Vulnerability Summary for the Week of April 2, 2007
Released
Apr 09, 2007
Document ID
SB07-099
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Aardvark -- Topsites PHP | Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php. |
| 7.0 | CVE-2007-1844 BUGTRAQ | ||
| Alcatel-Lucent -- Lucent Technologies Voice | Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| 10.0 | CVE-2007-1822 CERT-VN | ||
| Alexscriptengine -- Picture-Engine | SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 7.0 | CVE-2007-1791 MILW0RM BID | ||
| AOL -- AOL | The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value. |
| 8.0 | CVE-2006-5820 BUGTRAQ OTHER-REF | ||
| ben3w -- 2Bgal | Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. |
| 10.0 | CVE-2007-1852 BUGTRAQ | ||
| BT-Sondage -- BT-Sondage | PHP remote file inclusion vulnerability in utilitaires/gestion_sondage.php in BT-Sondage 112 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire_visiteur parameter. |
| 7.0 | CVE-2007-1812 MILW0RM VIM | ||
| Camportail -- Camportail | SQL injection vulnerability in show.php in the Camportail 1.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the camid parameter in a showcam action. |
| 7.0 | CVE-2007-1808 MILW0RM | ||
| Chapi -- Tiny Event | SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. |
| 7.0 | CVE-2007-1811 MILW0RM | ||
| Cisco -- Trust Agent | Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. |
| 7.0 | CVE-2007-1800 OTHER-REF CISCO | ||
| CMSmelborp -- CMSmelborp | PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. |
| 8.0 | CVE-2006-7185 MILW0RM XF | ||
| CodeBB -- CodeBB | Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) pass_code.php or (2) lang_select. |
| 7.0 | CVE-2007-1839 MILW0RM | ||
| dproxy -- dproxy | Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465. |
| 10.0 | CVE-2007-1866 FULLDISC FULLDISC OTHER-REF FRSIRT SECUNIA | ||
| Drake Team -- Drake CMS | Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." |
| 7.0 | CVE-2007-1849 BUGTRAQ BID XF | ||
| Forum picture and META tags -- Forum picture and META tags | PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-1818 MILW0RM | ||
| GraFX Software -- Company Website Builder | Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder (CWB) PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter to (1) cls_headline_prod.php, (2) cls_listorders.php, or (3) cls_viewpastorders.php in include/, different vectors than CVE-2007-1513. |
| 7.0 | CVE-2007-1809 MILW0RM VIM | ||
| HP -- Mercury Quality Center | Unspecified vulnerability in a certain ActiveX control in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2007-1819 OTHER-REF OTHER-REF HP CERT-VN SECTRACK | ||
| IBM -- Lotus Notes Sametime IBM -- Lotus Notes Sametime STJNILoader.ocx | The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. |
| 8.0 | CVE-2007-1784 IDEFENSE OTHER-REF BID SECTRACK | ||
| IBM -- AIX | Buffer overflow in the drmgr command for IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. |
| 7.0 | CVE-2007-1798 AIXAPAR AIXAPAR AIXAPAR FRSIRT XF | ||
| IBM -- Tivoli Provisioning Manager OS Deployment | The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp. |
| 10.0 | CVE-2007-1868 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
| ImageMagick -- ImageMagick | Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667. |
| 10.0 | CVE-2007-1797 IDEFENSE OTHER-REF | ||
| Inconnueteam -- eCal | SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter. |
| 7.0 | CVE-2007-1813 MILW0RM | ||
| IrfanView -- IrfanView | Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file. |
| 10.0 | CVE-2007-1867 MILW0RM BID FRSIRT SECUNIA | ||
| JCcorp -- URLshrink | JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-1795 OTHER-REF BID XF | ||
| JCcorp -- URLshrink | Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact. |
| 7.0 | CVE-2007-1796 OTHER-REF | ||
| JSBoard -- JSBoard | Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019. |
| 7.0 | CVE-2007-1842 MILW0RM OTHER-REF BID FRSIRT | ||
| Kaotik -- Kshop | SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-1810 MILW0RM | ||
