Vulnerability Summary for the Week of April 23, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
ABC-View -- ABC-View Manager | Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. |
| 8.0 | CVE-2007-2284 MILW0RM BID FRSIRT SECUNIA XF | ||
ACDSee -- ACDSee ACDSee -- Photo Editor ACDSee -- ACDSee Pro | Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. |
| 8.0 | CVE-2007-2193 MILW0RM FRSIRT SECUNIA BID XF | ||
Adobe -- Photoshop | Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. |
| 8.0 | CVE-2007-2244 MILW0RM BID FRSIRT SECUNIA XF | ||
Advanced Webhost Billing System -- Advanced Webhost Billing System | PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter. |
| 7.0 | CVE-2007-2272 MILW0RM BID XF | ||
AimStats -- AimStats | Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action. |
| 7.0 | CVE-2007-2167 MILW0RM FRSIRT OTHER-REF BID SECUNIA XF | ||
Alessandro Lulli -- wavewoo | PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. |
| 7.0 | CVE-2007-2273 MILW0RM SECUNIA BID FRSIRT | ||
Alexscriptengine -- Download-Engine | Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW. |
| 7.0 | CVE-2007-2255 BUGTRAQ XF | ||
Alexscriptengine -- Download-Engine | PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW. |
| 7.0 | CVE-2007-2289 BUGTRAQ | ||
Antonio Da Cruz -- Photofiltre Studio | Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file. |
| 8.0 | CVE-2007-2192 MILW0RM BID FRSIRT SECUNIA XF | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." |
| 7.0 | CVE-2007-0725 OTHER-REF APPLE FRSIRT BID SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. |
| 7.0 | CVE-2007-0729 OTHER-REF APPLE CERT-VN FRSIRT BID SECTRACK SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." |
| 7.0 | CVE-2007-0732 OTHER-REF APPLE FRSIRT BID SECTRACK SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory. |
| 8.0 | CVE-2007-0735 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. |
| 8.0 | CVE-2007-0736 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA XF | ||
Apple -- Mac OS X | Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. |
| 7.0 | CVE-2007-0741 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. |
| 7.0 | CVE-2007-0744 OTHER-REF APPLE BID FRSIRT SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". |
| 10.0 | CVE-2007-0746 OTHER-REF APPLE CERT-VN BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. |
| 7.0 | CVE-2007-0747 OTHER-REF APPLE BID FRSIRT CERT-VN SECTRACK SECUNIA | ||
Apple -- Safari | Unspecified vulnerability in Apple QuickTime, as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. |
| 10.0 | CVE-2007-2175 OTHER-REF OTHER-REF OTHER-REF OTHER-REF SECTRACK XF | ||
Apple -- Quicktime | Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and earlier allows remote attackers to execute arbitrary code via a crafted MOV file. |
| 8.0 | CVE-2007-2295 OTHER-REF BID | ||
Apple -- Quicktime | Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5 and earlier allows remote attackers to execute arbitrary code via a crafted MP4 file. |
| 8.0 | CVE-2007-2296 OTHER-REF BID | ||
Arash -- AudioCMS | Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/. |
| 7.0 | CVE-2007-2301 MILW0RM BID FRSIRT | ||
Asterisk -- Asterisk | Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE. |
| 8.0 | CVE-2007-2293 BUGTRAQ OTHER-REF BID SECTRACK SECUNIA | ||
Autostand Category -- Autostand Category | PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/. |
| 7.0 | CVE-2007-2319 MILW0RM BID FRSIRT XF | ||
Bibtex -- Mase | Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files. |
| 7.0 | CVE-2007-2260 BUGTRAQ | ||
BloofoxCMS -- BloofoxCMS | ** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use. |
| 7.0 | CVE-2007-2311 BUGTRAQ VIM | ||
Built2Go -- PHP Link Portal | PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter. |
| 7.0 | CVE-2007-2286 BUGTRAQ BID | ||
CA -- CleverPath Portal | SQL injection vulnerability in CA Clever Path Portal allows remote attackers to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possiby other vectors. |
| 7.0 | CVE-2007-2230 FULLDISC OTHER-REF | ||
CafeLog -- b2 | Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466. |
| 7.0 | CVE-2007-2290 BUGTRAQ BID | ||
Check Point Software -- ZoneAlarm | The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses. |
| 7.0 | CVE-2007-2174 IDEFENSE BID SECTRACK SECUNIA BUGTRAQ FRSIRT XF | ||
Cisco -- Netflow Collection Engine | Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system. |
| 10.0 | CVE-2007-2282 CISCO BID FRSIRT SECTRACK XF | ||
Computer Associates -- BrightStor ARCserve Backup Computer Associates -- Server Protection Suite Computer Associates -- Business Protection Suite | Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785. |
