM
Medium Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back adobe -- air
adobe -- flash player
adobe -- flash player for linux
adobe -- flex
 Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant."2009-02-265.8CVE-2009-0114
VUPEN
CONFIRM
back adobe -- flash player for linux
 Untrusted search path vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Linux allows local users to obtain sensitive information or gain privileges via a crafted library in a directory contained in the RPATH.2009-02-264.6CVE-2009-0521
VUPEN
CONFIRM
back adobe -- air
adobe -- flash player
adobe -- flash player for linux
adobe -- flex
 Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack."2009-02-264.3CVE-2009-0522
CONFIRM
back adobe -- robohelp
adobe -- robohelp server
 Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.2009-02-264.3CVE-2009-0523
VUPEN
BID
CONFIRM
back adobe -- robohelp
adobe -- robohelp server
 Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.2009-02-264.3CVE-2009-0524
BID
CONFIRM
back apache -- tomcat
 The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.2009-02-265.0CVE-2008-4308
VUPEN
back asus -- smartlogon
 Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.2009-02-206.9CVE-2009-0656
MISC
MISC
back bookingcentre -- booking system for hotels group
 Cross-site scripting (XSS) vulnerability in cadena ofertas ext.php in Venalsur Booking center Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.2009-02-204.3CVE-2008-6215
MILW0RM
back camera life -- camera life
 Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST URI to (8) index.php.2009-02-264.3CVE-2008-6295
XF
BID
MISC
SECUNIA
back cfshopkart -- cf shopkart
 CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via a direct request.2009-02-275.0CVE-2008-6321
MILW0RM
SECUNIA
back china-on-site -- flexphpsite
 Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic quotes gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.2009-02-236.8CVE-2008-6241
XF
MILW0RM
SECUNIA
back cisco -- wrt160n
 Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP Static operation.2009-02-254.3CVE-2008-6280
BID
SECUNIA
MISC
back cisco -- ace 4710
cisco -- application control engine module
 Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.2009-02-266.8CVE-2009-0624
CISCO
back comdev -- comdev web blogger
 SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.2009-02-236.8CVE-2008-6250
BID
BUGTRAQ
MILW0RM
SECUNIA
MISC
back cyberfolio -- cyberfolio
 Directory traversal vulnerability in portfolio/css.php in Cyberfolio 7.12.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.2009-02-246.8CVE-2008-6265
XF
VUPEN
BID
MILW0RM
back cybershade -- cybershadecms
 Multiple PHP remote file inclusion vulnerabilities in index.php in Cybershade CMS 0.2b, when register globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) THEME header and (2) THEME footer parameters.2009-02-236.8CVE-2009-0701
XF
BID
MILW0RM
back dhcart -- dhcart
 Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.2009-02-264.3CVE-2008-6297
SECUNIA
MISC
back dminnich -- simple php news
 Static code injection vulnerability in post.php in Simple PHP News 1.0 final allows remote attackers to inject arbitrary PHP code into news.txt via the post parameter, and then execute the code via a direct request to display.php. NOTE: some of these details are obtained from third party information.2009-02-205.1CVE-2009-0643
XF
MILW0RM
VUPEN
SECUNIA
OSVDB
back dmitry baryshev -- ksquirrel-libs
 Multiple stack-based buffer overflows in the mt codec::getHdrHead function in kernel/kls hdr/fmt codec hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file).2009-02-266.8CVE-2008-5263
XF
VUPEN
BID
BUGTRAQ
MISC
SECUNIA
back drupal -- user karma module
 Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.2009-02-256.5CVE-2008-6276
BID
CONFIRM
back freedirectoryscript -- free directory script
 PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API HOME DIR parameter.2009-02-266.8CVE-2008-6305
XF
MILW0RM
SECUNIA
OSVDB
back galatolo -- galatolo webmanager
 Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.2009-02-234.3CVE-2008-6248
XF
BID
MILW0RM
SECUNIA
back gigcalendar -- gigcalendar component
 Multiple SQL injection vulnerabilities in the GigCalendar (com gigcal) component 1.0 for Mambo and Joomla!, when magic quotes gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal venues id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal bands id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.2009-02-246.8CVE-2009-0730
XF
BID
BID
BUGTRAQ
BUGTRAQ
BUGTRAQ
back ibm -- websphere application server
 Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks.2009-02-256.2CVE-2009-0506
XF
CONFIRM
back ibm -- websphere process server
 IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.1.0 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain (1) JMSAPI information and (2) mail session information via vectors involving access to a cluster member.2009-02-264.0CVE-2009-0507
