Vulnerability Summary for the Week of April 16, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
3proxy -- 3proxy | Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests. |
| 10.0 | CVE-2007-2031 OTHER-REF | ||
Actionpoll -- Actionpoll | Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297. |
| 7.0 | CVE-2007-2064 BUGTRAQ BID BID | ||
Actionpoll -- Actionpoll | PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2065 BID | ||
Adobe -- Flash Player Opera Software -- Opera Web Browser | Unspecified vulnerability in the Adobe Macromedia Flash Player 7.x and 9.x plug-in on Opera before 9.20, when running on Linux, Solaris, or FreeBSD platforms, has unspecified impact and remote attack vectors. |
| 7.0 | CVE-2007-2022 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Aircrack-ng -- airodump-ng | Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets. |
| 10.0 | CVE-2007-2057 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
AjPortal2Php -- AjPortal2Php | Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/. |
| 7.0 | CVE-2007-2142 MILW0RM FRSIRT | ||
Akamai Technologies -- Download Manager | Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count. |
| 10.0 | CVE-2007-1891 IDEFENSE BUGTRAQ BID | ||
Akamai Technologies -- Download Manager | Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891. |
| 10.0 | CVE-2007-1892 BUGTRAQ BID | ||
Anthologia -- Anthologia | PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter. |
| 7.0 | CVE-2007-2094 MILW0RM BID | ||
Antonis Ventouris -- Weather Module | PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. |
| 7.0 | CVE-2007-2044 MILW0RM FRSIRT | ||
APOP Protocol -- APOP Protocol | The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail. |
| 7.0 | CVE-2007-1558 BUGTRAQ | ||
Avant-Garde Solutions -- MOSMedia | Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php. |
| 7.0 | CVE-2007-2043 MILW0RM BID FRSIRT | ||
BonoEstente -- Joomla Template Be2004-2 | PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2007-2143 MILW0RM | ||
Cabron Connector -- Cabron Connector | PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter. |
| 7.0 | CVE-2007-2154 MILW0RM BID FRSIRT | ||
Cisco -- Wireless Control System | Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. |
| 7.0 | CVE-2007-2032 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
Cisco -- Wireless LAN Controller | The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. |
| 10.0 | CVE-2007-2036 CISCO BID FRSIRT SECTRACK XF | ||
Clam Anti-Virus -- ClamAV | Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. |
| 7.0 | CVE-2007-1997 IDEFENSE OTHER-REF BID FRSIRT SECUNIA XF SECTRACK | ||
eIQnetworks -- Enterprise Security Analyzer | Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command. |
| 10.0 | CVE-2007-2059 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
FAC Guestbook -- FAC Guestbook | FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb. |
| 10.0 | CVE-2007-2100 BUGTRAQ BID SECUNIA XF | ||
FAC Guestbook -- FAC Guestbook | FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-2101 BID SECUNIA XF | ||
Franklin Huang -- Flip-search-add-on | PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. |
| 7.0 | CVE-2007-2140 BUGTRAQ | ||
Hinton Design -- PHPHD Download System | PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter. NOTE: this issue may be present in versions from 2006. |
| 7.0 | CVE-2007-2096 BUGTRAQ | ||
Ivan Gallery Script -- Ivan Gallery Script | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use. |
| 7.0 | CVE-2007-2072 BUGTRAQ VIM BID | ||
Ivan Gallery Script -- Ivan Gallery Script | PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session. |
| 7.0 | CVE-2007-2073 VIM | ||
iXon CMS -- iXon CMS | Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme_url parameter to (1) index.php, (2) page.php, (3) search.php, (4) single.php, and (5) archives.php. |
| 7.0 | CVE-2007-2104 BUGTRAQ XF | ||
JoomlaPack -- JoomlaPack | PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2007-2144 MILW0RM FRSIRT | ||
Kai Content Management System -- Kai Content Management System | Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the current_theme parameter. |
| 7.0 | CVE-2007-2106 BUGTRAQ XF | ||
Kooijman-Design -- jGallery | PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. |
