These are the latest vulnerabilities and security advisories as published by the CVE Database, SecurityFocus Vulnerabilities, Microsoft, Common Malware Enumeration (CME) List and US-CERT. Click on a link below to see the full details of the vulnerability and to visit the publishing site.
Security Advisories
Latest CVE Database Entries
CVE-2008-5175 (aceftpfreeware, aceftppro)
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2008-5174 (jokes_complete_website)
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
CVE-2008-5173 (testmaker)
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
CVE-2008-5172 (yazd_forum_software)
Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5171 (phpblaster_cms)
Multiple directory traversal vulnerabilities in admin/minibb/index.php in phpBLASTER CMS 1.0 RC1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) DB, (2) lang, and (3) skin parameters.
SecurityFocus Vulnerabilities
Vuln: RevSense 'index.php' SQL Injection Vulnerability
RevSense 'index.php' SQL Injection Vulnerability
Vuln: libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
Vuln: libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
Vuln: MauryCMS 'Rss.php' SQL Injection Vulnerability
MauryCMS 'Rss.php' SQL Injection Vulnerability
Bugtraq: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
Common Malware Enumeration (CME) List
New CME Assigned - CME-711
CME-711 is a Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats,
Date Assigned: 2007-01-19T21:15:01Z
New CME Assigned - CME-416
CME-416 is a multi-component mass-mailing worm that downloads and executes files from the Internet.
Date Assigned: 2006-11-03T13:20:35Z
New CME Assigned - CME-762
CME-762 is a worm that opens an IRC back door on the compromised host. It
spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow
Vulnerability (Microsoft Security Bulletin MS06-040).
Date Assigned: 2006-08-14T08:01:00Z
New CME Assigned - CME-482
CME-482 is a worm that opens an IRC back door on the compromised host. It
spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow
Vulnerability (Microsoft Security Bulletin MS06-040).
Date Assigned: 2006-08-14T08:00:42Z
New CME Assigned - CME-136
CME-136 is a Microsoft Word macro virus that drops a trojan onto the infected host.
Date Assigned: 2006-06-29T08:21:35Z
US-CERT Current Activity
Malicious Code Spreading Through USB Flash Drive Devices
Apple Releases Security Updates for Safari
U.S. Federal Reserve Fraudulent Email Scam
Mozilla Releases Updates to Address Vulnerabilities in Multiple Products
Apple Releases iLife Support 8.3.1
Microsoft Releases November Security Bulletin
VMware Releases Security Advisory VMSA-2008-0018 and Updates VMSA-2008-0016.1
Adobe Reader Exploit Circulating
Microsoft Releases Advance Notification for November Security Bulletin