XF
AIXAPAR
back insightinformatics -- libero
 Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field.2009-02-254.3CVE-2009-0540
XF
VUPEN
BID
FULLDISC
back libpng -- libpng
 The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png read png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.2009-02-226.8CVE-2009-0040
VUPEN
back lingx -- page engine cms
 Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 Basic and Pro allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the fPrefix parameter to (1) modules/recent poll include.php, (2) modules/login include.php, and (3) modules/statistics include.php and (4) configuration.inc.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-246.8CVE-2009-0729
XF
BID
SECUNIA
OSVDB
OSVDB
OSVDB
OSVDB
back lingx -- downloadcenter
 Downloadcenter 2.1 stores common.h under the web root with insufficient access control, which allows remote attackers to obtain user credentials and other sensitive information via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-245.0CVE-2009-0732
XF
SECUNIA
OSVDB
back magentocommerc -- magento
 Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.2009-02-254.3CVE-2009-0541
XF
XF
XF
BID
SECTRACK
SECUNIA
FULLDISC
back mjcreation -- familyproject
 Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.2009-02-256.8CVE-2008-6274
MILW0RM
SECUNIA
OSVDB
back myktools -- myktools
 Directory traversal vulnerability in configuration script.php in MyKtools 3.0 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, a different vulnerability than CVE-2008-4781. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-256.0CVE-2008-6273
SECUNIA
back niclor -- include sito
 Directory traversal vulnerability in includefile.php in nicLOR Sito, when register globals is enabled or magic quotes gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the page file parameter.2009-02-266.8CVE-2008-6290
MILW0RM
SECUNIA
back openedit -- openedit digital asset management
 Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to perform unspecified actions as arbitrary users via unknown vectors.2009-02-234.3CVE-2008-6239
XF
OSVDB
SECUNIA
MISC
back openedit -- openedit digital asset management
 Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter.2009-02-234.3CVE-2008-6240
XF
BID
OSVDB
SECUNIA
MISC
back ortus.nirn -- cms ortus
 SQL injection vulnerability in engine/users/users edit pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users edit pub action to index.php.2009-02-256.5CVE-2008-6282
CONFIRM
back papoo -- papoo
 Directory traversal vulnerability in lib/classes/message class.php in Papoo CMS 3.6, when register globals is enabled and magic quotes gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information.2009-02-255.1CVE-2009-0735
BID
MILW0RM
SECUNIA
back phpaddedit -- phpaddedit
 Directory traversal vulnerability in addedit-render.php in phpAddEdit 1.3, when magic quotes gpc is disabled, allows remote attackers to include and execute arbitrary local files via a URL in the editform parameter. NOTE: PHP remote file inclusion attacks are also likely.2009-02-276.8CVE-2008-6313
BID
MILW0RM
SECUNIA
back phpfootball -- phpfootball
 Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the user parameter to login.php or (2) the dbfield parameter to filter.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-234.3CVE-2009-0710
XF
XF
OSVDB
SECUNIA
OSVDB
back phpmygallery -- phpmygallery
 Directory traversal vulnerability in conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter, a different issue than CVE-2008-6316 and a different vector than CVE-2008-6318.2009-02-276.8CVE-2008-6316
XF
BID
MILW0RM
back phpmygallery -- phpmygallery
 Directory traversal vulnerability in conf/ php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316.2009-02-276.8CVE-2008-6317
XF
BID
MILW0RM
back pluck-cms -- pluck
 Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g pcltar lib dir parameter.2009-02-246.8CVE-2008-6253
BID
BUGTRAQ
CONFIRM
SECUNIA
back plunet -- business manager
 Plunet BusinessManager 4.1 and earlier allows remote authenticated users to bypass access restrictions and (1) read sensitive Customer or Order data via a modified Pfad parameter to pagesUTF8/Sys DirAnzeige.jsp, or (2) list sensitive Jobs via a direct request to pagesUTF8/auftrag job.jsp.2009-02-235.5CVE-2009-0700
XF
BID
MISC
BUGTRAQ
BUGTRAQ
back powerscripts -- powernews
 SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic quotes gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.2009-02-236.8CVE-2009-0705
XF
BID
MILW0RM
SECUNIA
OSVDB
back punbb -- private messaging system
 Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun user[language] parameter to (1) functions navlinks.php, (2) header new messages.php, (3) profile send.php, and (4) viewtopic PM-link.php in include/pms/.2009-02-265.1CVE-2008-6308
VUPEN