| 7.0 | CVE-2007-2158 MILW0RM FRSIRT | ||
LANDesk Software -- LANDesk Management Suite | Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP. |
| 10.0 | CVE-2007-1674 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Limesoft -- Limesoft Guestbook | Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2092 FRSIRT | ||
Limesoft -- Limesoft Guestbook | Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter. |
| 7.0 | CVE-2007-2093 BUGTRAQ MILW0RM BID FRSIRT SECUNIA XF | ||
Maian -- Search | PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." |
| 7.0 | CVE-2007-2077 BUGTRAQ BUGTRAQ VIM | ||
McAfee -- VirusScan Enterprise | Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters. |
| 8.0 | CVE-2007-2152 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Microsoft -- Windows 2003 Microsoft -- Windows 2000 | Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via via a long zone name containing character constants represented by escape sequences. |
| 10.0 | CVE-2007-1748 OTHER-REF OTHER-REF CERT-VN SECUNIA OTHER-REF CERT BID FRSIRT SECTRACK XF | ||
MiniGal -- MiniGal | The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2145 MILW0RM FRSIRT | ||
MiniGal -- MiniGal | The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2146 FRSIRT | ||
Monkey CMS -- Monkey CMS | Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the admin_skin parameter. |
| 7.0 | CVE-2007-2105 BUGTRAQ XF | ||
my little homepage -- My Little Weblog | Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087. |
| 7.0 | CVE-2007-2102 BUGTRAQ | ||
my little homepage -- my little forum | Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php. |
| 7.0 | CVE-2007-2103 BUGTRAQ | ||
MyBlog -- MyBlog | MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php. |
| 7.0 | CVE-2007-2081 BUGTRAQ BID | ||
MySpeach -- MySpeach | PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498. |
| 7.0 | CVE-2007-2095 BUGTRAQ | ||
Openads -- Openads | Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2046 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Openads -- Openads | CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2047 OTHER-REF FRSIRT | ||
OpenConcept -- Back-End CMS | Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076. |
| 7.0 | CVE-2007-2097 BUGTRAQ XF | ||
OpenConcept -- Back-End CMS | Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter. |
| 7.0 | CVE-2007-2099 BUGTRAQ XF | ||
openMairie -- openMairie | Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter. |
| 7.0 | CVE-2007-2069 MILW0RM BID | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Core RDBMS component Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. |
| 7.0 | CVE-2007-2108 OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5 and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. |
| 7.0 | CVE-2007-2110 OTHER-REF | ||
Oracle -- Oracle Database | SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. |
| 7.0 | CVE-2007-2113 OTHER-REF | ||
Oracle -- Oracle Application Server Oracle -- Oracle Database | Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. |
| 7.0 | CVE-2007-2119 OTHER-REF OTHER-REF | ||
Oracle -- Oracle Application Server | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. |
| 7.0 | CVE-2007-2123 OTHER-REF | ||
Oracle -- Oracle Application Server | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05. |
| 7.0 | CVE-2007-2124 OTHER-REF | ||
Oracle -- E-Business Suite | Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02). |
| 7.0 | CVE-2007-2126 OTHER-REF | ||
Oracle -- E-Business Suite | Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), and Applications Manager (APPS10). |
| 7.0 | CVE-2007-2127 OTHER-REF | ||
Oracle -- Enterprise Manager | Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01. |
| 7.0 | CVE-2007-2129 OTHER-REF | ||
Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01. |
| 7.0 | CVE-2007-2131 OTHER-REF | ||
Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02. |
| 7.0 | CVE-2007-2132 OTHER-REF | ||
Oracle -- PeopleSoft Enterprise | Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01. |
| 7.0 | CVE-2007-2133 OTHER-REF | ||
PhpWiki -- PhpWiki | Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. |
| 7.0 | CVE-2007-2025 MLIST OTHER-REF | ||
Rezervi Generic -- Rezervi Generic | Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/. |
| 7.0 | CVE-2007-2156 MILW0RM FRSIRT | ||
