Vulnerability Summary for the Week of May 28, 2007
Released
Jun 04, 2007
Document ID
SB07-155
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 2z Project -- 2z Project | SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter. |
| 7.0 | CVE-2007-2898 BUGTRAQ OTHER-REF FRSIRT | ||
| 2z Project -- 2z Project | SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2905 BUGTRAQ OTHER-REF FRSIRT | ||
| Apache Software Foundation -- Tomcat JK Web Server Connector | mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directly traversal, a related issue to CVE-2007-0450. |
| 7.0 | CVE-2007-1860 OTHER-REF OTHER-REF SECUNIA | ||
| Authentium -- Command Antivirus | Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. |
| 8.0 | CVE-2007-2917 CERT-VN | ||
| BoastMachine -- BoastMachine | Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. |
| 10.0 | CVE-2007-2932 BUGTRAQ BID XF | ||
| Bochs -- Bochs | Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in emulated NE2000 device in Bochs 2.3 does not prevent TXCNT register values from exceeding the device memory size, which allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system, aka "RX Frame heap overflow." |
| 7.0 | CVE-2007-2893 OTHER-REF FRSIRT | ||
| cpCommerce -- cpCommerce | SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. |
| 7.0 | CVE-2007-2890 MILW0RM BID | ||
| cpCommerce -- cpCommerce | SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. |
| 7.0 | CVE-2007-2959 BUGTRAQ BID | ||
| David Branco -- OpenBASE | Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. |
| 7.0 | CVE-2007-2947 MILW0RM BID FRSIRT | ||
| Dian Gemilang -- DGNews | SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS). |
| 7.0 | CVE-2007-0693 BUGTRAQ BID OSVDB | ||
| DigiAppz -- DigiRez | Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. |
| 10.0 | CVE-2007-2880 BUGTRAQ | ||
| Dokeos -- Open Source Learning & Knowledge Management Tool | SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. |
| 7.0 | CVE-2007-2889 MILW0RM BID XF | ||
| Dokeos -- Dokeos | SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. |
| 7.0 | CVE-2007-2902 MILW0RM | ||
| EZB Systems -- UltraISO | Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information. |
| 8.0 | CVE-2007-2888 MILW0RM BID SECUNIA | ||
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus | Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." |
| 7.0 | CVE-2007-2965 OTHER-REF FRSIRT SECUNIA | ||
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus | Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, a similar issue to CVE-2006-4335. |
| 7.0 | CVE-2007-2966 OTHER-REF FRSIRT SECUNIA | ||
| F-Secure -- F-Secure Protection Service F-Secure -- F-Secure Anti-Virus Linux Server Security F-Secure -- F-Secure Internet Security F-Secure -- F-Secure Anti-Virus Linux Client Security F-Secure -- Internet Gatekeeper F-Secure -- F-Secure Anti-Virus Client Security F-secure -- F-Secure Anti-Virus | Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) archives or (2) packed executables. |
| 10.0 | CVE-2007-2967 OTHER-REF FRSIRT | ||
| FileCloset -- FileCloset | Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. |
| 7.0 | CVE-2007-2961 OTHER-REF OTHER-REF BID SECUNIA | ||
| FirmWorX -- FirmWorX | Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. |
| 7.0 | CVE-2007-2891 MILW0RM BID | ||
| Frequency Clock -- Frequency Clock | Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. |
| 7.0 | CVE-2007-2936 MILW0RM BID | ||
| Fundanemt -- Fundanemt | core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. |
| 7.0 | CVE-2007-2935 MILW0RM OTHER-REF BID SECUNIA | ||
| GNUTurk -- GNUTurk Portal System | Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. |
| 10.0 | CVE-2007-2879 BUGTRAQ BID | ||
| Jelsoft -- vBulletin | Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-????. |
| 10.0 | CVE-2007-2910 OTHER-REF | ||
| LEAD Technologies -- LeadTools Raster Dialog File Object | Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. |
| 10.0 | CVE-2007-2895 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA XF | ||