BID
MILW0RM
SECUNIA
back quadcomm -- q-shop
 Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.2009-02-244.3CVE-2008-6259
XF
BID
MILW0RM
SECUNIA
back rakhisoftware -- rakhisoftware shopping cart
 Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category id and (2) subcategory id parameters.2009-02-254.3CVE-2008-6278
BID
SECUNIA
MISC
OSVDB
back rakhisoftware -- rakhisoftware shopping cart
 RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message.2009-02-255.0CVE-2008-6279
BID
SECUNIA
MISC
OSVDB
back ravenphpscripts -- ravennuke
 SQL injection vulnerability in the Resend Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user prefix parameter to modules.php.2009-02-226.5CVE-2009-0672
BID
back ravenphpscripts -- ravennuke
 Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.2009-02-226.5CVE-2009-0673
XF
MISC
BID
BUGTRAQ
MILW0RM
CONFIRM
back rocketeer.dip -- sisapilocation
 Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows remote attackers to bypass intended access restrictions for character encoding and the cookie secure flag via unknown vectors related to the "HTTP header rewrite function."2009-02-265.0CVE-2008-6298
CONFIRM
back sadi samami -- multi languages webshop online
 Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.2009-02-254.3CVE-2008-6267
BID
MILW0RM
back scripts -- phpfan
 PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.2009-02-246.8CVE-2008-6251
CONFIRM
back semanticscuttle -- semanticscuttle
 Multiple cross-site request forgery (CSRF) vulnerabilities in SemanticScuttle before 0.91 allow remote attackers to perform (1) unspecified actions as administrators via unknown vectors or (2) unspecified actions as arbitrary users via vectors involving the profile page.2009-02-236.8CVE-2009-0708
CONFIRM
back simon brown -- pebble
 Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-02-254.3CVE-2009-0736
CONFIRM
CONFIRM
back softbizscripts -- classifieds script
 Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.2009-02-264.3CVE-2008-6306
XF
BID
SECUNIA
back softbizscripts -- classifieds script
 Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.2009-02-274.3CVE-2008-6325
SECUNIA
MISC
back subtextproject -- subtext
 Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."2009-02-254.3CVE-2008-6283
BID
CONFIRM
MISC
back tbmnet -- tbmnetcms
 Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when magic quotes gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the content parameter.2009-02-256.8CVE-2008-6271
BID
MILW0RM
SECUNIA
back tor -- tor
 Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."2009-02-205.1CVE-2009-0654
MISC
MISC
MISC
back vbulletin -- vbulletin
 Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.2009-02-246.5CVE-2008-6255
MISC
BUGTRAQ
SECUNIA
back vbulletin -- vbulletin
 SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.2009-02-246.5CVE-2008-6256
MISC
BUGTRAQ
SECUNIA
back xt-commerce -- xt-commerce
 SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic quotes gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.2009-02-266.8CVE-2008-6304
CONFIRM
Low Vulnerabilities
Primary
Vendor -- Product		DescriptionPublished CVSS ScoreSource & Patch Info
back drupal -- content construction kit
 Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.2009-02-203.5CVE-2008-6229
BID
CONFIRM
back drupal -- user karma module
 Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.2009-02-251.9CVE-2008-6275
BID
CONFIRM
back joomla -- joomla
 Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com weblinks module and (2) unspecified vectors in the com content module related to "article submission."2009-02-263.5CVE-2008-6299
CONFIRM
CONFIRM
back linux -- kernel
 The skfp ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP CLR STATS requests only when the CAP NET ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an "inverted logic" issue.2009-02-222.1CVE-2009-0675
CONFIRM
CONFIRM
SECUNIA
MLIST
MLIST
CONFIRM
back linux -- kernel
 The sock getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO BSDCOMPAT getsockopt request.2009-02-222.1CVE-2009-0676
BID
back mediawiki -- mediawiki
 Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.2009-02-252.6CVE-2009-0737
VUPEN
BID
MLIST
back plunet -- business manager
 Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.2009-02-233.5CVE-2009-0699
XF
BID
MISC
BUGTRAQ
BUGTRAQ

back Relevant Products

  • Ethereal
  • PCRE
  • Sun
  • activesync
  • aol
  • apache
  • bea
  • blackboard
  • cisco
  • citrix
  • comodo
  • epolicy
  • fedora
  • gentoo
  • gnu
  • gzip
  • jakarta
  • linux
  • metaframe
  • mysql
  • nagios
  • novell
  • openoffice
  • openoffice.org
  • openoffice.org/staroffice
  • openssh
  • openssl
  • oracle
  • palm
  • palmos
  • peoplesoft
  • perl
  • php
  • postfix
  • red hat
  • samba
  • solaris
  • sql
  • ssh
  • tomcat
  • vim
  • vmware
  • webct
  • windows ce
  • windowsce