Rha7 Downloads -- Rha7 Downloads | SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2107 FRSIRT | ||
Secustick -- Secustick USB flash drive | USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function. |
| 7.0 | CVE-2007-2023 OTHER-REF OTHER-REF | ||
ShoutPro -- ShoutPro | Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter. |
| 7.0 | CVE-2007-2141 BUGTRAQ MILW0RM BID FRSIRT | ||
SiteBar -- SiteBar | Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parametere to index.php and the (2) file parameter to Integrator.php. |
| 7.0 | CVE-2007-2088 BUGTRAQ XF | ||
Stephen Craton -- Chatness | admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests. |
| 10.0 | CVE-2007-2147 BUGTRAQ FRSIRT SECUNIA | ||
Stephen Craton -- Chatness | Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. |
| 10.0 | CVE-2007-2149 BUGTRAQ FRSIRT SECUNIA | ||
Sun -- Solaris Sun -- Java Web Console x86 Sun -- Java Web Console | Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. |
| 10.0 | CVE-2007-1681 BUGTRAQ OTHER-REF SUNALERT BID FRSIRT | ||
Tsdisplay4xoops -- Tsdisplay4xoops | PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter. |
| 7.0 | CVE-2007-2091 MILW0RM BID FRSIRT | ||
TuMusika Evolution -- TuMusika Evolution | Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 7.0 | CVE-2007-2090 BUGTRAQ FRSIRT SECUNIA XF | ||
Turnkey Web Tools -- SunShop Shopping Cart | Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 3.5 and 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php. |
| 7.0 | CVE-2007-2070 MILW0RM BID | ||
VCDGear -- VCDGear | Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file. |
| 8.0 | CVE-2007-2062 BUGTRAQ MILW0RM BID SECUNIA XF | ||
Wabbit -- Wabbit PHP Gallery | Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters. |
| 7.0 | CVE-2007-2098 BUGTRAQ | ||
WebSlider -- WebSlider | Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php. |
| 7.0 | CVE-2007-2067 MILW0RM FRSIRT XF | ||
XAMPP -- Apache Distribution | The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP. |
| 10.0 | CVE-2007-2079 MILW0RM BID XF | ||
XAMPP -- Apache Distribution | Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. |
| 7.0 | CVE-2007-2080 MILW0RM |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
@Mail -- @Mail | Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| 5.6 | CVE-2007-2153 BUGTRAQ OTHER-REF BID XF | ||
Apache Software Foundation -- Apache HTTP Server | Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." |
| 5.6 | CVE-2007-1741 IDEFENSE MLIST MLIST BID SECTRACK XF | ||
Avant-Garde Solutions -- MOSMedia | Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-2042 FRSIRT | ||
Cisco -- Wireless Control System | Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. |
| 4.2 | CVE-2007-2033 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
Cisco -- Wireless Control System | Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, does not related to the group membership of user accounts, aka Bug ID CSCsg05190. |
| 6.0 | CVE-2007-2034 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
Cisco -- Wireless LAN Controller | Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. |
| 5.6 | CVE-2007-2040 CISCO BID FRSIRT SECTRACK XF | ||
CNStats -- CNStats | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/. |
| 5.6 | CVE-2007-2086 MILW0RM BID SECUNIA XF | ||
CNStats -- CNStats | Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-2087 SECUNIA | ||
Jx Development -- Article Component | Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/. |
| 5.6 | CVE-2007-2089 MILW0RM BID FRSIRT XF | ||
Macrovision -- InstallAnywhere | Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file. |
| 4.9 | CVE-2007-1009 BUGTRAQ OTHER-REF BID FRSIRT | ||
Maian -- Gallery | PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." |
| 5.6 | CVE-2007-2076 BUGTRAQ BUGTRAQ VIM XF | ||
Maian -- Weblog | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use. |
| 5.6 | CVE-2007-2078 BUGTRAQ VIM | ||
Mambo -- Mambo Calendar | Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. |
| 5.6 | CVE-2007-2049 MILW0RM BID | ||
MobilePublisherPHP -- MobilePublisherPHP | PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. |
| 5.6 | CVE-2007-2084 BUGTRAQ XF | ||
MyBlog -- MyBlog | Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. |
