Vulnerability Summary for the Week of June 4, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Alcatel -- OmniPCX Enterprise | Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. |
| 7.0 | CVE-2007-2512 OTHER-REF XF | ||
Apple -- Xserve Lights-Out Management | Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. |
| 10.0 | CVE-2007-2387 OTHER-REF OTHER-REF APPLE BID FRSIRT SECUNIA | ||
Calimero.CMS -- Calimero.CMS | Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| 7.0 | CVE-2007-3053 BUGTRAQ OTHER-REF | ||
Centennial -- Discovery Symantec -- Discovery Numara -- Asset Manager | Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173. |
| 8.0 | CVE-2007-2514 BUGTRAQ OTHER-REF BID SECTRACK | ||
Chameleon CMS -- Chameleon CMS | Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. |
| 7.0 | CVE-2007-3050 BUGTRAQ OTHER-REF | ||
Clam Anti-Virus -- ClamAV | unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3023 MLIST OTHER-REF | ||
Comdev -- Comdev eCommerce | PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. |
| 7.0 | CVE-2007-3081 BUGTRAQ XF | ||
Comdev -- Comdev Web Blogger | PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. |
| 7.0 | CVE-2007-3084 BUGTRAQ XF | ||
Computer Associates -- Common Services Computer Associates -- BrightStor ARCserve Backup Computer Associates -- BrightStor Enterprise Backup Computer Associates -- Anti-Virus | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. |
| 10.0 | CVE-2007-2863 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Computer Associates -- eTrust Anti-Virus SDK Computer Associates -- Common Services Computer Associates -- eTrust EZ Antivirus Computer Associates -- eTrust Antivirus Computer Associates -- eTrust Secure Content Manager Computer Associates -- Unicenter Network and Systems Management Computer Associates -- eTrust Antivirus for the Gateway Computer Associates -- Anti-Virus Computer Associates -- BrightStor ARCserve Backup Computer Associates -- Protection Suites Computer Associates -- eTrust EZ Armor Computer Associates -- Integrated Threat Management Computer Associates -- Internet Security Suite | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. |
| 8.0 | CVE-2007-2864 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Dian Gemilang -- DGNews | SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. |
| 7.0 | CVE-2007-2994 BUGTRAQ BID SECUNIA | ||
Digital River -- eSellerate SDK | Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. |
| 8.0 | CVE-2007-3071 OTHER-REF BID | ||
E-Book Systems -- FlipViewer | Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties. |
| 8.0 | CVE-2007-2919 CERT-VN BID FRSIRT SECUNIA | ||
EQdkp -- EQdkp | SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. |
| 7.0 | CVE-2007-3077 MILW0RM BID FRSIRT SECUNIA XF | ||
F5 -- Firepass 4100 | my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. |
| 7.0 | CVE-2007-3097 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Gaya Design -- ComicSense | SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. |
| 7.0 | CVE-2007-3088 BUGTRAQ | ||
GNU -- screen | ** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue. |
| 7.0 | CVE-2007-3048 FULLDISC FULLDISC FULLDISC FULLDISC XF | ||
Hunkaray Okul -- Portaly | SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-3080 BID | ||
IBM -- Lotus Domino | IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. |
| 8.0 | CVE-2007-0068 OTHER-REF BID FRSIRT SECUNIA | ||
IBM -- AIX | Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." |
| 8.0 | CVE-2007-2996 OTHER-REF AIXAPAR BID SECUNIA | ||
Inout Scripts -- Inout Meta Search Engine | A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. |
| 7.0 | CVE-2007-2988 BUGTRAQ MILW0RM BID BID | ||
K-Letter -- K-Letter | Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. |
| 7.0 | CVE-2007-3118 MILW0RM BID FRSIRT XF | ||
Kartli Alisveris Sistemi -- Kartli Alisveris Sistemi | SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
| 7.0 | CVE-2007-3119 MILW0RM | ||
Macrovision -- Update Service Macrovision -- FLEXnet Connect | Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. |
| 10.0 | CVE-2007-2419 OTHER-REF OTHER-REF SECUNIA | ||
Mbedthis Software -- Mbedthis AppWeb HTTP server | Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. |
| 7.0 | CVE-2007-3008 OTHER-REF OTHER-REF | ||
