Vulnerability Summary for the Week of January 15, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Agnitum -- Outpost Firewall PRO | Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. |
| 7.0 | CVE-2007-0333 BUGTRAQ OTHER-REF BID | ||
All In One Control Panel -- All In One Control Panel | Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. |
| 7.0 | CVE-2007-0316 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X FreeBSD -- FreeBSD | Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
| 7.0 | CVE-2007-0229 OTHER-REF OTHER-REF BID FRSIRT SECUNIA MLIST XF | ||
Apple -- Mac OS X | Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. |
| 10.0 | CVE-2007-0236 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X Apple -- Minimal SLP Service Agent | Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. |
| 7.0 | CVE-2007-0355 OTHER-REF OTHER-REF | ||
Article System -- Article System | Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. |
| 7.0 | CVE-2007-0314 OTHER-REF BID XF | ||
BolinTech -- DreamFTP Server | Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. |
| 7.0 | CVE-2007-0338 OTHER-REF SECUNIA | ||
Colloquy -- Colloquy | Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the room name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. |
| 7.0 | CVE-2007-0344 OTHER-REF BID SECUNIA | ||
Computer Associates -- Protection Suites Computer Associates -- Brightstor ARCserve Backup Computer Associates -- Enterprise Backup | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. |
| 10.0 | CVE-2006-5171 ISS OTHER-REF BID FRSIRT SECUNIA XF SECTRACK | ||
Computer Associates -- Brightstor ARCserve Backup Computer Associates -- Brightstor Enterprise Backup Computer Associates -- Protection Suites | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171. |
| 10.0 | CVE-2006-5172 OTHER-REF ISS BID FRSIRT SECUNIA XF SECTRACK | ||
ComScripts -- PHPMyphorum | PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. |
| 7.0 | CVE-2007-0361 OTHER-REF FRSIRT | ||
Digiappz -- DigiAffiliate | SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0306 OTHER-REF BID FRSIRT SECUNIA | ||
Easy-content filemanager -- Easy-content filemanager | Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. |
| 7.0 | CVE-2007-0252 BUGTRAQ | ||
Ezboxx -- Ezboxx Portal System | SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. |
| 7.0 | CVE-2007-0266 BUGTRAQ | ||
F5 -- FirePass SSL VPN | Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550. |
| 7.0 | CVE-2007-0186 OTHER-REF OTHER-REF OTHER-REF BID FULLDISC SECUNIA SECUNIA | ||
FileZilla -- FileZilla | Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-0315 OTHER-REF BID FRSIRT XF | ||
FileZilla -- FileZilla | Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0317 OTHER-REF BID FRSIRT XF | ||
Francisco Burzi -- PHP-Nuke | SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 7.0 | CVE-2007-0309 BUGTRAQ OTHER-REF BID SECTRACK | ||
FreshReader -- FreshReader | Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. |
| 7.0 | CVE-2007-0362 OTHER-REF OTHER-REF SECUNIA | ||
Grsecurity -- Grsecurity Kernel Patch | ** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. |
| 7.0 | CVE-2007-0253 OTHER-REF OTHER-REF OTHER-REF | ||
Grsecurity -- Grsecurity Kernel Patch | ** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. |
| 7.0 | CVE-2007-0257 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA BUGTRAQ OTHER-REF SECTRACK | ||
Image gallery with Access Database -- Image gallery with Access Database | Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp. |
| 7.0 | CVE-2006-6932 BUGTRAQ BID | ||
InGate -- Firewall and SIParator | Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. |
| 7.0 | CVE-2007-0334 OTHER-REF BID SECUNIA FRSIRT | ||
Ipswitch -- WS_FTP | Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. |
| 7.0 | CVE-2007-0330 BUGTRAQ BUGTRAQ BUGTRAQ BID | ||
KGB -- KGB | Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php. |
| 7.0 | CVE-2007-0337 OTHER-REF BID | ||
libgtop -- libgtop | Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. |
| 7.0 | CVE-2007-0235 OTHER-REF OTHER-REF OTHER-REF UBUNTU FRSIRT FRSIRT SECUNIA SECUNIA | ||
MGB -- OpenSource Guestbook | SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0354 OTHER-REF OTHER-REF VIM BID | ||
Michiel Broek -- mbse-bbs | Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. |
| 10.0 | CVE-2007-0368 OTHER-REF OTHER-REF BID | ||
Microsoft -- Help Workshop | Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. |
| 8.0 | CVE-2007-0352 BUGTRAQ OTHER-REF OTHER-REF | ||
MiNT -- Haber Sistemi 2.7 | SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0304 OTHER-REF FRSIRT SECUNIA | ||
myWebland -- myBloggie | Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. |
| 7.0 | CVE-2007-0353 BUGTRAQ OTHER-REF BID | ||
Naig -- Naig | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use. |
| 7.0 | CVE-2007-0260 BUGTRAQ VIM | ||
nicecoder -- INDEXU | Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email ! parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector. |
