Vulnerability Summary for the Week of April 9, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
ACD Systems -- ACDSee Photo Manager | Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp. |
| 8.0 | CVE-2007-1943 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
AlstraSoft -- Video Share Enterprise | siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request. |
| 7.0 | CVE-2007-2017 OTHER-REF BID FRSIRT SECUNIA | ||
ArchiveXpert -- ArchiveXpert | Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file. |
| 7.0 | CVE-2007-1954 OTHER-REF SECUNIA | ||
CodeBreak -- CodeBreak | PHP remote file inclusion vulnerability in codebreak.php in CodeBreak allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. |
| 7.0 | CVE-2007-1996 BUGTRAQ | ||
Cyboards -- Cyboards PHP Lite | PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871. |
| 7.0 | CVE-2007-1983 MILW0RM VIM BID XF | ||
Daniel Naber -- LanguageTool | Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message. |
| 7.0 | CVE-2007-1939 OTHER-REF | ||
DropAFew -- DropAFew | Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php. |
| 7.0 | CVE-2007-1363 OTHER-REF OTHER-REF BID SECUNIA | ||
FastStone -- Image Viewer | Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp. |
| 8.0 | CVE-2007-1942 BUGTRAQ OTHER-REF BID SECUNIA | ||
Gazi Okul Sitesi -- Gazi Okul Sitesi | SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string. |
| 7.0 | CVE-2007-1971 BUGTRAQ BID | ||
HIOX INDIA -- Guest Book | Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php. |
| 7.0 | CVE-2007-1998 MILW0RM | ||
holaCMS -- holaCMS | Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter. |
| 7.0 | CVE-2007-1977 OTHER-REF SECUNIA | ||
HP -- Portable File System | Unspecified vulnerability in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to gain privileges via unspecified vectors. |
| 7.0 | CVE-2007-1993 HP BID FRSIRT SECTRACK SECUNIA | ||
IBM -- WebSphere Application Server | Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. |
| 7.0 | CVE-2007-1945 OTHER-REF AIXAPAR FRSIRT XF | ||
InoutMailingListManager -- InoutMailingListManager | Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. |
| 7.0 | CVE-2007-2004 MILW0RM | ||
Internet Pictures Corporation -- iPIX Image Well | Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2007-1687 CERT-VN | ||
IrfanView -- IrfanView | Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp. |
| 8.0 | CVE-2007-1948 BUGTRAQ OTHER-REF FRSIRT | ||
LedgerSMB -- LedgerSMB DWS Systems Inc. -- SQL-Ledger | (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. |
| 7.0 | CVE-2007-1923 BUGTRAQ BID | ||
Mambo -- Taskhopper Component Joomla! -- Taskhopper Component | Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. |
| 7.0 | CVE-2007-2005 MILW0RM | ||
MamboXChange -- com_zoom | Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. |
| 7.0 | CVE-2007-1992 MILW0RM BID | ||
Microsoft -- Content Management Server | Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability." |
| 10.0 | CVE-2007-0938 MS | ||
Microsoft -- Windows XP | Unspecified vulnerability in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP requests that trigger memory corruption. |
| 8.0 | CVE-2007-1204 MS | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption. |
| 10.0 | CVE-2007-1205 MS OTHER-REF | ||
Microsoft -- Windows XP | Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp. |
| 10.0 | CVE-2007-1946 BUGTRAQ OTHER-REF BID | ||
MyBB -- MyBB MyBulletinBoard -- MyBulletinBoard | SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775. |
| 7.0 | CVE-2007-1963 BUGTRAQ MILW0RM OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
MyNews -- MyNews | PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. |
| 7.0 | CVE-2007-2014 OTHER-REF FRSIRT | ||
nazarkin.name -- Weatimages | PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. |
| 7.0 | CVE-2007-1999 MILW0RM | ||
Nick Jones -- Topliste Module | SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| 7.0 | CVE-2007-1980 MILW0RM BID FRSIRT XF | ||