| 4.2 | CVE-2007-2082 BUGTRAQ | ||
oe2edit -- oe2edit CMS | Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| 5.6 | CVE-2007-2085 OTHER-REF BID FRSIRT SECUNIA | ||
Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). |
| 4.2 | CVE-2007-2109 OTHER-REF | ||
Oracle -- Oracle Database | SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitraary SQL commands via unknown vectors, aka DB04. |
| 4.2 | CVE-2007-2111 OTHER-REF OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05. |
| 4.9 | CVE-2007-2112 OTHER-REF | ||
Oracle -- Oracle Database | Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. |
| 4.2 | CVE-2007-2114 OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. |
| 4.9 | CVE-2007-2115 OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5, 9.2.0.7, and 10.2.0.1 has unknown impact and attack vectors, aka DB10. |
| 4.9 | CVE-2007-2116 OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.5 has unknown impact and attack vectors, aka DB12. |
| 4.9 | CVE-2007-2117 OTHER-REF | ||
Oracle -- Oracle Database | Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13. |
| 4.9 | CVE-2007-2118 OTHER-REF | ||
Oracle -- Oracle Application Server | Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. |
| 4.9 | CVE-2007-2121 OTHER-REF | ||
Oracle -- Oracle Application Server | Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03. |
| 4.9 | CVE-2007-2122 OTHER-REF | ||
Oracle -- Collaboration Suite | Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01. |
| 4.9 | CVE-2007-2125 OTHER-REF | ||
Oracle -- E-Business Suite | Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08. |
| 4.2 | CVE-2007-2128 OTHER-REF | ||
Oracle -- Collaboration Suite Oracle -- E-Business Suite Oracle -- Oracle Application Server Oracle -- Oracle Database Server | Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. |
| 4.2 | CVE-2007-2130 OTHER-REF | ||
Oracle -- JD Edwards EnterpriseOne | Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01. |
| 4.9 | CVE-2007-2134 OTHER-REF | ||
PhpWiki -- PhpWiki | Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension. |
| 5.6 | CVE-2007-2024 BUGTRAQ BUGTRAQ BUGTRAQ MLIST CERT-VN SECUNIA FRSIRT | ||
PicoZip -- PicoZip | Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive. |
| 5.6 | CVE-2007-2058 OTHER-REF BID FRSIRT SECUNIA XF | ||
Republique Francaise -- Agora | PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter. |
| 5.6 | CVE-2006-7194 BUGTRAQ MILW0RM OTHER-REF XF | ||
ScramDisk 4 Linux -- ScramDisk 4 Linux | Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers. |
| 4.9 | CVE-2007-2074 OTHER-REF BID FRSIRT SECUNIA | ||
ScramDisk 4 Linux -- ScramDisk 4 Linux | ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container. |
| 5.6 | CVE-2007-2075 OTHER-REF BID FRSIRT SECUNIA | ||
Second Sight Software -- ActiveGS | Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-1690 CERT-VN | ||
Second Sight Software -- ActiveMod | Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-1691 CERT-VN | ||
Stephen Craton -- Chatness | Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers. |
| 4.2 | CVE-2007-2148 BUGTRAQ FRSIRT SECUNIA | ||
StoreFront for Gallery -- StoreFront for Gallery | Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php. |
| 5.6 | CVE-2007-2068 MILW0RM BID | ||
Wizz Computers -- Wizz RSS Reader | Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM. |
| 5.6 | CVE-2007-2060 OTHER-REF CERT-VN | ||
Zone Labs -- ZoneAlarm Pro | vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions. |
| 5.6 | CVE-2007-2083 BUGTRAQ OTHER-REF XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AfterLogic -- MailBee WebMail Pro | Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| 1.9 | CVE-2007-2061 BUGTRAQ OTHER-REF BID XF | ||
AMaViS -- AMaViS Gentoo -- Gentoo Security | The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS. |
| 3.3 | CVE-2007-2026 OTHER-REF OTHER-REF | ||
Apache Software Foundation -- Apache HTTP Server | suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE. |
| 3.9 | CVE-2007-1743 IDEFENSE MLIST MLIST SECTRACK | ||
bftpd -- bftpd | Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable. |
| 2.3 | CVE-2007-2051 OTHER-REF FRSIRT | ||
BlueArc -- Titan | BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. |
| 3.3 | CVE-2007-2150 BUGTRAQ BID | ||
chCounter -- chCounter | Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/. |