| 10.0 | CVE-2007-2139 BUGTRAQ OTHER-REF OTHER-REF BID CERT-VN FRSIRT SECUNIA XF | ||
Comus -- Comus | PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. |
| 7.0 | CVE-2007-2287 BUGTRAQ BID | ||
CoSign -- CoSign | The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter. |
| 7.0 | CVE-2007-2232 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
DCP-Portal -- DCP-Portal | Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php. |
| 7.0 | CVE-2007-2278 BUGTRAQ | ||
DeltaScripts -- PHP Classifieds | PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure. |
| 7.0 | CVE-2007-2254 BUGTRAQ VIM XF | ||
DmCMS -- DmCMS | Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer. |
| 7.0 | CVE-2007-2214 BUGTRAQ BID FRSIRT | ||
Doruk100.net -- Doruk100net | PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. |
| 7.0 | CVE-2007-2288 BUGTRAQ BID | ||
Double Precision Incorporated -- Courier-IMAP | Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable. |
| 10.0 | CVE-2007-2173 OTHER-REF GENTOO SECUNIA BID XF | ||
DynaTracker -- DynaTracker | PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. |
| 7.0 | CVE-2007-2330 BUGTRAQ | ||
EsForum -- EsForum | SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter. |
| 7.0 | CVE-2007-2259 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Expow -- Expow | PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter. |
| 7.0 | CVE-2007-2302 MILW0RM BID XF | ||
eXtremail -- eXtremail | Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926. |
| 10.0 | CVE-2007-2187 FULLDISC MILW0RM OTHER-REF BID | ||
eXtremail -- eXtremail | eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing. |
| 10.0 | CVE-2007-2188 FULLDISC BID | ||
Extreme phpBB -- Extreme phpBB | Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/. |
| 7.0 | CVE-2007-2208 BUGTRAQ XF | ||
FileZilla -- FileZilla | Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-2318 OTHER-REF BID SECUNIA | ||
FreshDevices -- FreshView | Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file. |
| 8.0 | CVE-2007-2283 MILW0RM BID FRSIRT | ||
Frogss -- Frogss CMS | Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536. |
| 7.0 | CVE-2007-2299 MILW0RM BID FRSIRT XF | ||
Fully Modded phpBB -- Fully Modded phpBB2 | PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-2257 BUGTRAQ BID XF | ||
Gentoo -- XnView | Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-2194 MILW0RM FRSIRT SECUNIA BID XF | ||
GForge -- Garennes | Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/. |
| 7.0 | CVE-2007-2298 MILW0RM BID FRSIRT | ||
GoldCoders -- HYIP Manager Pro | Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty. |
| 7.0 | CVE-2007-2326 BUGTRAQ | ||
GPL PHP Board -- GPL PHP Board | Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php. |
| 7.0 | CVE-2007-2204 MILW0RM BID FRSIRT XF | ||
GraceNote -- CDDBControl ActiveX Control | Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters. |
| 8.0 | CVE-2007-0443 OTHER-REF OTHER-REF BID SECTRACK SECUNIA BUGTRAQ FRSIRT XF | ||
InterVideo -- Home Theater | Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-2323 SECUNIA | ||
Labs4 -- htmlEditbox | PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter. |
| 7.0 | CVE-2007-2327 BUGTRAQ | ||
LAN Management System -- LAN Management System | PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643. |
| 7.0 | CVE-2007-2205 BUGTRAQ BID VIM XF | ||
Microsoft -- Internet Explorer | CRLF injection vulnerability in the Digest Authentication in Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. |
| 7.0 | CVE-2007-2291 BUGTRAQ OTHER-REF BID | ||
MiniBB -- MiniBB TOSMO Mambo -- TOSMO Mambo | Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. |
| 7.0 | CVE-2007-2317 MILW0RM VIM BID FRSIRT XF | ||
Mozilla -- Firefox | Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175. |
| 10.0 | CVE-2007-2176 OTHER-REF | ||
mxBB -- MX Shotcast | PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. |
| 7.0 | CVE-2007-2313 MILW0RM BID FRSIRT XF | ||
MyBB -- MyBB | Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2212 XF | ||
MyBulletinBoard -- MyBulletinBoard | SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action. |
| 7.0 | CVE-2007-2211 MILW0RM BID XF FRSIRT SECUNIA | ||
MyNewsGroup -- MyNewsGroup | PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. |
| 10.0 | CVE-2007-2325 BUGTRAQ | ||
Novell -- Groupwise | Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request. |
| 10.0 | CVE-2007-2171 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Pagode -- Pagode | Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter. |