NullSoft -- Winamp | LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption. |
| 8.0 | CVE-2007-1921 BUGTRAQ OTHER-REF BID FRSIRT | ||
NullSoft -- Winamp | The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption. |
| 10.0 | CVE-2007-1922 BUGTRAQ BUGTRAQ OTHER-REF BID FRSIRT | ||
Onelook -- oboShop | Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| 7.0 | CVE-2007-1951 BUGTRAQ OTHER-REF | ||
Onelook -- onebyone CMS | Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| 7.0 | CVE-2007-1952 BUGTRAQ OTHER-REF | ||
Onelook -- courts online | Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| 7.0 | CVE-2007-1953 BUGTRAQ OTHER-REF | ||
PHP-Fusion -- Arcade Module | SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. |
| 7.0 | CVE-2007-1978 MILW0RM FRSIRT XF | ||
phpBB -- Mutant | PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-1961 MILW0RM BID | ||
PHPEcho CMS -- PHPEcho CMS | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use. |
| 7.0 | CVE-2007-1987 BUGTRAQ | ||
phpexplorator -- phpexplorator | Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter. |
| 7.0 | CVE-2007-1985 BUGTRAQ | ||
Pineapple Technologies -- Lore | Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4. |
| 7.0 | CVE-2007-2021 BUGTRAQ | ||
pL-PHP -- pL-PHP | Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. |
| 7.0 | CVE-2007-2006 MILW0RM | ||
pL-PHP -- pL-PHP | admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1. |
| 7.0 | CVE-2007-2007 MILW0RM | ||
pL-PHP -- pL-PHP | Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| 7.0 | CVE-2007-2008 MILW0RM | ||
Raphaël Limbach -- Crea-Book | Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. |
| 7.0 | CVE-2007-2000 MILW0RM | ||
Roxio -- CinePlayer | Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via unspecified properties and methods in the SonicDVDDashVRNav.dll ActiveX control. |
| 10.0 | CVE-2007-1559 OTHER-REF FRSIRT SECUNIA | ||
Ryan Haudenschilt -- Battle.Net Clan Script | SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter. |
| 7.0 | CVE-2007-1909 MILW0RM BID | ||
Sam Crew -- MyBlog | PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-1990 FRSIRT | ||
SAP -- RFC Library | Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 7.0 | CVE-2007-1915 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
SAP -- RFC Library | Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 10.0 | CVE-2007-1916 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
SAP -- RFC Library | Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 10.0 | CVE-2007-1917 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Scar4U -- ScarNews | Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter. |
| 7.0 | CVE-2007-1932 MILW0RM FRSIRT | ||
SignKorea -- SKCommAX ActiveX Control | Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-1955 SECUNIA | ||
Smarty -- Smarty | ** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant. |
| 7.0 | CVE-2006-7193 BUGTRAQ BUGTRAQ XF | ||
SmodBIP -- SmodBIP | SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter. |
| 7.0 | CVE-2007-1920 MILW0RM BID XF | ||
SmodCMS -- SmodCMS | SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter. |
| 7.0 | CVE-2007-1931 MILW0RM FRSIRT XF | ||
Tomex -- phpGalleryScript | PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter. |
| 7.0 | CVE-2007-2019 BUGTRAQ VIM | ||
UBBCentral -- UBB.threads | SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter. |
| 7.0 | CVE-2007-1956 BUGTRAQ | ||
WebBlizzard -- Content Management System | Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie. |
| 7.0 | CVE-2007-1949 BUGTRAQ OTHER-REF | ||
WitShare -- WitShare | Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter. |
| 7.0 | CVE-2007-1928 BUGTRAQ BID | ||
XodaGallery -- XodaGallery | ** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion. |
| 7.0 | CVE-2007-2020 BUGTRAQ VIM XF | ||
Xoops -- Rha7 Downloads Module | SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. |
| 7.0 | CVE-2007-1960 MILW0RM BID | ||
Xoops -- WF-Snippets | SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat op action. |
