Vulnerability Summary for the Week of May 7, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." |
| 8.0 | CVE-2007-2221 MS | |||
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. |
| 7.0 | CVE-2007-2523 IDEFENSE OTHER-REF BID FRSIRT | |||
ACP3 -- ACP3 | Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. |
| 7.0 | CVE-2007-2577 BUGTRAQ BID | ||
ACP3 -- ACP3 | Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter. |
| 7.0 | CVE-2007-2578 BUGTRAQ BID | ||
Advanced Guestbook -- Advanced Guestbook | Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php. |
| 8.0 | CVE-2007-0609 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID | ||
Agner Fog -- aForum | PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. |
| 7.0 | CVE-2007-2596 MILW0RM BID FRSIRT | ||
american cart -- american cart | Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php. |
| 7.0 | CVE-2007-2559 BUGTRAQ | ||
Apache Software Foundation -- Apache Tomcat | Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2006-7196 OTHER-REF OTHER-REF FRSIRT | ||
Asterisk -- Asterisk | The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. |
| 10.0 | CVE-2007-2488 OTHER-REF | ||
BarCodeWiz -- BarCode ActiveX Control | Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument. |
| 8.0 | CVE-2007-2585 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Berylium -- Berylium2 | PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. |
| 7.0 | CVE-2007-2531 MILW0RM FRSIRT | ||
Computer Associates -- eTrust Integrated Threat Management Computer Associates -- eTrust PestPatrol Computer Associates -- eTrust EZ Antivirus | Stack-based buffer overflow in the Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via unspecified vectors involving login authentication credentials. |
| 10.0 | CVE-2007-2522 OTHER-REF BID FRSIRT | ||
Crie Sue -- PHPLojaFacil | Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. |
| 7.0 | CVE-2007-2615 MILW0RM BID | ||
DivX City -- GDivX Zenith Player | Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. |
| 8.0 | CVE-2007-2601 MILW0RM BID | ||
DynamicPAD -- DynamicPAD | Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. |
| 7.0 | CVE-2007-2527 MILW0RM OTHER-REF VIM VIM BID FRSIRT SECUNIA | ||
E-GADS -- E-GADS | PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. |
| 10.0 | CVE-2007-2521 MILW0RM BID | ||
fipsASP -- fipsCMS | SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. |
| 7.0 | CVE-2007-2561 BUGTRAQ BID | ||
GNU Edu -- GNU Edu | Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; and (5) logout.php, (6) help.php, (7) index.php, (8) login.php, and (9) lom.php in web/. |
| 7.0 | CVE-2007-2609 MILW0RM BID | ||
Guilain Omont -- Wikivi5 | PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. |
| 7.0 | CVE-2007-2570 MILW0RM VIM | ||
HP -- Tru64 UNIX | Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-2553 HP BID | ||
IBM -- DB2 | Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allows local users to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2007-2582 FRSIRT SECUNIA | ||
Kayako -- eSupport | Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. |
| 7.0 | CVE-2007-2562 BUGTRAQ XF | ||
LaVague -- LaVague | PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter. |
| 7.0 | CVE-2007-2607 MILW0RM BID | ||
McAfee -- SecurityCenter Agent McAfee -- VirusScan McAfee -- SecurityCenter | Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. |
| 10.0 | CVE-2007-2584 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Microsoft -- Exchange Server | Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. |
| 10.0 | CVE-2007-0213 MS | ||
Microsoft -- Office Microsoft -- Excel Microsoft -- Excel Viewer | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. |
| 8.0 | CVE-2007-0215 OTHER-REF MS | ||
Microsoft -- Exchange Server | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". |
| 7.0 | CVE-2007-0220 MS | ||
Microsoft -- CAPICOM Microsoft -- BizTalk Server | Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." |
| 10.0 | CVE-2007-0940 MS | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls", which allows remote attackers to execute arbitrary code via a crafted COM object. |