| 10.0 | CVE-2007-2200 MILW0RM BID FRSIRT SECUNIA XF | ||
Papoo -- Papoo | SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478. |
| 7.0 | CVE-2007-2320 MILW0RM BID | ||
PHP-Ring -- Webring System | SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter. |
| 7.0 | CVE-2007-2183 MILW0RM BID XF | ||
PHPee -- YA Book | Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php. |
| 7.0 | CVE-2007-2265 BUGTRAQ BID | ||
phpMyAdmin -- phpMyAdmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. |
| 7.0 | CVE-2007-2245 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
PHPmybibli -- PHPmybibli | PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. |
| 7.0 | CVE-2007-2258 BUGTRAQ BID XF | ||
PHPMySpace -- PHPMySpace | SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. |
| 7.0 | CVE-2007-2247 BUGTRAQ BID FRSIRT XF | ||
phpMYTGP -- phpMYTGP | PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter. |
| 7.0 | CVE-2007-2328 BUGTRAQ | ||
Plogger -- Plogger | Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| 7.0 | CVE-2007-2277 BUGTRAQ OTHER-REF | ||
Post Revolution -- Post Revolution | Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php. |
| 7.0 | CVE-2007-2201 BUGTRAQ MILW0RM BID FRSIRT SECUNIA XF | ||
ProFTPD Project -- ProFTPD | The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd. |
| 7.0 | CVE-2007-2165 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Progress -- WebSpeed | Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter. |
| 10.0 | CVE-2007-2266 BUGTRAQ BID | ||
PunBB -- PunBB | include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php. |
| 7.0 | CVE-2007-2234 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF | ||
PunBB -- PunBB | footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file. |
| 7.0 | CVE-2007-2236 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
QDBlog -- QDBlog | Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files. |
| 7.0 | CVE-2007-2304 MILW0RM BID FRSIRT XF | ||
QDBlog -- QDBlog | Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| 7.0 | CVE-2007-2305 MILW0RM BID FRSIRT XF | ||
Realink -- C-Arbre | PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721. |
| 7.0 | CVE-2007-2261 BUGTRAQ XF | ||
Ripe Website Manager -- Ripe Website Manager | Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter. |
| 7.0 | CVE-2007-2206 BUGTRAQ BID BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
Ripe Website Manager -- Ripe Website Manager | SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter. |
| 7.0 | CVE-2007-2207 BUGTRAQ BID OTHER-REF FRSIRT SECUNIA XF | ||
Searchactivity -- Searchactivity | PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 7.0 | CVE-2007-2329 BUGTRAQ | ||
Shop-Script -- Shop-Script | PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter. |
| 7.0 | CVE-2007-2331 BUGTRAQ | ||
SilverStripe -- SilverStripe | Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors. |
| 7.0 | CVE-2007-2321 OTHER-REF SECUNIA | ||
Sinato -- File117 | Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117". |
| 7.0 | CVE-2007-2262 BUGTRAQ BID BID FRSIRT XF | ||
VWar -- Virtual War | Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement. |
| 7.0 | CVE-2007-2312 BUGTRAQ OTHER-REF VIM BID XF | ||
WebKalk2 -- WebKalk2 | PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. |
| 7.0 | CVE-2007-2307 MILW0RM BID FRSIRT XF | ||
Xaraya -- Xaraya | Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd. |
| 7.0 | CVE-2007-2251 OTHER-REF OTHER-REF FRSIRT SECUNIA BID XF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
ACVSWS -- ACVSWS_PHP5 | PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter. |
| 5.6 | CVE-2007-2202 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Apple -- Mac OS X | The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. |
| 4.9 | CVE-2007-0737 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X | The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. |
| 4.9 | CVE-2007-0738 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X | The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. |
| 4.9 | CVE-2007-0739 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Corel -- Paint Shop Pro Photo | Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources. |
| 5.6 | CVE-2007-2209 MILW0RM BID FRSIRT SECUNIA SECUNIA XF | ||
CoSign -- CoSign | cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGING and REGISTER commands with the desired username. |
| 4.2 | CVE-2007-2233 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Crea-Book -- Crea-Book | Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-2314 SECUNIA | ||
Eba News -- Eba News | PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. |