| 7.0 | CVE-2007-1962 MILW0RM XF | ||
Xoops -- Happy Linux XFsection WF-Sections -- WF-Sections Xoops -- ZMagazine | SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php. |
| 7.0 | CVE-2007-1974 MILW0RM MILW0RM MILW0RM OTHER-REF OTHER-REF OTHER-REF VIM BID BID BID FRSIRT FRSIRT FRSIRT XF XF XF | ||
Xoops -- Xoops Virii Info Module | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack. |
| 7.0 | CVE-2007-1976 MILW0RM VIM VIM FRSIRT XF | ||
Xoops -- Xoops PopnupBlog | SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected. |
| 7.0 | CVE-2007-1979 MILW0RM BID FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| 5.6 | CVE-2007-1919 BUGTRAQ BID | |||
Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php. |
| 4.9 | CVE-2007-1933 MILW0RM | |||
AlstraSoft -- Video Share Enterprise | SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| 4.2 | CVE-2007-2018 OTHER-REF BID FRSIRT SECUNIA | ||
Apache Software Foundation -- Apache HTTP Server | Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the vendor has reportedly disputed this issue, stating that "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." |
| 5.6 | CVE-2007-1741 IDEFENSE MLIST MLIST BID SECTRACK XF | ||
Barnraiser -- AROUNDMe | Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533. |
| 5.6 | CVE-2007-1986 MILW0RM BID | ||
Crea-Book -- Crea-Book | Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3. |
| 4.2 | CVE-2007-2001 MILW0RM | ||
Debian -- Debian Linux | Buffer overflow in man and man-db 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. |
| 4.9 | CVE-2006-4250 DEBIAN BID FRSIRT FRSIRT | ||
DreamCodes -- Scorp Book | PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. |
| 5.6 | CVE-2007-1937 MILW0RM FRSIRT | ||
eCardMAX.com -- Hot Editor MyBB -- MyBB Hot Editor Plugin | Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter. |
| 5.6 | CVE-2007-1906 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
Guernion Sylvain Portail -- Web Php | Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/. |
| 5.6 | CVE-2007-1957 BUGTRAQ | ||
InoutMailingListManager -- InoutMailingListManager | InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie. |
| 5.6 | CVE-2007-2002 MILW0RM | ||
InoutMailingListManager -- InoutMailingListManager | InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect. |
| 5.6 | CVE-2007-2003 MILW0RM | ||
JBMC Software -- DirectAdmin | Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. |
| 5.6 | CVE-2007-1926 BUGTRAQ OTHER-REF OTHER-REF SECUNIA | ||
lite-cms -- lite-cms | PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. |
| 5.6 | CVE-2007-1984 BUGTRAQ | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 uses insecure permissions on mapped memory segments, which allows local users to gain privileges. |
| 5.6 | CVE-2007-1206 MS | ||
Microsoft -- Windows Vista | Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure. |
| 5.6 | CVE-2007-1209 BUGTRAQ MS | ||
Microsoft -- Word | Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc. |
| 5.6 | CVE-2007-1910 MILW0RM BID | ||
Microsoft -- Windows NT Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. |
| 5.6 | CVE-2007-1912 MILW0RM BID | ||
Microsoft -- Windows NT | Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206. |
| 5.6 | CVE-2007-1973 BUGTRAQ OTHER-REF | ||
Pathos -- Content Management System | PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. |
| 5.6 | CVE-2007-1907 MILW0RM | ||
PHP-Nuke -- eBoard Module | Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter. |
| 5.6 | CVE-2007-1934 MILW0RM FRSIRT | ||
PHP121 -- PHP121 Instant Messenger | PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function. |
| 5.6 | CVE-2007-1908 MILW0RM | ||
phpContact -- phpContact | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use. |
| 5.6 | CVE-2007-1924 BUGTRAQ VIM | ||
Pineapple Technologies -- QuizShock | Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<". |
| 5.6 | CVE-2007-1905 BUGTRAQ BID | ||
Really Simple PHP and Ajax -- Really Simple PHP and Ajax | Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php. |