| 8.0 | CVE-2007-0942 MS | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." |
| 8.0 | CVE-2007-0944 OTHER-REF MS | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." |
| 8.0 | CVE-2007-0945 MS | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. |
| 8.0 | CVE-2007-0946 MS | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. |
| 8.0 | CVE-2007-0947 MS | ||
Microsoft -- Word Microsoft -- Works Suite | Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text properties, which allows user-assisted remote attackers to trigger memory corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." |
| 8.0 | CVE-2007-1202 MS | ||
Microsoft -- Excel | Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. |
| 8.0 | CVE-2007-1203 MS | ||
Microsoft -- Excel | Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted filter record in an Excel file, which results in memory corruption. |
| 8.0 | CVE-2007-1214 MS | ||
Microsoft -- Office | Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. |
| 8.0 | CVE-2007-1747 MS | ||
Microsoft -- SharePoint Server | Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. NOTE: as of 20070505, a third party was unable to reproduce this issue. |
| 7.0 | CVE-2007-2581 BUGTRAQ BUGTRAQ BID | ||
Microsoft -- Terminal Server | The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006. |
| 7.0 | CVE-2007-2593 BUGTRAQ BUGTRAQ BUGTRAQ BID | ||
Miplex2 -- Miplex2 | PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. |
| 7.0 | CVE-2007-2608 MILW0RM BID | ||
Netsliver -- PFA CMS | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in pfa CMS 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter. NOTE: CVE disputes this issue since $repinc is set to a constant value before use. |
| 7.0 | CVE-2007-2558 BUGTRAQ VIM | ||
NoAh -- NoAh | PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter. |
| 7.0 | CVE-2007-2572 MILW0RM | ||
Nokia -- Intellisync Mobile Suite Nokia -- Intellisync Wireless Email Express Nokia -- Groupwise Mobile Server | usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. |
| 7.0 | CVE-2007-2591 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Nuked-Klan -- Nuked-Klan | SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. |
| 7.0 | CVE-2007-2556 BUGTRAQ MILW0RM BID SECUNIA | ||
Office OCX -- Office Viewer OCX | Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. |
| 8.0 | CVE-2007-2588 OTHER-REF OTHER-REF BID SECUNIA XF | ||
OpenLD -- OpenLD | Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature. |
| 7.0 | CVE-2007-2610 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
Persism CMS -- Persism CMS | Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. |
| 7.0 | CVE-2007-2545 MILW0RM BID | ||
PHP -- PHP | Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-1864 OTHER-REF OTHER-REF | ||
PHP -- PHP | CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. |
| 7.0 | CVE-2007-2509 BUGTRAQ OTHER-REF OTHER-REF BID | ||
PHP -- PHP | Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. |
| 7.0 | CVE-2007-2510 OTHER-REF OTHER-REF | ||
PHP TopTree BBS -- PHP TopTree BBS | PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. |
| 7.0 | CVE-2007-2544 MILW0RM | ||
phpHoo3 -- phpHoo3 | ** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use. |
| 7.0 | CVE-2007-2534 BUGTRAQ VIM BID | ||
phpHtmlLib -- phpHtmlLib | PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. |
| 7.0 | CVE-2007-2614 BUGTRAQ XF | ||
phpMyPortal -- phpMyPortal | PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. |
| 7.0 | CVE-2007-2594 MILW0RM BID FRSIRT | ||
PHPtree -- PHPtree | PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter. |
| 7.0 | CVE-2007-2573 MILW0RM | ||
PMECMS -- PMECMS | Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. |
| 7.0 | CVE-2007-2540 MILW0RM BID | ||
Podium CMS -- Podium CMS | Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). |
| 7.0 | CVE-2007-2555 BUGTRAQ | ||
Practical Creative & Code -- Friendly | Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. |
| 7.0 | CVE-2007-2569 MILW0RM | ||