| 5.6 | CVE-2007-2190 BUGTRAQ OTHER-REF XF | ||
freePBX -- freePBX | Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php. |
| 5.6 | CVE-2007-2191 FULLDISC BID XF | ||
HP -- StorageWorks XP Replication Monitor HP -- StorageWorks Command View XP HP -- HP StorageWorks XP Tiered Storage Manager | Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users. |
| 4.9 | CVE-2007-2275 HP BID FRSIRT SECUNIA | ||
IncrediMail -- IMMenuShellExt ActiveX control | Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-1683 CERT-VN | ||
Joomla! -- Jambook Mambo -- Jambook | PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2007-2196 BUGTRAQ | ||
Joomla! -- Joomla! | PHP remote file inclusion vulnerability in libraries/pcl/pcltar.php in Joomla! 1.5.0 Beta allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. |
| 5.6 | CVE-2007-2199 MILW0RM OTHER-REF BID BUGTRAQ FRSIRT XF | ||
Maran -- PHP Forum | Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter. |
| 5.6 | CVE-2007-2182 MILW0RM BID FRSIRT SECUNIA XF | ||
Microgaming -- Download Helper ActiveX Control | Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-2177 CERT-VN BID FRSIRT SECUNIA | ||
MX Smartor -- Full Album Pack | PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 5.6 | CVE-2007-2189 MILW0RM BID XF | ||
News Manager Deluxe -- News Manager Deluxe | Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. |
| 5.6 | CVE-2007-2303 MILW0RM FRSIRT SECUNIA | ||
Nortel -- VPN Router | Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store. |
| 6.0 | CVE-2007-2332 OTHER-REF BID FRSIRT SECUNIA | ||
Open Business Management -- Open Business Management | Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser." |
| 4.9 | CVE-2007-2316 OTHER-REF BID FRSIRT SECUNIA | ||
OpenSurveyPilot -- OpenSurveyPilot | PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. |
| 5.6 | CVE-2007-2166 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
Oracle -- E-Business Suite | The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. |
| 6.7 | CVE-2007-2170 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
Phorum -- Phorum | include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. |
| 4.2 | CVE-2007-2249 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Rajneel Lal TotaRam -- USP Foss Distribution | Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter. |
| 6.7 | CVE-2007-2271 MILW0RM BID FRSIRT SECUNIA | ||
Supasite -- Supasite | Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php. |
| 5.6 | CVE-2007-2185 MILW0RM BID FRSIRT XF | ||
SWsoft -- Plesk | Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3. |
| 6.7 | CVE-2007-2268 OTHER-REF OTHER-REF OSVDB OSVDB | ||
WEBInsta -- FM Manager | PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748. |
| 5.6 | CVE-2007-2181 MILW0RM BID FRSIRT SECUNIA XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
3com -- TippingPoint IPS | 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." |
| 3.3 | CVE-2007-2276 BUGTRAQ BUGTRAQ BID | ||
Alvaro -- Alvaro's Messenger | aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. |
| 2.3 | CVE-2007-2195 OTHER-REF BID | ||
Apache -- Tomcat | The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory. |
| 3.3 | CVE-2006-7197 OTHER-REF | ||
Apple -- Mac OS X | The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. |
| 3.3 | CVE-2007-0742 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Mac OS X | URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process. |
| 2.3 | CVE-2007-0743 OTHER-REF APPLE BID FRSIRT SECTRACK SECUNIA | ||
Apple -- Safari | Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. |
| 2.3 | CVE-2007-2163 BUGTRAQ BUGTRAQ | ||
Asterisk -- Asterisk | The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. |
| 3.3 | CVE-2007-2294 BUGTRAQ OTHER-REF SECTRACK SECUNIA | ||
Asterisk -- Asterisk | The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). |
| 3.3 | CVE-2007-2297 BUGTRAQ OTHER-REF OTHER-REF SECTRACK | ||
Big Blue -- Guestbook | Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form. |
| 1.9 | CVE-2007-2203 BUGTRAQ BID FRSIRT SECUNIA | ||
BloofoxCMS -- BloofoxCMS | Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. |
| 1.9 | CVE-2007-2310 BUGTRAQ BID | ||
Brettle Development -- NeatUpload | Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request. |
| 1.9 | CVE-2007-2197 BUGTRAQ BID SECUNIA XF | ||
Dovecot -- Dovecot | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. |
| 1.9 | CVE-2007-2231 BUGTRAQ MLIST MLIST OTHER-REF BID FRSIRT | ||
Exponent -- Exponent CMS | Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter. |
| 2.3 | CVE-2007-2252 OTHER-REF BID SECUNIA | ||