| 5.6 | CVE-2007-1982 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
Request It -- Request It | PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. |
| 5.6 | CVE-2007-2015 BUGTRAQ OTHER-REF VIM BID FRSIRT SECUNIA | ||
Sam Crew -- MyBlog | PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter. |
| 5.6 | CVE-2007-1968 BUGTRAQ VIM BID | ||
Scar4U.de -- ScarAdController | PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function. |
| 5.6 | CVE-2007-1935 MILW0RM | ||
Scar4U.de -- ScarAdController | PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter. |
| 5.6 | CVE-2007-1936 MILW0RM | ||
SimpCMS -- SimpCMS | PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. |
| 5.6 | CVE-2007-2009 MILW0RM VIM | ||
Sky Gunning -- MySpeach | PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630. |
| 5.6 | CVE-2007-1895 MILW0RM FRSIRT SECUNIA | ||
SLAED -- Content Management System | Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php. |
| 5.6 | CVE-2007-1975 BUGTRAQ XF | ||
Stat12 -- Stat12 | PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This could be an invalid report. |
| 5.6 | CVE-2007-1967 BUGTRAQ | ||
TinyMUX -- TinyMUX | Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection." |
| 4.9 | CVE-2007-1959 OTHER-REF FRSIRT | ||
Tru-Zone -- NukeET | The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie. |
| 4.2 | CVE-2007-1925 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
WordPress -- WordPress | SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. |
| 4.2 | CVE-2007-1897 MILW0RM OTHER-REF OTHER-REF BID SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Directory traversal vulnerability in downloadpic.php in Beryo 2.0 allows remote atatckers to read arbitrary files via a .. (dot dot) in the chemin parameter. |
| 2.3 | CVE-2007-1929 MILW0RM FRSIRT XF | |||
Adobe -- Bridge | Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors. |
| 3.9 | CVE-2007-1279 OTHER-REF BID FRSIRT SECTRACK | ||
Adobe -- ColdFusion MX | Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/. |
| 3.9 | CVE-2007-1874 OTHER-REF IDEFENSE SECUNIA | ||
AOL -- ICQ AOL -- Instant Messenger | Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation. |
| 1.9 | CVE-2007-1904 IDEFENSE BID | ||
Apple -- AirPort Extreme | The AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1 does not properly enforce password protection of a USB hard drive, which allows remote attackers on the local network to list arbitrary directories. |
| 1.9 | CVE-2007-0734 OTHER-REF APPLE FRSIRT SECUNIA | ||
bftpd -- bftpd | Double-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. NOTE: some of these details are obtained from third party information. |
| 2.0 | CVE-2007-2010 OTHER-REF SECUNIA | ||
cattaDoc -- cattaDoc | Directory traversal vulnerability in download2.php in cattaDoc 2.21 allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter. |
| 3.3 | CVE-2007-1930 MILW0RM FRSIRT XF | ||
DeskPRO -- DeskPRO | Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| 1.9 | CVE-2007-2011 BUGTRAQ BID SECUNIA | ||
DotClear -- DotClear | Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-1989 OTHER-REF OTHER-REF SECUNIA | ||
DropAFew -- DropAFew | DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php; (2) add arbitrary links via links.php; or (3) create arbitrary users via newaccount2.php. |
| 2.3 | CVE-2007-1364 OTHER-REF OTHER-REF BID SECUNIA | ||
exV2 -- Content Management System | Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php. |
| 1.9 | CVE-2007-1965 BUGTRAQ OTHER-REF BID | ||
exV2 -- Content Management System | Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie. |
| 2.3 | CVE-2007-1966 BUGTRAQ OTHER-REF | ||
HP -- HP-UX | Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916. |
| 2.3 | CVE-2007-1994 HP BID SECTRACK | ||
IBM -- Tivoli Business Service Manager | IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. |
| 2.3 | CVE-2007-1940 AIXAPAR BID FRSIRT SECTRACK SECUNIA | ||
IBM -- Lotus Notes | Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. |