MeAlex -- My Datebook | SQL injection vulnerability in diary.php in My Datebook allows remote attackers to execute arbitrary SQL commands via the delete parameter. |
| 7.0 | CVE-2007-3063 BUGTRAQ | ||
Microsoft -- Internet Explorer | Race condition in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability." |
| 8.0 | CVE-2007-3091 BUGTRAQ FULLDISC OTHER-REF CERT-VN BID SECTRACK XF | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks. |
| 8.0 | CVE-2007-3092 BUGTRAQ FULLDISC OTHER-REF BID SECTRACK XF | ||
Microsoft -- Internet Explorer Provideo -- Camimage ActiveX Control | Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. |
| 10.0 | CVE-2007-3111 MILW0RM FRSIRT SECUNIA | ||
Mozilla -- Firefox | Mozilla Firefox does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. |
| 10.0 | CVE-2007-3089 BUGTRAQ FULLDISC OTHER-REF OTHER-REF OTHER-REF BID | ||
Mozilla -- Firefox | Mozilla Firefox does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, aka the "dialog refocus bug." |
| 8.0 | CVE-2007-3090 BUGTRAQ FULLDISC OTHER-REF OTHER-REF BID | ||
Mplayer -- Mplayer | Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. |
| 8.0 | CVE-2007-2948 MLIST OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
myWebland -- MyBloggie | Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. |
| 7.0 | CVE-2007-3003 BUGTRAQ BID XF | ||
Nexen -- AdminBot MX | PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. |
| 7.0 | CVE-2007-2986 MILW0RM VIM | ||
Omegasoft -- INterneSErvicesLosungen | Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. |
| 7.0 | CVE-2007-2992 BUGTRAQ BID | ||
Particle Soft -- Particle Gallery | SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. |
| 7.0 | CVE-2007-3065 MILW0RM BID FRSIRT SECUNIA | ||
PBSite -- PBSite | Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php. |
| 7.0 | CVE-2007-3085 BUGTRAQ BUGTRAQ XF | ||
Pheap -- Pheap | Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username. NOTE: this can be leveraged to upload and execute arbitrary PHP code via an update_doc action in edit.php. |
| 10.0 | CVE-2007-2985 MILW0RM | ||
PHP -- PHP | Integer overflow in the chunk_split function in PHP 5 before 5.2.3 has unknown impact and attack vectors. |
| 7.0 | CVE-2007-2872 OTHER-REF | ||
PHP JackKnife -- PHP JackKnife | Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php. |
| 7.0 | CVE-2007-3000 BUGTRAQ BID | ||
php(Reactor) -- php(Reactor) | Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. |
| 7.0 | CVE-2007-3066 BUGTRAQ XF | ||
PostNuke Software Foundation -- PNphpBB | SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. |
| 7.0 | CVE-2007-3052 MILW0RM FRSIRT SECUNIA | ||
RevokeSoft -- RevokeBB | SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie. |
| 7.0 | CVE-2007-3051 BUGTRAQ MILW0RM BID FRSIRT XF | ||
SalesCart -- Shopping Cart | Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. |
| 7.0 | CVE-2007-2997 BUGTRAQ BID XF | ||
Sun -- JDK Sun -- SDK Sun -- JRE | Buffer overflow in the image parsing implementation in the Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets or applications that grant privileges to themselves. |
| 8.0 | CVE-2007-3004 SUNALERT | ||
Sun -- Solaris | Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. |
| 10.0 | CVE-2007-3093 SUNALERT BID | ||
Symantec -- Veritas Storage Foundation | The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create registry values specifying future command execution. |
| 10.0 | CVE-2007-2279 OTHER-REF BID | ||
Symantec -- Symantec Reporting Server | Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. |
| 7.0 | CVE-2007-3021 OTHER-REF | ||
Vonage -- VoIP Telephone Adapter | The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. |
| 7.0 | CVE-2007-3047 BUGTRAQ | ||
Zenturi -- Zenturi ProgramChecker | Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-2987 CERT-VN BID |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Acoustica -- Acoustica MP3 CD Burner | Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. |
| 5.6 | CVE-2007-3006 MILW0RM BID | ||
DVD X Studios -- DVD X Player | Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. |
| 5.6 | CVE-2007-3068 MILW0RM BID FRSIRT SECUNIA XF | ||
Madirish Webmail -- Madirish Webmail | Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-3058 SECUNIA XF | ||