Exponent -- Exponent CMS | Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. |
| 2.3 | CVE-2007-2253 OTHER-REF | ||
FloweRS -- FloweRS | Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter. |
| 1.9 | CVE-2007-2308 BUGTRAQ BID FRSIRT | ||
FloweRS -- FloweRS | Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-2309 FRSIRT | ||
Foxit -- PDF Reader | Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. |
| 2.3 | CVE-2007-2186 MILW0RM BID XF | ||
IETF -- IPv6 | The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| 3.3 | CVE-2007-2242 OTHER-REF OPENBSD OPENBSD BID SECUNIA XF | ||
Ipswitch -- WS_FTP | Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments." |
| 3.3 | CVE-2007-2213 BUGTRAQ BUGTRAQ BID XF | ||
Jack Slocum -- Ext JS | Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent. |
| 3.3 | CVE-2007-2285 MILW0RM VIM VIM VIM BID | ||
jchit -- counter | Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter. |
| 2.3 | CVE-2007-2184 MILW0RM BID XF | ||
Julmajanne -- JulmaCMS | Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 3.3 | CVE-2007-2324 MILW0RM BID | ||
KDE -- Konqueror | Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. |
| 2.3 | CVE-2007-2164 BUGTRAQ BUGTRAQ | ||
LAN Management System -- LAN Management System | Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php. |
| 1.9 | CVE-2007-2198 OTHER-REF OTHER-REF | ||
Linksys -- SPA941 | The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request. |
| 3.3 | CVE-2007-2270 MILW0RM MILW0RM BID FRSIRT XF | ||
Linux -- Kernel | The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer. |
| 3.3 | CVE-2007-1353 OTHER-REF BID FRSIRT SECUNIA | ||
Microsoft -- Internet Explorer Mozilla -- Firefox | CRLF injection vulnerability in the Digest Authentication in Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. |
| 3.3 | CVE-2007-2292 BUGTRAQ OTHER-REF BID | ||
MiniShare -- Minimal HTTP Server | MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections. |
| 3.3 | CVE-2007-2315 OTHER-REF OTHER-REF SECUNIA | ||
Nero -- MediaHome CE Nero -- MediaHome | NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 3.3 | CVE-2007-2322 SECUNIA | ||
Netsprint -- Ask IE Toolbar | A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow. |
| 3.3 | CVE-2007-2210 BUGTRAQ BID | ||
Nullsoft -- WinAmp | Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file. |
| 2.7 | CVE-2007-2180 BUGTRAQ BID MILW0RM XF | ||
Objective Development -- Sharity | Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
| 3.3 | CVE-2007-2178 OTHER-REF BID SECUNIA XF | ||
OpenBSD -- OpenSSH Portable OpenBSD -- OpenSSH | OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483. |
| 1.9 | CVE-2007-2243 FULLDISC FULLDISC BID XF | ||
Opera Software -- Opera | The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this to as a memory leak, but it is not certain. |
| 3.3 | CVE-2007-2274 MILW0RM | ||
Oracle -- E-Business Suite | The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. |
| 3.3 | CVE-2007-2135 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
Phorum -- Phorum | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. |
| 1.9 | CVE-2007-2248 BUGTRAQ OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
Phorum -- Phorum | admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. |
| 2.3 | CVE-2007-2250 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
PostgreSQL -- PostgreSQL | Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." |
| 3.4 | CVE-2007-2138 OTHER-REF OTHER-REF SECUNIA OTHER-REF MANDRIVA BID FRSIRT SECUNIA SECUNIA XF | ||
PunBB -- PunBB | Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php. |
| 1.9 | CVE-2007-2235 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Raiden Professional Servers -- RaidenFTPD | Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference. |
| 3.3 | CVE-2007-2179 BUGTRAQ BID XF | ||
Sendmail Consortium -- Sendmail | Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-443. |
| 3.3 | CVE-2007-2246 HP BID FRSIRT SECUNIA | ||
Sun -- Sun Cluster | Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1. |
| 2.0 | CVE-2007-2267 SUNALERT FRSIRT XF | ||
Surat kabar -- phpwebnews | Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php. |
| 1.9 | CVE-2007-2300 BUGTRAQ BID XF | ||
SWsoft -- Plesk | Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter. |
| 2.3 | CVE-2007-2269 OTHER-REF | ||
TJSChat -- TJSChat | Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| 1.9 | CVE-2007-2256 BUGTRAQ BID FRSIRT SECUNIA XF | ||
VWar -- Virtual War | Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php. |
| 1.9 | CVE-2007-2306 BUGTRAQ OTHER-REF BID XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.