| 7.0 | CVE-2007-0364 BUGTRAQ BID SECUNIA | ||
Nicola Asuni -- All In One Control Panel | Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830. |
| 7.0 | CVE-2007-0365 OTHER-REF FRSIRT SECUNIA XF | ||
NWOM -- NWOM Topsites | Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. |
| 7.0 | CVE-2007-0249 BUGTRAQ BID | ||
Okulsistem Okul Web -- Otomasyon Sistemi | SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0305 BUGTRAQ OTHER-REF BID SECUNIA | ||
Openads -- Openads | Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. |
| 7.0 | CVE-2007-0363 OTHER-REF OTHER-REF SECUNIA | ||
OpenSolution -- Quick.Car Fastilo -- Fastilo | Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0258 OTHER-REF BID SECUNIA SECUNIA | ||
Oracle -- Oracle E-Business Suite and Applications Oracle -- Oracle HTTP Server | Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. |
| 7.0 | CVE-2007-0279 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Enterprise Manager | Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. |
| 7.0 | CVE-2007-0292 OTHER-REF CERT SECUNIA | ||
Oreon Project -- Oreon | PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. |
| 7.0 | CVE-2007-0360 OTHER-REF FRSIRT | ||
OWA -- OWA | Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message. |
| 10.0 | CVE-2006-6940 OTHER-REF OTHER-REF FRSIRT | ||
Pancake.org -- Zina | Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." |
| 7.0 | CVE-2007-0303 OTHER-REF BID FRSIRT | ||
Pensacola Web Designs -- XtremeASP PhotoGallery | Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. |
| 7.0 | CVE-2006-6936 BUGTRAQ BID XF | ||
Pensacola Web Designs -- XtremeASP PhotoGallery | SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. |
| 7.0 | CVE-2006-6937 BUGTRAQ BID XF | ||
phpMyAdmin -- phpMyAdmin | Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. |
| 7.0 | CVE-2006-6942 BUGTRAQ OTHER-REF | ||
phpMyAdmin -- phpMyAdmin | phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. |
| 7.0 | CVE-2006-6944 OTHER-REF | ||
Plain Black -- WebGUI | Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. |
| 7.0 | CVE-2007-0308 OTHER-REF BID SECUNIA | ||
Poplar Gedcom Viewer -- Poplar Gedcom Viewer | PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. |
| 7.0 | CVE-2007-0307 OTHER-REF BID FRSIRT SECUNIA | ||
Portix-PHP -- Portix-PHP | SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields. |
| 7.0 | CVE-2006-6935 BUGTRAQ BID XF | ||
Scriptme -- SMe FileMailer | SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0339 BUGTRAQ VIM SECUNIA | ||
SmE -- FileMailer | SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. |
| 7.0 | CVE-2007-0346 VIM FRSIRT | ||
SmE -- FileMailer | Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0350 FRSIRT | ||
sNews -- sNews | snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. |
| 10.0 | CVE-2007-0261 OTHER-REF BID SECUNIA | ||
Sun -- JDK Sun -- SDK Sun -- JRE | Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. |
| 8.0 | CVE-2007-0243 OTHER-REF SUNALERT BUGTRAQ CERT-VN FRSIRT SECUNIA | ||
ThWboard -- ThWboard | SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. |
| 7.0 | CVE-2007-0340 OTHER-REF SECUNIA | ||
Uberghey -- CMS | PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. |
| 7.0 | CVE-2007-0359 OTHER-REF VIM FRSIRT | ||
Virtuemart -- Virtuemart | SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php. |
| 7.0 | CVE-2006-6945 FULLDISC OTHER-REF OTHER-REF BID | ||
WinZip -- WinZip | Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 8.0 | CVE-2007-0264 BID | ||
Xentraz -- liens_dynamiques | Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. |
| 7.0 | CVE-2007-0331 BUGTRAQ BID | ||
Xentraz -- liens_dynamiques | (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. |
| 7.0 | CVE-2007-0332 BUGTRAQ BID | ||
xine -- xine-ui | Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. |
| 10.0 | CVE-2007-0254 BUGTRAQ BID SECUNIA XF | ||
XINE -- XINE | XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. |
| 8.0 | CVE-2007-0255 BUGTRAQ |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apple -- Mac OS X FreeBSD -- FreeBSD | The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct). NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries. |
| 4.7 | CVE-2007-0267 MLIST OTHER-REF BID FRSIRT | ||
Apple -- Mac OS X | The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. |
| 4.2 | CVE-2007-0345 OTHER-REF OTHER-REF | ||
Dexxaboy -- LunarPoll | PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter. |
| 5.6 | CVE-2007-0298 BUGTRAQ VIM BID | ||
DT Guestbook -- DT Guestbook | Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter. |
| 5.6 | CVE-2006-6487 netVigilance OSVDB SECUNIA FRSIRT | ||
Ezboxx -- Portal System Beta | Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. |
| 5.6 | CVE-2007-0265 BUGTRAQ | ||
FdWeB -- Espace Membre | PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 5.6 | CVE-2007-0301 Milw0rm BID FRSIRT SECUNIA | ||
GNU -- ed | GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. |