Media Technology Group -- CDPass ActiveX Control | Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-2984 CERT-VN BID | ||
Microsoft -- Frontpage Microsoft -- Office | The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. |
| 4.7 | CVE-2007-3109 BUGTRAQ | ||
Sun -- Solaris | xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence. |
| 4.9 | CVE-2007-3069 SUNALERT BID FRSIRT SECUNIA | ||
Sun -- Solaris | Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. |
| 6.0 | CVE-2007-3094 SUNALERT BID | ||
Symantec -- Symantec Client Security Symantec -- Symantec AntiVirus Symantec -- Symantec Reporting Server | Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. |
| 6.0 | CVE-2007-3095 OTHER-REF BID | ||
Xoops -- icontent Module | PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656. |
| 5.6 | CVE-2007-3057 MILW0RM FRSIRT SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-3043 OTHER-REF BID FRSIRT SECUNIA XF | |||
ADPLAN -- SEO | Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. |
| 1.9 | CVE-2007-3117 OTHER-REF BID SECUNIA | ||
Advanced Software Production Line -- Vortex Library | Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information. |
| 2.3 | CVE-2007-3046 MLIST SECUNIA | ||
Agnitum -- Outpost Firewall | Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. |
| 2.3 | CVE-2007-3086 BUGTRAQ OTHER-REF BID XF | ||
Aigaion -- Aigaion | Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. |
| 2.3 | CVE-2007-3078 OTHER-REF OTHER-REF BID SECUNIA XF | ||
AIOCP -- AIOCP | Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-3120 OTHER-REF SECUNIA | ||
Apache Software Foundation -- Apache HTTP Server | The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information. |
| 2.3 | CVE-2007-1862 OTHER-REF OTHER-REF | ||
BDigital Web Solutions -- WebStudio CMS | Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. |
| 1.9 | CVE-2007-3070 BUGTRAQ BID XF | ||
Beatnik -- Beatnik Player | Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-3110 BID SECUNIA | ||
Buttercup WFM -- Buttercup WFM | Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
| 1.9 | CVE-2007-3049 OTHER-REF BID | ||
CactuSoft -- CactuShop | Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for cactushop6.mdb. |
| 3.3 | CVE-2007-3061 BUGTRAQ | ||
Castle Rock Computing -- SNMPc | The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. |
| 3.3 | CVE-2007-3098 MILW0RM BID SECUNIA XF | ||
Codelib -- Linker | Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-3054 SECUNIA | ||
Codelib -- Linker | Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
| 1.9 | CVE-2007-3055 BUGTRAQ BID FRSIRT SECUNIA | ||
EQdkp -- Attunement and Key | Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. |
| 2.3 | CVE-2007-3067 OTHER-REF FRSIRT SECUNIA | ||
EQdkp -- EQdkp | listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. |
| 2.7 | CVE-2007-3079 FULLDISC XF | ||
Evenzia -- Evenzia CMS | Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. |
| 1.9 | CVE-2007-2991 BUGTRAQ BID | ||
Gnu -- findutils | Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. |
| 3.4 | CVE-2007-2452 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Hitachi -- XP W | Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. |
| 2.3 | CVE-2007-3044 OTHER-REF FRSIRT SECUNIA XF | ||
Hitachi -- TP1 NET OSI-TP-Extended | Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. |
| 2.3 | CVE-2007-3045 OTHER-REF FRSIRT SECUNIA XF | ||
HP -- OpenVMS | The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. |
| 2.3 | CVE-2007-2998 MLIST MLIST SECUNIA | ||
HP -- System Management Homepage | Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-3062 OTHER-REF HP BID FRSIRT SECTRACK SECUNIA XF | ||
IBM -- Lotus Domino Web Server | Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. |
| 3.3 | CVE-2007-0067 OTHER-REF BID FRSIRT SECUNIA XF | ||
IBM -- AIX | Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. |
| 1.9 | CVE-2007-2995 AIXAPAR AIXAPAR SECUNIA | ||
MaraDNS -- MaraDNS | Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
| 2.3 | CVE-2007-3114 OTHER-REF OTHER-REF BID SECUNIA | ||
MaraDNS -- MaraDNS | Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
| 3.3 | CVE-2007-3115 OTHER-REF OTHER-REF BID SECUNIA | ||
MaraDNS -- MaraDNS | Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. |
| 2.3 | CVE-2007-3116 OTHER-REF | ||