RIM -- TeamOn Import Object ActiveX Control | Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-0323 MS CERT-VN | ||
RunCMS -- RunCMS | SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. |
| 7.0 | CVE-2007-2538 BUGTRAQ OTHER-REF BID XF | ||
Sienzo -- Digital Music Mentor | Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. |
| 10.0 | CVE-2007-2564 OTHER-REF OTHER-REF | ||
SimpleNews -- SimpleNews | SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
| 10.0 | CVE-2007-2598 MILW0RM FRSIRT | ||
SmartCode -- VNC Manager | Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. |
| 8.0 | CVE-2007-2526 OTHER-REF OTHER-REF BID SECUNIA | ||
SquirrelMail -- SquirrelMail | Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. |
| 7.0 | CVE-2007-2589 OTHER-REF FRSIRT SECUNIA | ||
Sun -- Solaris | Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. |
| 7.0 | CVE-2007-2529 IDEFENSE SUNALERT BID FRSIRT SECTRACK SECUNIA | ||
Taltech -- Tal Bar Code ActiveX control | Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2007-2567 BUGTRAQ | ||
TellTargetCMS -- TellTarget CMS | Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. |
| 7.0 | CVE-2007-2597 MILW0RM BID FRSIRT | ||
Trend Micro -- ServerProtect | Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll. |
| 10.0 | CVE-2007-2508 OTHER-REF OTHER-REF OTHER-REF BID BID FRSIRT SECTRACK SECUNIA | ||
Trend Micro -- ServerProtect | Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. NOTE: this is probably a different vulnerability than CVE-2007-2508. |
| 10.0 | CVE-2007-2528 OTHER-REF | ||
Trend Micro -- ServerProtect | Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. |
| 10.0 | CVE-2007-2533 OTHER-REF OTHER-REF FRSIRT | ||
Tropicalm -- Tropicalm Crowell Resource | Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. |
| 7.0 | CVE-2007-2530 MILW0RM FRSIRT XF | ||
Turnkey Web Tools -- SunShop Shopping Cart | Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." |
| 7.0 | CVE-2007-2548 BUGTRAQ BID | ||
Turnkey Web Tools -- SunShop Shopping Cart | SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. |
| 7.0 | CVE-2007-2549 BUGTRAQ BID | ||
Versado CMS -- Versado CMS | PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. |
| 7.0 | CVE-2007-2541 MILW0RM BID XF | ||
VersalSoft -- HTTP File Upload ActiveX control | Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. |
| 8.0 | CVE-2007-2563 OTHER-REF OTHER-REF SECUNIA | ||
vm watermark -- vm watermark | PHP remote file inclusion vulnerability in watermark.php in the vm watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. |
| 7.0 | CVE-2007-2575 MILW0RM | ||
Wavelink Media -- TutorialCMS | Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. |
| 7.0 | CVE-2007-2599 MILW0RM BID FRSIRT | ||
Wavelink Media -- TutorialCMS | Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. |
| 7.0 | CVE-2007-2600 MILW0RM BID FRSIRT | ||
WikkaWiki -- WikkaWiki | SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. NOTE: this issue only applies to a "modified installation." |
| 7.0 | CVE-2007-2612 OTHER-REF OTHER-REF FRSIRT | ||
WikkaWiki -- WikkaWiki | WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. |
| 10.0 | CVE-2007-2613 OTHER-REF OTHER-REF FRSIRT | ||
Workbench Survival Guide -- Workbench Survival Guide | PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 7.0 | CVE-2007-2542 MILW0RM BID XF | ||
Xoops -- Flashgames Module | SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. |
| 7.0 | CVE-2007-2543 MILW0RM BID XF | ||
Xoops -- wfquotes Module | SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat op action. |
| 7.0 | CVE-2007-2571 MILW0RM |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Advanced Guestbook -- Advanced Guestbook | Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. |
| 5.6 | CVE-2007-0605 BUGTRAQ OTHER-REF BID OSVDB | ||
CGX -- CGX | Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. |
| 5.6 | CVE-2007-2611 MILW0RM BID SECUNIA | ||
East Wind Software -- advdaudio.ocx | Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976. |
| 5.6 | CVE-2007-2576 MILW0RM OTHER-REF OTHER-REF | ||
Mambo -- Mambo | MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.2 | CVE-2007-2557 SECUNIA | ||