| 5.6 | CVE-2006-6939 OTHER-REF FRSIRT XF | ||
GONICUS -- GONICUS System Administration | Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests. |
| 6.0 | CVE-2007-0313 MLIST FRSIRT SECUNIA | ||
InstantASP -- InstantASP | Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. |
| 5.6 | CVE-2007-0302 BUGTRAQ BID SECUNIA | ||
Jax Scripts -- Jax Petition Book | Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php. |
| 5.6 | CVE-2007-0335 BUGTRAQ BUGTRAQ BUGTRAQ BID | ||
Maxum Development Corporation -- Rumpus FTP Server | Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. |
| 4.2 | CVE-2007-0019 OTHER-REF | ||
Maxum Development Corporation -- Rumpus FTP Server | Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. |
| 4.9 | CVE-2007-0366 OTHER-REF | ||
Maxum Development Corporation -- Rumpus FTP Server | Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. |
| 4.9 | CVE-2007-0367 OTHER-REF | ||
Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. |
| 5.6 | CVE-2007-0351 BUGTRAQ BUGTRAQ | ||
oftpd -- oftpd | oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. |
| 6.7 | CVE-2006-6767 GENTOO BID FRSIRT SECUNIA SECUNIA | ||
Oracle -- Oracle | Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly disputed claims by a reliable researcher that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package. |
| 4.2 | CVE-2007-0268 OTHER-REF OTHER-REF CERT CERT-VN SECUNIA | ||
Oracle -- Oracle Database | Unspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03. |
| 4.0 | CVE-2007-0270 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Unspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05. |
| 4.0 | CVE-2007-0272 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle HTTP Server Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. |
| 4.7 | CVE-2007-0280 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle Application Server | Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. |
| 4.7 | CVE-2007-0284 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Application Server | Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06. |
| 4.7 | CVE-2007-0289 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Enterprise Manager | Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. |
| 4.7 | CVE-2007-0293 OTHER-REF CERT SECUNIA | ||
phpMyAdmin -- phpMyAdmin | Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. |
| 5.6 | CVE-2007-0341 BUGTRAQ BUGTRAQ OTHER-REF | ||
Portix-PHP -- Portix-PHP | Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post. |
| 5.6 | CVE-2006-6934 BUGTRAQ BID SECUNIA XF | ||
TLM CMS -- TLM CMS | PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. |
| 5.6 | CVE-2007-0300 Milw0rm BID FRSIRT SECUNIA | ||
Total Commander -- Total Commander | Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.3 | CVE-2007-0263 OTHER-REF BID |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apple -- Mac OS X | Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. |
| 2.7 | CVE-2007-0299 OTHER-REF SECUNIA | ||
Apple -- Mac OS X | The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. |
| 3.3 | CVE-2007-0318 SECUNIA FRSIRT | ||
Apple -- Mac OS X Apple -- Safari OmniGroup -- OmniWeb Apple -- Apple WebKit | WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. |
| 2.3 | CVE-2007-0342 OTHER-REF BID | ||
BMC Software -- Remedy Action Request System | BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. |
| 2.3 | CVE-2007-0310 BUGTRAQ OTHER-REF BID SECUNIA | ||
EFS Software -- Easy Chat Server | Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 3.3 | CVE-2006-6933 SECUNIA XF | ||
Ezboxx -- Ezboxx Portal System | Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message. |
| 3.3 | CVE-2007-0259 BUGTRAQ OTHER-REF FRSIRT | ||
FreeWebshop -- FreeWebshop | index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. |
| 2.3 | CVE-2006-6941 OTHER-REF OTHER-REF | ||
Fritz!DSL -- Fritz!DSL | Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. |
| 2.3 | CVE-2007-0357 FULLDISC BID | ||
HP -- Jetdirect firmware | Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. |
| 3.3 | CVE-2007-0358 HP SECUNIA | ||
Joonas Viljanen -- JV2 Folder Gallery | download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability. |
| 2.3 | CVE-2007-0329 OTHER-REF FRSIRT SECUNIA | ||
libsoup -- libsoup | The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. |
| 3.3 | CVE-2006-5876 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA | ||
Microsoft -- Internet Explorer Common Controls Replacement Project -- FolderTreeview ActiveX control | The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. |
| 2.3 | CVE-2007-0356 OTHER-REF BID | ||
Nicecoder -- indexu | Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter. |
| 2.3 | CVE-2007-0349 BUGTRAQ | ||
NitroTech -- NitroTech | Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. |
| 2.3 | CVE-2006-6938 OTHER-REF BID XF | ||
NWOM -- NWOM Topsites | index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. |
| 2.3 | CVE-2007-0250 BUGTRAQ BID | ||
OpenBSD -- OpenBSD | OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. |