| LEAD Technologies -- LeadTools Raster Dialog File Object | Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. |
| 10.0 | CVE-2007-2946 MILW0RM OTHER-REF OTHER-REF BID SECUNIA XF | ||
| Macrovision -- Update Service Macrovision -- FLEXnet Connect | The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via the Execute method. |
| 8.0 | CVE-2007-0328 CERT-VN OTHER-REF | ||
| Michael Brandon -- vBGSiteMap | Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. |
| 7.0 | CVE-2007-2941 MILW0RM BID | ||
| Microsoft -- Visual Basic | Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. |
| 8.0 | CVE-2007-2884 MILW0RM MILW0RM BID BID XF XF | ||
| Microsoft -- IIS | Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. |
| 7.0 | CVE-2007-2897 FULLDISC FULLDISC XF | ||
| Microsoft -- Internet Explorer Honeywell -- Ademco ATNBaseLoader100 Module | Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. |
| 10.0 | CVE-2007-2938 MILW0RM BID FRSIRT SECUNIA | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird | Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. |
| 7.0 | CVE-2007-2868 OTHER-REF | ||
| my little homepage -- my little forum | SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-2942 MILW0RM BID FRSIRT SECUNIA | ||
| Navboard -- Navboard | Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. |
| 7.0 | CVE-2007-2899 MILW0RM BID | ||
| Phil-a-Form -- Phil-a-Form | SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. |
| 7.0 | CVE-2007-2933 MILW0RM | ||
| PHPEcho CMS -- PHPEcho CMS | Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2866 OTHER-REF FRSIRT | ||
| phpPgAdmin -- phpPgAdmin | Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. |
| 8.0 | CVE-2007-2865 FULLDISC BID XF | ||
| Scallywag.org -- Scallywag | Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2960 FRSIRT | ||
| Sun -- Java Web Proxy Server | Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. |
| 10.0 | CVE-2007-2881 IDEFENSE SUNALERT | ||
| Tcl_Tk -- Tcl_Tk | Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. |
| 7.0 | CVE-2007-2877 OTHER-REF OTHER-REF SECUNIA | ||
| TROforum -- TROforum | PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. |
| 7.0 | CVE-2007-2937 MILW0RM BID |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Quicktime | Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on Mac OS X and Windows allows remote attackers to execute arbitrary code via unknown vectors related to Java applets. |
| 5.6 | CVE-2007-2388 APPLE | ||
| Credant -- Credant Mobile Guardian Shield - Windows | Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer. |
| 4.9 | CVE-2007-2883 BUGTRAQ BID | ||
| FlaP -- FlaP | Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. |
| 5.6 | CVE-2007-2940 MILW0RM BID FRSIRT | ||
| GForge -- GForge | plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. |
| 5.6 | CVE-2007-0246 OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA | ||
| Jelsoft -- vBulletin | Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. |
| 6.0 | CVE-2007-2909 OTHER-REF | ||
| Jelsoft -- vBulletin | SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. |
| 4.8 | CVE-2007-2911 OTHER-REF | ||
| Logitech -- VideoCall | Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-2918 CERT-VN BID | ||
| Mazens PHP Chat -- Mazens PHP Chat | Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. |
| 5.6 | CVE-2007-2939 MILW0RM BID FRSIRT | ||
| Scallywag.org -- Scallywag | Multiple PHP remote file inclusion vulnerabilities in Scallywag allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. |
| 5.6 | CVE-2007-2900 MILW0RM | ||
| SSL-Explorer -- SSL-Explorer | Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers, which has unknown impact, possibly resulting in cross-site scripting (XSS) or HTTP request smuggling. |
| 6.0 | CVE-2007-2907 OTHER-REF | ||
| Symantec -- Enterprise Security Manager | Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. |
| 5.6 | CVE-2007-2896 OTHER-REF OTHER-REF BID SECUNIA | ||
| Webavis -- Webavis | PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| 5.6 | CVE-2007-2943 MILW0RM FRSIRT |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Quicktime | Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. |