| 1.9 | CVE-2007-1941 OTHER-REF OTHER-REF SECTRACK | ||
IBM -- WebSphere Application Server | The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability. |
| 2.3 | CVE-2007-1944 OTHER-REF FRSIRT | ||
Ichitaro -- Ichitaro | Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact, possibly cross-site scripting (XSS), via unspecified vectors in a document distributed through e-mail or a web site. |
| 1.9 | CVE-2007-1938 OTHER-REF FRSIRT SECUNIA | ||
IPsec-Tools -- IPsec-Tools | The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. |
| 2.3 | CVE-2007-1841 MLIST OTHER-REF FRSIRT SECUNIA | ||
JEX-Treme -- Einfacher Passworschutz | Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 1.9 | CVE-2007-2013 OTHER-REF FRSIRT | ||
Linux -- Kernel | The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum. |
| 3.3 | CVE-2007-1357 OTHER-REF OTHER-REF BID SECUNIA | ||
Metamod-P -- Metamod-P | The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command. |
| 3.3 | CVE-2007-1981 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Microsoft -- .NET Framework | Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. |
| 1.9 | CVE-2006-7192 BUGTRAQ OTHER-REF OTHER-REF BID | ||
Microsoft -- Content Management Server | Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability" |
| 1.9 | CVE-2007-0939 MS | ||
Microsoft -- Word | Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow. |
| 2.7 | CVE-2007-1911 MILW0RM | ||
MimarSinan -- CompreXX | Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. |
| 3.7 | CVE-2007-2012 OTHER-REF BID FRSIRT SECUNIA | ||
Mozilla -- Firefox | Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks. |
| 2.3 | CVE-2007-1970 BUGTRAQ | ||
MyBB -- MyBB MyBulletinBoard -- MyBulletinBoard | member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output. |
| 3.4 | CVE-2007-1964 BUGTRAQ | ||
Parakey Inc. -- Firebug | Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878. |
| 1.1 | CVE-2007-1947 BUGTRAQ OTHER-REF OTHER-REF | ||
PHP -- PHP | CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string. |
| 2.3 | CVE-2007-1900 OTHER-REF BID SECUNIA | ||
PHPEcho CMS -- PHPEcho CMS | Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 1.9 | CVE-2007-1988 BUGTRAQ | ||
phpMyAdmin -- phpMyAdmin | Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. |
| 1.9 | CVE-2007-2016 BUGTRAQ | ||
Quagga -- Quagga Routing Software Suite | bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. |
| 2.7 | CVE-2007-1995 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
Sam Crew -- MyBlog | Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 1.9 | CVE-2007-1969 BUGTRAQ | ||
SAP -- RFC Library | The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 2.3 | CVE-2007-1913 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
SAP -- RFC Library | The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 3.3 | CVE-2007-1914 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
SAP -- RFC Library | The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| 2.3 | CVE-2007-1918 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Sky Gunning -- MySpeach | Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie. |
| 3.7 | CVE-2007-1896 MILW0RM FRSIRT SECUNIA | ||
TinyMUX -- TinyMUX | Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2007-1958 OTHER-REF FRSIRT | ||
WebBlizzard -- Content Management System | Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter. |
| 1.9 | CVE-2007-1950 BUGTRAQ OTHER-REF | ||
WordPress -- WordPress | xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post." |
| 3.4 | CVE-2007-1893 OTHER-REF OTHER-REF SECUNIA XF | ||
WordPress -- WordPress | Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function. |
| 1.9 | CVE-2007-1894 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
YoungZSoft -- CMailServer | Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter. |
| 1.9 | CVE-2007-1927 BUGTRAQ BID | ||
YoungZSoft -- CMailServer | Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. |
| 1.9 | CVE-2007-1991 BID SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.