| Kaqoo -- Kaqoo Auction Software | Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. (5) login.inc.php, (6) request.inc.php, and (7) categories.inc.php in include/core/; (8) save.inc.php, (9) preview.inc.php, (10) edit_item.inc.php, (11) new_item.inc.php, and (12) item_info.inc.php in include/display/item/; (13) search.inc.php, (14) item_edit.inc.php, (15) register_succsess.inc.php, (16) context_menu.inc.php, (17) item_repost.inc.php, (18) balance.inc.php, (19) featured.inc.php, (20) user.inc.php, (21) buynow.inc.php, (22) install_complete.inc.php, (23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php, (29) add_bid.inc.php, (30) items_filter.inc.php, (31) my_info.inc.php, (32) register.i! nc.php, (33) leave_feedback.inc.php, and (34) user_auctions.inc.php in include/display/; and (35) design/form.inc.php, (36) processor.inc.php, (37) interfaces.inc.php (38) left_menu.inc.php, (39) login.inc.php, and (40) categories.inc.php in include/. |
| 8.0 | CVE-2007-1790 MILW0RM SECUNIA | ||
| Kaspersky Lab -- Kaspersky Internet Security Kaspersky Lab -- Kaspersky Anti-Virus | Heap-based buffer overflow in the arj.ppl module in the OnDemand Scanner in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to execute arbitrary code via crafted ARJ archives. |
| 10.0 | CVE-2007-0445 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Kaspersky Lab -- Kaspersky Internet Security Kaspersky Lab -- Kaspersky Anti-Virus | Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the (1) DeleteFile, (2) StartBatchUploading, (3) StartStrBatchUploading, or (4) StartUploading methods. |
| 10.0 | CVE-2007-1112 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Lykoszine -- Lykos Reviews Module | SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action. |
| 7.0 | CVE-2007-1817 MILW0RM | ||
| MailDwarf -- MailDwarf | Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2007-1802 OTHER-REF BID FRSIRT SECUNIA XF | ||
| MangoBery CMS -- MangoBery CMS | Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the Site_Path parameter to (1) boxes/quotes.php or (2) templates/mangobery/footer.sample.php. |
| 7.0 | CVE-2007-1837 MILW0RM OTHER-REF SECUNIA | ||
| Microsoft -- Windows 2000 Microsoft -- Windows XP | The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability." |
| 7.0 | CVE-2006-5586 MS | ||
| Microsoft -- Windows 2000 | The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer. |
| 7.0 | CVE-2007-1213 MS | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows Vista Microsoft -- Windows XP | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via certain "color-related parameters" in crafted images. |
| 7.0 | CVE-2007-1215 MS | ||
| Mozilla -- Mozilla | The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. |
| 10.0 | CVE-2007-1794 SUNALERT FRSIRT SECUNIA | ||
| myXOOPS -- debaser | SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. |
| 7.0 | CVE-2007-1805 MILW0RM | ||
| Nortel -- Meridian Mail Nortel -- CallPilot | Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| 8.0 | CVE-2007-1820 OTHER-REF CERT-VN | ||
| PEAK XOOPS -- myAlbum-P | SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| 7.0 | CVE-2007-1807 MILW0RM | ||
| Photography-on-the-net -- Exhibit Engine 2 | Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2006-7184 BID | ||
| PHP -- PHP | Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via crafted Wireless Bitmap (WBMP) images. |
| 8.0 | CVE-2007-1001 OTHER-REF OTHER-REF FRSIRT XF | ||
| PHP -- PHP | Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. |
| 7.0 | CVE-2007-1825 OTHER-REF BID | ||
| PHP-Fusion -- Expanded Calendar Module | SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. |
| 7.0 | CVE-2007-1845 BUGTRAQ BID SECUNIA | ||
| Really Simple PHP and Ajax -- Really Simple PHP and Ajax | Multiple directory traversal vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the __class parameter to (1) Controller_v4.php or (2) Controller_v5.php. |
| 7.0 | CVE-2007-1851 MILW0RM OTHER-REF FRSIRT SECUNIA | ||
| Red Mexico -- RM+Soft Gallery | SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter. |
| 7.0 | CVE-2007-1806 MILW0RM | ||
| sBLOG -- sBLOG | Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php. |
| 7.0 | CVE-2007-1801 MILW0RM BID XF | ||
| Softerra -- Time-Assistant | Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. |
| 8.0 | CVE-2007-1787 MILW0RM OTHER-REF BID | ||
| Sprint -- Sprint Voice | Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| 10.0 | CVE-2007-1821 CERT-VN | ||