| 2.3 | CVE-2007-0343 OPENBSD OPENBSD BID SECTRACK | ||
Oracle -- Oracle10g Application Server | Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors. |
| 2.3 | CVE-2007-0222 BUGTRAQ BID SECUNIA | ||
Oracle -- Oracle | Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. |
| 2.8 | CVE-2007-0269 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. |
| 2.8 | CVE-2007-0271 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. |
| 2.3 | CVE-2007-0273 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). |
| 1.4 | CVE-2007-0274 OTHER-REF CERT SECUNIA | ||
Oracle -- E-Business Suite and Applications Oracle -- Collaboration Suite Oracle -- Application Server Oracle -- Oracle Database | Unspecified vulnerability in Oracle Workflow Cartridge, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; has unknown impact and attack vectors, aka OWF01. |
| 2.8 | CVE-2007-0275 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). |
| 2.9 | CVE-2007-0276 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. |
| 2.9 | CVE-2007-0277 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). |
| 2.9 | CVE-2007-0278 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle HTTP Server Oracle -- Oracle Application Server | Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. |
| 2.3 | CVE-2007-0281 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle HTTP Server Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. |
| 2.0 | CVE-2007-0282 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02. |
| 3.7 | CVE-2007-0283 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle E-Business Suite and Applications Oracle -- Oracle Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. |
| 2.3 | CVE-2007-0285 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. |
| 1.9 | CVE-2007-0286 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Collaboration Suite Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. |
| 1.0 | CVE-2007-0287 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Application Server | Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. |
| 1.0 | CVE-2007-0288 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle E-Business Suite and Application | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). |
| 2.8 | CVE-2007-0290 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle E-Business Suite and Applications | Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. |
| 1.4 | CVE-2007-0291 OTHER-REF CERT SECUNIA | ||
Oracle -- Oracle Enterprise Manager | Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. |
| 1.0 | CVE-2007-0294 OTHER-REF CERT SECUNIA | ||
Oracle -- JD Edwards EnterpriseOne Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. |
| 3.3 | CVE-2007-0295 OTHER-REF CERT SECUNIA | ||
Oracle -- JD Edwards EnterpriseOne Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. |
| 1.6 | CVE-2007-0296 OTHER-REF CERT SECUNIA | ||
Oracle -- JD Edwards EnterpriseOne Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. |
| 1.4 | CVE-2007-0297 OTHER-REF CERT SECUNIA | ||
PentaWare -- PentaZip PentaWare -- PentaSuite-PRO | Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename. |
| 1.9 | CVE-2006-5963 OTHER-REF SECUNIA | ||
PentaWare -- PentaZip PentaWare -- PentaSuite-PRO | choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename. |
| 2.7 | CVE-2006-5964 OTHER-REF SECUNIA | ||
phpMyAdmin -- phpMyAdmin | hpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. |
| 2.3 | CVE-2006-6943 BUGTRAQ OTHER-REF | ||
Rixstep -- Undercover | Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. |
| 3.9 | CVE-2007-0336 FULLDISC BID | ||
SISCO -- SISCO OSI Stack | The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. |
| 2.3 | CVE-2006-6489 OTHER-REF CERT-VN BID | ||
Snort Project -- Snort | Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." |
| 2.3 | CVE-2006-6931 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Snort Project -- Snort | Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. |
| 3.3 | CVE-2007-0251 BUGTRAQ OTHER-REF OTHER-REF BID | ||
Squid -- Squid | squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses. |
| 3.3 | CVE-2007-0247 OTHER-REF OTHER-REF SECUNIA | ||
Squid -- Squid | The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. |
| 3.3 | CVE-2007-0248 OTHER-REF OTHER-REF SECUNIA | ||
Sun -- ChainKey Java Code Protection | ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. |
| 3.9 | CVE-2007-0014 BUGTRAQ BUGTRAQ | ||
Texas Imperial Software -- WFTPD Texas Imperial Software -- WFTPD Pro Server | Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. |
| 2.3 | CVE-2007-0311 OTHER-REF BID | ||
VideoLAN -- VLC Media Player | VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. |
| 3.3 | CVE-2007-0256 OTHER-REF BID | ||
wcSimple Poll -- wcSimple Poll | wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. |
| 3.3 | CVE-2007-0312 BUGTRAQ | ||
WordPress -- WordPress | WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. |
| 3.3 | CVE-2007-0262 BUGTRAQ |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.