Vulnerability Summary for the Week of February 12, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adobe -- ColdFusion MX | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. |
| 7.0 | CVE-2006-5859 OTHER-REF | ||
Adobe -- ColdFusion Server MX Enterprise Adobe -- ColdFusion MX Enterprise Multi-Server Edition Adobe -- JRun | Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| 7.0 | CVE-2006-5860 OTHER-REF BID | ||
Allons_voter -- Allons_voter | Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks. |
| 7.0 | CVE-2007-0874 BUGTRAQ OTHER-REF BID | ||
Apache Stats -- Apache Stats | Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function. |
| 7.0 | CVE-2007-0930 OTHER-REF BID FRSIRT | ||
Aruba -- Mobility Controller OmniAccess -- OmniAccess Wireless | Buffer overflow in the management interface for Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long credential strings. |
| 7.0 | CVE-2007-0931 BUGTRAQ FULLDISC CERT-VN | ||
Aruba -- Mobility Controller OmniAccess -- OmniAccess Wireless | Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to gain access to the WLAN or administration interface by using the guest logon name without a password. |
| 7.0 | CVE-2007-0932 FULLDISC CERT-VN | ||
BloggIT -- BloggIT | admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. |
| 7.0 | CVE-2006-7014 BUGTRAQ FRSIRT SECTRACK SECUNIA XF | ||
Cisco -- IOS | The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. |
| 7.0 | CVE-2007-0917 CISCO SECTRACK | ||
Develooping -- Flash Chat | ** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value. |
| 7.0 | CVE-2006-7011 VIM BID XF | ||
eXtremePow -- eXtreme File Hosting | Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. |
| 7.0 | CVE-2007-0871 BUGTRAQ BID | ||
Fullaspsite -- ASP Hosting Site | Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| 7.0 | CVE-2007-0950 BUGTRAQ BID | ||
Fullaspsite -- ASP Hosting Site | SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 7.0 | CVE-2007-0951 BUGTRAQ BID | ||
FusionPhp -- Fusion Polls | PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. |
| 7.0 | CVE-2006-7003 BUGTRAQ BUGTRAQ | ||
fx-APP -- fx-APP | The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. |
| 10.0 | CVE-2006-7022 BUGTRAQ BID XF | ||
Gecad Technologies -- Axigen Mail Server | Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. |
| 10.0 | CVE-2007-0886 FULLDISC OTHER-REF BID XF | ||
GraphicsMagick -- GraphicsMagick ImageMagick -- ImageMagick | Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456. |
| 8.0 | CVE-2007-0770 BUGTRAQ OTHER-REF MANDRIVA | ||
Harpia -- Harpia CMS | Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. |
| 7.0 | CVE-2006-7024 MILW0RM BID XF | ||
HP -- HP-UX | Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. |
| 10.0 | CVE-2007-0915 HP BID SECTRACK | ||
iTinySoft Studio -- Total Video Player | Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-0949 BID SECUNIA | ||
Jobline -- Jobline | ** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests. |
| 10.0 | CVE-2006-7015 BUGTRAQ VIM XF | ||
Joomla! -- Joomla! | Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. |
| 7.0 | CVE-2006-7008 OTHER-REF OSVDB SECUNIA | ||
Joomla! -- Joomla! | Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. |
| 7.0 | CVE-2006-7009 OTHER-REF SECUNIA | ||
Joomla! -- Joomla! | The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. |
| 7.0 | CVE-2006-7010 OTHER-REF SECUNIA | ||
JPortal -- JPortal Web Server | Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. |
| 8.0 | CVE-2007-0912 BUGTRAQ | ||
Jupiter CMS -- Jupiter CMS | Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter. |
| 7.0 | CVE-2007-0987 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID | ||
KvGuestbook -- KvGuestbook | The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. |
| 7.0 | CVE-2007-0926 BUGTRAQ | ||
LightRO -- LightRO CMS | SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. |
| 7.0 | CVE-2007-0904 OTHER-REF FRSIRT XF | ||
LizardTech -- DjVu Browser Plug-in | Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-0324 BUGTRAQ OTHER-REF CERT-VN BID SECUNIA | ||
Matthieu Aubry -- phpMyVisites | CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". |