| Symantec -- Norton Personal Firewall | SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. |
| 7.0 | CVE-2007-1793 OTHER-REF SECUNIA | ||
| T-Mobile -- Voice Mail Systems | T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID). |
| 10.0 | CVE-2007-1823 CERT-VN | ||
| Web-APP.net -- Web-APP.net | Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer. |
| 7.0 | CVE-2006-7189 OTHER-REF OTHER-REF | ||
| Web-APP.net -- Web-APP.net | Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc. |
| 7.0 | CVE-2006-7190 OTHER-REF OTHER-REF | ||
| Web-APP.net -- WebAPP | Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "[having] other [security] issues too, not as bad as letting users take over your admin account, but bad too." |
| 7.0 | CVE-2007-1829 OTHER-REF | ||
| Web-APP.org -- WebAPP | Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something overlooked in the original that was still overlooked in the patch", and possibly related to copying files to the user-lib and the "XSS and cookies exploit." |
| 7.0 | CVE-2007-1830 OTHER-REF | ||
| WebAsyst LLC -- Shop-Script | Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105. |
| 7.0 | CVE-2007-1855 BUGTRAQ | ||
| Xoops -- Core Module | SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377. |
| 7.0 | CVE-2007-1814 MILW0RM | ||
| Xoops -- Library Module | SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| 7.0 | CVE-2007-1815 MILW0RM | ||
| Xoops -- Tutoriais Module | SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| 7.0 | CVE-2007-1816 MILW0RM | ||
| Xoops -- FriendFinder Module | SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-1838 MILW0RM BID | ||
| Xoops -- Malaika System MyAds Module | SQL injection vulnerability in index.php in the MyAds 2.04jp and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, different vectors than CVE-2006-3341. |
| 7.0 | CVE-2007-1846 MILW0RM BID XF | ||
| Xoops -- Repository Module | SQL injection vulnerability in viewcat.php in the Repository module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| 7.0 | CVE-2007-1847 MILW0RM BID |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Computer Associates -- BrightStor ARCServe Backup | The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request. |
| 4.8 | CVE-2007-1785 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Data Domain -- Data Domain OS | The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands. |
| 6.0 | CVE-2007-1836 BUGTRAQ BID | ||
| Flyspray -- Flyspray | Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. |
| 5.6 | CVE-2007-1788 OTHER-REF SECUNIA | ||
| Flyspray -- Flyspray | Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. |
| 5.6 | CVE-2007-1789 OTHER-REF SECUNIA | ||
| Hitachi -- Groupmax Collaboration Web Client Hitachi -- Groupmax Collaboration Portal Hitachi -- Cosminexus Collaboration Portal Hitachi -- uCosminexus Content Manager Hitachi -- uCosminexus Collaboration Portal | SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 5.6 | CVE-2007-1786 OTHER-REF FRSIRT SECUNIA | ||
| Joris Guisson -- KTorrent | Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384. |
| 4.7 | CVE-2007-1799 OTHER-REF OTHER-REF | ||
| LDAP Account Manager -- LDAP Account Manager | Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program. |
| 4.9 | CVE-2006-7191 OTHER-REF OTHER-REF OTHER-REF | ||
| MailDwarf -- MailDwarf | Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. |
| 5.6 | CVE-2007-1803 OTHER-REF BID FRSIRT SECUNIA XF | ||
| MapLab -- MapLab | PHP remote file inclusion vulnerability in gmapfactory/params.php in MapLab 2.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gszAppPath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-1843 SECUNIA | ||
| Parakey Inc. -- Firebug Firefox Extension | Cross-zone scripting vulnerability in the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as demonstrated via the runFile function. |
| 5.6 | CVE-2007-1878 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| PHP -- PHP | PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. |
| 4.9 | CVE-2007-1835 OTHER-REF BID | ||
| VMWare -- ESX Server | Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows attackers to cause a denial of service (crash), obtain sensitive information, or possibly execute arbitrary code via unspecified vectors. |