| 1.9 | CVE-2007-1871 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
Cisco -- Wireless Control System | Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. |
| 3.3 | CVE-2007-2035 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
Cisco -- Wireless LAN Controller | Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. |
| 1.9 | CVE-2007-2037 CISCO BID FRSIRT SECTRACK XF | ||
Cisco -- 2000 Series Wireless LAN Controller Cisco -- 2100 Series Wireless LAN Controller Cisco -- 4100 Series Wireless LAN Controller Cisco -- 4400 Series Wireless LAN Controller | The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. |
| 3.3 | CVE-2007-2038 CISCO BID FRSIRT SECTRACK XF | ||
Cisco -- Wireless LAN Controller | The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. |
| 3.3 | CVE-2007-2039 CISCO BID FRSIRT SECTRACK XF | ||
Cisco -- 4400 Series Wireless LAN Controller Cisco -- 2100 Series Wireless LAN Controller | Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. |
| 3.7 | CVE-2007-2041 CISCO BID FRSIRT SECTRACK XF | ||
Clam Anti-Virus -- ClamAV ifenslave -- ifenslave | The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information. |
| 2.7 | CVE-2007-1745 OTHER-REF BID FRSIRT SECUNIA XF | ||
Elinks -- Elinks | Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 adds "../po" to the search path for .po files, which might allow local users to cause Elinks to use an untrusted gettext message catalog, which can be leveraged to conduct format string attacks. |
| 3.9 | CVE-2007-2027 OTHER-REF OTHER-REF | ||
FreeRADIUS -- FreeRADIUS | Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures. |
| 2.3 | CVE-2007-2028 OTHER-REF MANDRIVA BID FRSIRT SECUNIA SECUNIA | ||
lighttpd -- lighttpd | lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption. |
| 2.3 | CVE-2007-1869 OTHER-REF FRSIRT SECUNIA | ||
lighttpd -- lighttpd | lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference. |
| 3.3 | CVE-2007-1870 OTHER-REF FRSIRT SECUNIA | ||
McAfee -- e-Business Server | The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read. |
| 3.3 | CVE-2007-2151 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Mephisto -- Mephisto | Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script. |
| 1.9 | CVE-2007-1873 BUGTRAQ BUGTRAQ OTHER-REF FRSIRT | ||
Open-gorotto -- Open-gorotto | Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/. |
| 1.9 | CVE-2007-2071 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT | ||
Oracle -- Oracle Application Server | The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP commmand in a request that uses the database/TNS alias. |
| 3.3 | CVE-2007-2120 OTHER-REF OTHER-REF | ||
Paul Vixie -- Vixie Cron | Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. |
| 1.6 | CVE-2007-1856 GENTOO BID | ||
phpFaber -- TopSites | Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/index.php. |
| 3.3 | CVE-2007-2155 BUGTRAQ OTHER-REF VIM BID XF | ||
Python Software Foundation -- Python | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. |
| 3.3 | CVE-2007-2052 OTHER-REF OTHER-REF | ||
Red Hat -- Red Hat Fedora Core Red Hat -- Red Hat Enterprise Linux | lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked. |
| 2.3 | CVE-2007-2030 OTHER-REF | ||
RicarGBooK -- RicarGBooK | Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter. |
| 2.3 | CVE-2007-2050 MILW0RM SECUNIA BID FRSIRT XF | ||
SSH Communications Security -- SSH Tectia Server | SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact. |
| 3.9 | CVE-2007-2063 OTHER-REF BID SECTRACK SECUNIA | ||
Sun -- Solaris | Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments. |
| 2.3 | CVE-2007-2045 SUNALERT FRSIRT SECTRACK SECUNIA XF | ||
Toenda Software Development -- toendaCMS | Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id. |
| 1.9 | CVE-2007-1872 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
UseBB -- UseBB | UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message. |
| 2.3 | CVE-2007-2066 OTHER-REF OTHER-REF SECUNIA | ||
webMethods -- Glue | Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter. |
| 2.3 | CVE-2007-2048 BUGTRAQ OTHER-REF BID FRSIRT | ||
Zomplog -- Zomplog | Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 3.3 | CVE-2007-2157 MILW0RM FRSIRT |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.