| 2.7 | CVE-2007-2389 APPLE | ||
| ASP-Nuke -- ASP-Nuke | Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-2892 OTHER-REF BID | ||
| Bochs -- Bochs | The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. |
| 1.6 | CVE-2007-2894 OTHER-REF FRSIRT | ||
| ClonusWiki -- ClonusWiki | Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| 1.9 | CVE-2007-2913 BUGTRAQ | ||
| DGNews -- DGNews | DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. |
| 2.3 | CVE-2007-0692 BUGTRAQ OSVDB | ||
| Dian Gemilang -- DGNews | Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. |
| 1.9 | CVE-2007-0694 BUGTRAQ BID OSVDB | ||
| Dokeos -- Dokeos | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. |
| 1.9 | CVE-2007-2901 MILW0RM | ||
| F-Secure -- Policy Manager | The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. |
| 2.3 | CVE-2007-2964 OTHER-REF FRSIRT SECUNIA | ||
| Forsnet -- Web Icerik Yonetim Sistemi | Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. |
| 1.9 | CVE-2007-2887 BUGTRAQ | ||
| GMTT -- Music Distro | Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. |
| 1.9 | CVE-2007-2916 BUGTRAQ | ||
| Invision Power Services -- Invision Power Board | Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources. |
| 1.9 | CVE-2007-2963 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Jelsoft -- vBulletin | Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. |
| 1.9 | CVE-2007-2908 BUGTRAQ BID SECUNIA | ||
| Jelsoft -- vBulletin | Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. |
| 2.3 | CVE-2007-2912 OTHER-REF | ||
| Linux -- Kernel | Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. |
| 2.3 | CVE-2007-2451 OTHER-REF OTHER-REF SECUNIA | ||
| Linux -- Kernel | The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. |
| 2.3 | CVE-2007-2878 OTHER-REF BID | ||
| Microsoft -- Visual Database Tools Database Designer | The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. |
| 1.9 | CVE-2007-2885 OTHER-REF BID | ||
| Microsoft -- Office | Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries. |
| 2.3 | CVE-2007-2903 OTHER-REF OTHER-REF OTHER-REF | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." |
| 3.3 | CVE-2007-1362 OTHER-REF | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox Mozilla -- Thunderbird | Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. |
| 3.3 | CVE-2007-2867 OTHER-REF | ||
| Mozilla -- Firefox | The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. |
| 2.3 | CVE-2007-2869 OTHER-REF | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. |
| 1.9 | CVE-2007-2870 OTHER-REF | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. |
| 1.9 | CVE-2007-2871 OTHER-REF | ||
| myEvent -- myEvent | myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. |
| 2.3 | CVE-2007-0690 BUGTRAQ OSVDB | ||
| Nortel -- Communications Server | Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. |
| 2.3 | CVE-2007-2886 OTHER-REF OTHER-REF BID FRSIRT XF | ||
| Particle Soft -- Particle Gallery | Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. |
| 1.9 | CVE-2007-2962 BUGTRAQ | ||
| PsychoStats -- PsychoStats | Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. |
| 1.9 | CVE-2007-2914 BUGTRAQ | ||
| RM EasyMail -- RM EasyMail Plus | Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. |
| 1.9 | CVE-2007-2915 BUGTRAQ | ||
| RMForum -- RMForum | RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. |
| 2.3 | CVE-2007-2945 BUGTRAQ SECUNIA | ||
| Sun -- Solaris | Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. |
| 2.3 | CVE-2007-2882 SUNALERT BID FRSIRT SECUNIA | ||
| Sun -- Java System Messaging Server | Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. |
| 1.9 | CVE-2007-2904 SUNALERT | ||
| Sun -- Java Embedding Plugin | Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. |
| 2.3 | CVE-2007-2906 OTHER-REF | ||
| WabCMS -- WabCMS | WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-2944 SECUNIA | ||
| Windy Road -- Vistered Little | Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. |
| 3.3 | CVE-2007-2934 MILW0RM VIM BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.