| 4.9 | CVE-2007-1270 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Cisco -- Unified Presence Server Cisco -- Unified CallManager | Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. |
| 3.3 | CVE-2007-1826 CISCO BID SECTRACK SECUNIA | ||
| Cisco -- Unified CallManager | The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. |
| 2.3 | CVE-2007-1833 CISCO BID SECTRACK SECUNIA | ||
| Cisco -- Unified Presence Server Cisco -- Unified CallManager | Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. |
| 3.3 | CVE-2007-1834 CISCO BID SECTRACK SECUNIA | ||
| Drake Team -- Drake CMS | Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." |
| 1.9 | CVE-2007-1848 BUGTRAQ BID XF | ||
| Drake Team -- Drake CMS | Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." |
| 2.3 | CVE-2007-1850 BUGTRAQ XF | ||
| Hitachi -- JP1-HiCommand Tuning Manager Hitachi -- JP1-HiCommand Replication Monitor Hitachi -- JP1-HiCommand DeviceManager Hitachi -- JP1-HiCommand Global Link Availability Manager Hitachi -- JP1-HiCommand Tiered Storage Manager | Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors. |
| 2.3 | CVE-2007-1853 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Hitachi -- uCosminexus Service Architect Hitachi -- uCosminexus Developer Hitachi -- Electronic Form Workflow Hitachi -- uCosminexus ERP Integrator Hitachi -- uCosminexus Application Server Hitachi -- Cosminexus Component Container Hitachi -- uCosminexus Service Platform | Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in uCosminexus Application Server Enterprise and Standard; uCosminexus Service Platform; uCosminexus Developer Standard and Professional; uCosminexus Service Architect; Electronic Form Workflow Standard Set, Professional Library Set, and Developer Client Set; and uCosminexus ERP Integrator, does not properly manage session information, which has an unspecified impact related to "unintended other requests." |
| 2.3 | CVE-2007-1854 OTHER-REF BID FRSIRT SECUNIA XF | ||
| LDAP Account Manager -- LDAP Account Manager | lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). |
| 1.9 | CVE-2007-1840 OTHER-REF OTHER-REF | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Microsoft Windows 2000 SP4; XP SP2; and Server 2003 Gold, SP1, and SP2 allows user-assisted remote attackers to cause a denial of service (system restart) via a crafted Windows Metafile (WMF) image. |
| 2.7 | CVE-2007-1211 MS XF | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows Vista Microsoft -- Windows XP | Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile (EMF) image format file. |
| 3.4 | CVE-2007-1212 MS | ||
| PHP -- PHP | Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character. |
| 3.3 | CVE-2007-1824 OTHER-REF BID | ||
| PulseAudio -- PulseAudio | PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file. |
| 3.3 | CVE-2007-1804 OTHER-REF OTHER-REF XF | ||
| Qt -- Qt | The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. |
| 1.9 | CVE-2007-0242 OTHER-REF OTHER-REF | ||
| VMWare -- ESX Server | Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow attackers to gain privileges or cause a denial of service (application crash) via unspecified vectors. |
| 3.4 | CVE-2007-1271 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Web-APP.net -- WebAPP | cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927. |
| 2.3 | CVE-2006-7186 OTHER-REF | ||
| Web-APP.net -- WebAPP | Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. |
| 1.9 | CVE-2006-7187 OTHER-REF OTHER-REF | ||
| Web-APP.net -- Web-APP.net | The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. |
| 3.3 | CVE-2006-7188 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters." |
| 3.4 | CVE-2007-1827 OTHER-REF OTHER-REF VIM FRSIRT SECUNIA | ||
| Web-APP.org -- WebAPP | Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms. |
| 1.1 | CVE-2007-1828 OTHER-REF OTHER-REF VIM FRSIRT SECUNIA | ||
| Web-APP.org -- WebAPP | web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING. |
| 3.4 | CVE-2007-1831 OTHER-REF OTHER-REF VIM FRSIRT SECUNIA | ||
| Web-APP.org -- WebAPP | web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms." |
| 1.9 | CVE-2007-1832 OTHER-REF OTHER-REF VIM FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.