Microsoft -- Office Microsoft -- Works Suite | Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." |
| 5.6 | CVE-2007-0035 MS | ||
Nokia -- Intellisync Mobile Suite Nokia -- Intellisync Wireless Email Express Nokia -- Groupwise Mobile Server | Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. |
| 4.7 | CVE-2007-2590 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
NPDS -- NPDS | Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header. |
| 4.2 | CVE-2007-2537 BUGTRAQ OTHER-REF BID | ||
PHP -- PHP | Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. |
| 4.9 | CVE-2007-2511 OTHER-REF OTHER-REF | ||
RScript -- RSAuction | RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.2 | CVE-2007-2595 BID SECUNIA | ||
Simple Machines -- Simple Machines Forum | Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| 5.6 | CVE-2007-2546 BUGTRAQ OTHER-REF SECUNIA | ||
SquirrelMail -- SquirrelMail | Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. |
| 5.6 | CVE-2007-1262 OTHER-REF FRSIRT SECUNIA | ||
Symantec -- Norton Internet Security Symantec -- Norton System Works Symantec -- Norton AntiVirus | The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. |
| 4.8 | CVE-2006-3456 IDEFENSE OTHER-REF BID FRSIRT |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-1670 BUGTRAQ BID XF | |||
ACP3 -- ACP3 | Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php. |
| 3.7 | CVE-2007-2579 BUGTRAQ BID | ||
Adobe -- RoboHelp Server Adobe -- RoboHelp | Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. |
| 1.9 | CVE-2007-1280 OTHER-REF BID FRSIRT SECUNIA | ||
Advanced Guestbook -- Advanced Guestbook | Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. |
| 2.7 | CVE-2007-0608 BUGTRAQ OTHER-REF OSVDB OSVDB OSVDB | ||
Apache Software Foundation -- Apache Tomcat | Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values. |
| 1.9 | CVE-2006-7195 OTHER-REF FRSIRT | ||
Apache Software Foundation -- Apache Tomcat | Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616". |
| 1.1 | CVE-2007-1358 OTHER-REF FRSIRT | ||
Apache Software Foundation -- Apache Tomcat | The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts. |
| 3.3 | CVE-2007-1858 OTHER-REF OTHER-REF FRSIRT | ||
Apple -- Safari | Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved passwords) via unspecified vectors related to "some Mac OS X components" and presence of the passwords in a user's keychain. NOTE: this information is based upon a vague pre-advisory. |
| 2.3 | CVE-2007-2580 BUGTRAQ | ||
Archangel Management -- Archangel Weblog | Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the index parameter. |
| 2.3 | CVE-2007-2574 MILW0RM | ||
Associated Press -- Newspower | Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. |
| 3.3 | CVE-2007-2554 BUGTRAQ | ||
Audio CD Tools -- Audio CD Ripper OCX | Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. |
| 3.3 | CVE-2007-2603 BUGTRAQ BID | ||
Avast -- Avast Antivirus | avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-1672 BUGTRAQ BID XF | ||
AVIRA -- Antivir | avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-1671 BUGTRAQ BID XF | ||
Axis Communications -- AXIS 2411 Video Server Axis Communications -- AXIS 2130 PTZ Network Camera Axis Communications -- AXIS 2420 Network Camera Axis Communications -- AXIS 2401 Video Server Axis Communications -- AXIS Panorama PTZ Camera Axis Communications -- AXIS 2110 Network Camera Axis Communications -- AXIS 2400 Video Server Axis Communications -- AXIS 2420-IR Network Camera Axis Communications -- AXIS 2100 Network Camera Axis Communications -- AXIS 2400+ Video Server Axis Communications -- AXIS 2401+ Blade Video Server Axis Communications -- AXIS 2400+ Blade Video Server Axis Communications -- AXIS 2120 Network Camera Axis Communications -- AXIS 2401+ Video Server | Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. |
| 3.3 | CVE-2007-2239 OTHER-REF CERT-VN SECUNIA | ||
Barracuda Networks -- Barracuda Spam Firewall | Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, and Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-1669 BUGTRAQ BID XF | ||