Mbedthis Software -- Mbedthis AppWeb HTTP server | Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request. |
| 1.9 | CVE-2007-3009 OTHER-REF | ||
MeAlex -- My Datebook | Cross-site scripting (XSS) vulnerability in diary.php in My Datebook allows remote attackers to inject arbitrary web script or HTML via the year parameter. |
| 1.9 | CVE-2007-3064 BUGTRAQ | ||
Meneame -- Meneame | Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-3042 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Microsoft -- Windows XP | Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element. |
| 3.3 | CVE-2007-0933 OTHER-REF | ||
Microsoft -- Windows XP | Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. |
| 2.7 | CVE-2007-2237 OTHER-REF CERT-VN BID FRSIRT XF | ||
Microsoft -- Windows Server 2003 | Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. |
| 1.9 | CVE-2007-2999 OTHER-REF BID SECUNIA | ||
Microsoft -- Internet Explorer | Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. |
| 3.3 | CVE-2007-3075 OTHER-REF | ||
Mozilla -- Firefox | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. |
| 2.3 | CVE-2007-3072 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Mozilla -- Firefox | Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. |
| 3.3 | CVE-2007-3073 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Mozilla -- Firefox | Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. |
| 2.3 | CVE-2007-3074 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Novell -- Groupwise | Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. |
| 2.3 | CVE-2007-2513 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Omegasoft -- INterneSErvicesLosungen | Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. |
| 1.9 | CVE-2007-2993 BUGTRAQ BID | ||
OSI Codes Inc. -- PHPLive | Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. |
| 1.9 | CVE-2007-3060 BUGTRAQ FULLDISC BID | ||
PBLang -- PBLang | Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. |
| 2.7 | CVE-2007-3096 MILW0RM SECUNIA | ||
PeerCast -- PeerCast | Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. |
| 3.3 | CVE-2007-3087 BUGTRAQ | ||
PHP -- PHP | PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function. |
| 2.3 | CVE-2007-3007 OTHER-REF OTHER-REF | ||
PHP JackKnife -- PHP JackKnife | Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239. |
| 1.9 | CVE-2007-3001 BUGTRAQ BID | ||
PHP JackKnife -- PHP JackKnife | PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. |
| 2.3 | CVE-2007-3002 BUGTRAQ BID | ||
RainbowSoft -- Z-Blog | Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. |
| 3.3 | CVE-2007-3083 BUGTRAQ FRSIRT XF | ||
Sendcard -- Sendcard | SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. |
| 2.3 | CVE-2007-3059 BUGTRAQ | ||
Sendcard -- Sendcard | Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter. |
| 3.3 | CVE-2007-3082 MILW0RM BID FRSIRT XF | ||
Sun -- Solaris | The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. |
| 3.3 | CVE-2007-2989 SUNALERT BID SECUNIA | ||
Sun -- Solaris | Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. |
| 2.3 | CVE-2007-2990 SUNALERT BID SECUNIA | ||
Sun -- JDK Sun -- SDK Sun -- JRE | Unspecified vulnerability in the Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier allows remote attackers to cause a denial of service (JVM hang) via certain untrusted applets or applications. |
| 1.9 | CVE-2007-3005 SUNALERT | ||
Symantec -- Veritas Volume Replicator | The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp). |
| 2.3 | CVE-2007-1593 IDEFENSE OTHER-REF BID | ||
Symantec -- Symantec Client Security Symantec -- Symantec AntiVirus Symantec -- Symantec Reporting Server | Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. |
| 1.9 | CVE-2007-3022 OTHER-REF | ||
The Cacti Group -- Cacti | Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter. |
| 3.3 | CVE-2007-3112 OTHER-REF OTHER-REF OTHER-REF SECUNIA XF | ||
The Cacti Group -- Cacti | Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter. |
| 2.0 | CVE-2007-3113 OTHER-REF OTHER-REF OTHER-REF SECUNIA XF | ||
WebSVN -- WebSVN | Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-3056 BID SECUNIA | ||
Zenturi -- Zenturi ProgramChecker | A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. |
| 3.3 | CVE-2007-3076 OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.