| 7.0 | CVE-2007-0892 FULLDISC | ||
McRefer -- McRefer | SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2007-0875 BUGTRAQ OTHER-REF BID | ||
Microsoft -- Office 2004 for Mac Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Office 2000 Microsoft -- Office 2003 Microsoft -- Windows XP Microsoft -- Office XP Microsoft -- Learning Essentials | The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
| 8.0 | CVE-2006-1311 MS | ||
Microsoft -- Step-by-Step Interactive Training | The Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via crafted bookmark link files, a different issue than CVE-2005-1212. |
| 8.0 | CVE-2006-3448 MS | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. |
| 10.0 | CVE-2006-4697 MS | ||
Microsoft -- Windows Defender Microsoft -- Malware Protection Engine Microsoft -- Windows Antigen Microsoft -- Windows Live OneCare Microsoft -- Windows Forefront Security | Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. |
| 8.0 | CVE-2006-5270 MS | ||
Microsoft -- Visual Studio .NET Microsoft -- Windows Server 2003 | The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2000 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. |
| 8.0 | CVE-2007-0025 MS | ||
Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Windows XP | The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. |
| 8.0 | CVE-2007-0026 MS | ||
Microsoft -- Word | Microsoft Word 2002, 2003, and 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. |
| 8.0 | CVE-2007-0208 MS | ||
Microsoft -- Word | Microsoft Word 2000, 2002, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. |
| 8.0 | CVE-2007-0209 MS | ||
Microsoft -- Windows XP | The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. |
| 7.0 | CVE-2007-0210 MS | ||
Microsoft -- Windows Server 2003 Microsoft -- Windows XP | The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." |
| 7.0 | CVE-2007-0211 MS | ||
Microsoft -- XP Microsoft -- Windows 2000 Microsoft -- Windows XP Microsoft -- Windows 2003 | The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. |
| 8.0 | CVE-2007-0214 MS | ||
Microsoft -- Internet Explorer | The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. |
| 10.0 | CVE-2007-0217 MS | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. |
| 10.0 | CVE-2007-0219 MS | ||
Microsoft -- Word | Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. |
| 8.0 | CVE-2007-0870 OTHER-REF | ||
Microsoft -- Powerpoint | Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues. |
| 8.0 | CVE-2007-0913 OTHER-REF | ||
NaboCorp Softwares -- NaboPoll | nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. |
| 7.0 | CVE-2007-0873 BUGTRAQ OTHER-REF BID | ||
Nicecoder -- indexu | Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php,! (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_ad! d.php, (77) user_delete.php, (78) user_edit.php, (79) user_sea! rch.php, and (80) whos.php. |
| 7.0 | CVE-2006-7017 BUGTRAQ SECTRACK SECUNIA XF | ||
Oliver Georgi -- phpwcms | phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. |
| 10.0 | CVE-2006-7018 OTHER-REF FRSIRT SECUNIA XF | ||
Philboard -- Philboard | SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| 7.0 | CVE-2007-0920 OTHER-REF BID XF | ||
PHP -- PHP Trustix -- Secure Linux | PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
| 7.0 | CVE-2007-0905 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP -- PHP Trustix -- Secure Linux | Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. |
| 7.0 | CVE-2007-0906 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP -- PHP Trustix -- Secure Linux | Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. |
| 10.0 | CVE-2007-0909 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP Script Tools -- PSY Auction | SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-7005 OTHER-REF BID | ||
phpjobboard -- phpjobboard | phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. |
| 7.0 | CVE-2006-7016 BUGTRAQ VIM OSVDB XF | ||
phpwcms -- phpwcms | phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-7019 OTHER-REF FRSIRT SECUNIA XF | ||
Plume CMS -- Plume CMS | PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. |