Brew City Software -- FlexLabel OCX | Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property. |
| 3.3 | CVE-2007-2604 BUGTRAQ | ||
Brujula Toolbar -- Brujula Toolbar | Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. |
| 2.7 | CVE-2007-2605 BUGTRAQ BID | ||
Cdelia Software -- ImageProcessing | Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. |
| 2.7 | CVE-2007-2565 BUGTRAQ BUGTRAQ BID | ||
Cisco -- IOS | The IOS FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote authenticated users to have unspecified impact, probably including read and write of arbitrary files, aka bug ID CSCek55259. |
| 2.0 | CVE-2007-2586 CISCO | ||
Cisco -- IOS | The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). |
| 2.0 | CVE-2007-2587 CISCO | ||
Devellion -- CubeCart | Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. |
| 2.3 | CVE-2007-2550 BUGTRAQ BID | ||
Firebird -- Firebird | Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. |
| 3.3 | CVE-2007-2606 BUGTRAQ | ||
Ipswitch -- WhatsUp Gold | Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. |
| 3.3 | CVE-2007-2602 BUGTRAQ | ||
Linux -- Kernel | Memory leak in the PPPoE socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. |
| 1.6 | CVE-2007-2525 OTHER-REF SECUNIA | ||
Mambo -- Mambo Open Source | The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. |
| 3.3 | CVE-2006-7202 OTHER-REF BID SECUNIA | ||
Mentiss ACGV -- ACGVannu | Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter. |
| 2.3 | CVE-2007-2560 MILW0RM VIM BID | ||
Microsoft -- Exchange Server | The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (server hang) via a malformed calendar content request in an Internet Calendar (iCal) file. |
| 3.3 | CVE-2007-0039 MS | ||
Microsoft -- Exchange Server | IMAP support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via a crafted IMAP command, aka the "IMAP Literal Processing Vulnerability." |
| 3.3 | CVE-2007-0221 MS | ||
MySQL -- MySQL | MySQL 5.x before 5.0.40 allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. |
| 3.3 | CVE-2007-2583 OTHER-REF GENTOO SECUNIA | ||
Nokia -- Intellisync Mobile Suite Nokia -- Intellisync Wireless Email Express Nokia -- Groupwise Mobile Server | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. |
| 1.9 | CVE-2007-2592 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Obie Website -- Mini Web Shop | Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734. |
| 1.9 | CVE-2007-2532 BUGTRAQ BID XF | ||
OTRS -- OTRS | Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. |
| 1.9 | CVE-2007-2524 BUGTRAQ OTHER-REF BID | ||
PicoZip -- PicoZip | PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-2536 BUGTRAQ BID XF | ||
PoPToP -- PPTP Server | pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. |
| 2.3 | CVE-2007-0244 OTHER-REF DEBIAN BID FRSIRT | ||
rPath -- rPath Linux Linux -- Kernel | The netlink functionality in the Linux kernel 2.6.19 and earlier does not properly handle NETLINK_FIB_LOOKUP replies, which allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors, probably related to infinite recursion. |
| 3.3 | CVE-2007-1861 OTHER-REF SECUNIA | ||
RunCMS -- RunCMS | The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. |
| 3.3 | CVE-2007-2539 BUGTRAQ OTHER-REF BID | ||
Taltech -- Tal Bar Code ActiveX control | The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. |
| 2.3 | CVE-2007-2566 BUGTRAQ | ||
Turnkey Web Tools -- SunShop Shopping Cart | Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. |
| 1.9 | CVE-2007-2547 BUGTRAQ BID | ||
unzoo -- unzoo | unzoo.c allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-1673 BUGTRAQ BID XF | ||
WikkaWiki -- WikkaWiki | Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. |
| 1.9 | CVE-2007-2551 OTHER-REF OTHER-REF SECUNIA | ||
WikkaWiki -- WikkaWiki | the RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to read private pages via RSS feeds. |
| 2.3 | CVE-2007-2552 OTHER-REF OTHER-REF SECUNIA | ||
WinAce -- WinAce | WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. |
| 3.3 | CVE-2007-2535 BUGTRAQ BID XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.