| 7.0 | CVE-2006-7021 OTHER-REF OTHER-REF BID SECTRACK XF | ||
Radical Technologies -- Portal Search | Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. |
| 7.0 | CVE-2007-0922 BUGTRAQ BID | ||
Rainbow Portal -- Rainbow with the Zen Rainbow Portal -- Rainbow.Zen | Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 7.0 | CVE-2007-0885 BUGTRAQ | ||
Roaring Penguin -- MIMEDefang | Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2007-0884 MLIST SECUNIA | ||
Robin de Graff -- Somery | ** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals. |
| 7.0 | CVE-2006-7006 BUGTRAQ OTHER-REF OTHER-REF VIM BID OSVDB | ||
S.H.Mohanjith -- MOHA Chat | MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. |
| 7.0 | CVE-2007-0954 OTHER-REF FRSIRT | ||
Sage -- Sage++ Sage -- Sage | Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/='SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. |
| 7.0 | CVE-2007-0896 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
SCart -- SCart | scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. |
| 10.0 | CVE-2006-7012 BUGTRAQ MILW0RM OTHER-REF XF | ||
Scriptsez.net -- Virtual Calendar | Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range. |
| 7.0 | CVE-2007-0952 BID SECUNIA XF | ||
Simple Machines -- Simple Machines Forum | ** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue. |
| 7.0 | CVE-2006-7013 BUGTRAQ | ||
SmidgeonSoft -- PEBrowse | Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 8.0 | CVE-2007-0879 BID | ||
Sun -- Solaris Sun -- SunOS | The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. |
| 10.0 | CVE-2007-0882 OTHER-REF Milw0rm | ||
TagIt! -- Tagboard | Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. |
| 7.0 | CVE-2007-0900 OTHER-REF FRSIRT | ||
Till Gerken -- phpPolls | Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764. |
| 7.0 | CVE-2007-0924 BUGTRAQ BID | ||
uTorrent -- uTorrent | Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. |
| 7.0 | CVE-2007-0927 OTHER-REF BID |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Kiwi Enterprises -- Kiwi CatTools | Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. |
| 4.7 | CVE-2007-0888 BUGTRAQ | ||
Kiwi Enterprises -- Kiwi CatTools | Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector. |
| 4.9 | CVE-2007-0889 BUGTRAQ | ||
MailEnable -- MailEnable Professional | Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. |
| 5.6 | CVE-2007-0652 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
OPENi-CMS Group -- OPENi-CMS | PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750. |
| 5.6 | CVE-2007-0881 OTHER-REF OTHER-REF SECUNIA | ||
PHP -- PHP Trustix -- Secure Linux | Unspecified vulnerability PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. |
| 4.9 | CVE-2007-0910 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP Script Tools -- PSY Auction | Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.9 | CVE-2006-7004 OTHER-REF BID | ||
Process-one -- ejabberd | Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. |
| 4.9 | CVE-2007-0903 OTHER-REF SECUNIA | ||
Radical Technologies -- Portal Search | Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. |
| 6.7 | CVE-2007-0921 BUGTRAQ BID |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
@mail -- @mail | Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| 1.9 | CVE-2007-0953 OTHER-REF BID FRSIRT SECUNIA | ||
Capital Request Forms -- Capital Request Forms | Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. |
| 3.3 | CVE-2007-0880 BUGTRAQ | ||
Cisco -- IOS | The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (traffic loss) use regular expressions via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. |
| 2.3 | CVE-2007-0918 CISCO SECTRACK | ||
CommunityServer.org -- Community Server | Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| 1.9 | CVE-2007-0925 BUGTRAQ BID | ||
cPanel -- WebHost Manager | Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. |
| 2.3 | CVE-2007-0890 BUGTRAQ OTHER-REF BID | ||
fx-APP -- fx-APP | Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item. |
| 1.9 | CVE-2006-7023 BUGTRAQ BID XF | ||
Gecad Technologies -- Axigen Mail Server | axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). |
| 3.3 | CVE-2007-0887 FULLDISC OTHER-REF BID XF | ||
Guillaume Fontaine -- PHP RRD Browser | Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. |
| 2.3 | CVE-2007-0929 BUGTRAQ OTHER-REF XF | ||
H. Nomura -- Tiny FTPd | Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. |
| 3.3 | CVE-2006-7007 MILW0RM OTHER-REF OTHER-REF OSVDB | ||
Headstart Solutions -- DeskPRO | Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. |
| 2.3 | CVE-2006-7000 OTHER-REF | ||
HP -- HP-UX | Unspecified vulnerability in the ARPA transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. |
| 2.3 | CVE-2007-0916 HP BID SECTRACK | ||
Linux -- Linux kernel | Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. |
| 2.3 | CVE-2007-0958 OTHER-REF OTHER-REF | ||
MailEnable -- MailEnable Professional | Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. |
| 1.9 | CVE-2007-0651 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
MailEnable -- MailEnable | The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. |
| 3.3 | CVE-2007-0955 FULLDISC SECUNIA | ||
March Networks -- 4210 DVR March Networks -- 3108 DVR March Networks -- 4410 DVR March Networks -- 3204 DVR March Networks -- 4310 DVR | Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0877 BID | ||
Matthieu Aubry -- phpMyVisites | Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. |
| 1.9 | CVE-2007-0891 FULLDISC SECUNIA | ||
Matthieu Aubry -- phpMyVisites | Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. |
| 2.3 | CVE-2007-0893 FULLDISC | ||
MediaWiki -- MediaWiki | MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. |
| 2.3 | CVE-2007-0894 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
Microsoft -- Visual C++ | The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. |
| 3.3 | CVE-2007-0842 BUGTRAQ | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. |
| 3.3 | CVE-2007-0878 BUGTRAQ BUGTRAQ BUGTRAQ FULLDISC BID XF | ||
MoinMoin -- MoinMoin | Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0901 SECUNIA | ||
MoinMoin -- MoinMoin | Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0902 SECUNIA | ||
Nickolas Grigoriadis -- Mini Web server | Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. |
| 3.3 | CVE-2007-0919 BUGTRAQ VIM BID | ||
Oliver Georgi -- phpwcms | CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER). |
| 3.3 | CVE-2006-7020 OTHER-REF FRSIRT SECUNIA XF | ||
Palm -- Treo | The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. |
| 1.6 | CVE-2007-0859 BUGTRAQ OTHER-REF BID | ||
PHP -- PHP Trustix -- Secure Linux | Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. |
| 2.3 | CVE-2007-0907 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP -- PHP Trustix -- Secure Linux | The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. |
| 3.3 | CVE-2007-0908 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
PHP -- PHP | Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). |
| 2.3 | CVE-2007-0911 MLIST MLIST OTHER-REF BID | ||
PhpMyChat Plus -- PhpMyChat Plus | Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.7 | CVE-2006-7001 SECUNIA | ||
Plain Old Webserver -- Plain Old Webserver | Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. |
| 2.3 | CVE-2007-0872 FULLDISC FULLDISC OTHER-REF BID | ||
Qdig -- Qdig | Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. |
| 1.9 | CVE-2007-0876 BUGTRAQ BUGTRAQ OTHER-REF BID | ||
Radical Technologies -- Portal Search | buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. |
| 3.3 | CVE-2007-0923 BUGTRAQ BID | ||
Second Rule LLC -- IP3 NetAccess | Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| 2.3 | CVE-2007-0883 OTHER-REF OTHER-REF | ||
Sun -- Solaris | Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
| 2.6 | CVE-2007-0895 SUNALERT FRSIRT SECUNIA | ||
Sun -- Solaris | Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. |
| 2.7 | CVE-2007-0914 SUNALERT BID | ||
Virtual Calendar -- Virtual Calendar | Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. |
| 2.3 | CVE-2007-0928 BUGTRAQ | ||
Wheatblog -- Wheatblog | Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195. |
| 2.3 | CVE-2006-7002 SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.