Vulnerability Summary for the Week of August 13, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apache -- Tomcat | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks. |
| 10.0 | CVE-2007-3382 BUGTRAQ BUGTRAQ OTHER-REF CERT-VN | ||
Apache -- Tomcat | Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. |
| 10.0 | CVE-2007-3385 BUGTRAQ CERT-VN | ||
Article Dashboard -- Article Dashboard | SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-4332 SECUNIA | ||
ESRI -- ArcGIS | Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call. |
| 7.5 | CVE-2007-4278 IDEFENSE | ||
fedoraproject -- Commons | Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response," and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. |
| 8.5 | CVE-2007-4364 OTHER-REF OTHER-REF SECUNIA | ||
Haudenschilt -- Family Connections | index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and earlier allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter. |
| 7.5 | CVE-2007-4338 BUGTRAQ BID SECUNIA | ||
IBM -- AIX | Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. |
| 7.2 | CVE-2007-4354 OTHER-REF AIXAPAR AIXAPAR BID SECTRACK SECUNIA | ||
IBM -- AIX | Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. |
| 7.2 | CVE-2007-4355 OTHER-REF BID | ||
Microsoft -- Virtual Server Microsoft -- Virtual PC for Mac Microsoft -- Virtual PC | Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." |
| 9.3 | CVE-2007-0948 MS BID SECTRACK SECUNIA | ||
Microsoft -- Internet Explorer | Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. |
| 9.3 | CVE-2007-1749 BUGTRAQ OTHER-REF MS CERT-VN BID SECTRACK SECUNIA | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in the tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to an incorrect IObjectsafety implementation and Microsoft Visual Basic 6 objects, aka "ActiveX Object Vulnerability." |
| 7.5 | CVE-2007-2216 | ||
Microsoft -- XML Core Services | Unspecified vulnerability in Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. |
| 9.3 | CVE-2007-2223 MS | ||
Microsoft -- Office Microsoft -- Visual Basic | Unspecified vulnerability in Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and Sp2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. |
| 9.3 | CVE-2007-2224 MS | ||
Microsoft -- windows | Unspecified vulnerability in the Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted image. |
| 9.3 | CVE-2007-3034 MS | ||
Microsoft -- Media Player | Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information. |
| 7.6 | CVE-2007-3035 MS | ||
Microsoft -- Media Player | Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression. |
| 7.6 | CVE-2007-3037 MS | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka " ActiveX Object Memory Corruption Vulnerability." |
| 9.3 | CVE-2007-3041 MS | ||
Microsoft -- Office Microsoft -- Excel | Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption. |
| 9.3 | CVE-2007-3890 MS | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file. |
| 9.3 | CVE-2007-4356 OTHER-REF SECUNIA | ||
Ncaster -- Ncaster | PHP remote file inclusion vulnerability in admin/addons/archive/archive.php in Ncaster 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. |
| 7.5 | CVE-2007-4320 MILW0RM BID XF | ||
Netgear -- ReadyNAS RAIDiator | NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. |
| 10.0 | CVE-2007-4361 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Omnistar -- Lib2 PHP Library | PHP remote file inclusion vulnerability in adm/my_statistics.php in Omnistar Lib2 PHP 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. |
| 7.5 | CVE-2007-4341 BUGTRAQ BID | ||
Opera Software -- Opera Web Browser | Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer." |
| 9.3 | CVE-2007-4367 OTHER-REF BID SECUNIA | ||
Php Blue Dragon -- Php Blue Dragon CMS | SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a "print articles" action. |
| 7.5 | CVE-2007-4312 MILW0RM BID | ||
PHPCentral -- Poll Script | Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. |
| 7.5 | CVE-2007-4339 BUGTRAQ | ||
PHPCentral -- Login | PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. |
| 7.5 | CVE-2007-4342 BUGTRAQ | ||
phpDVD -- phpDVD | PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the dvd_config_file parameter. |
| 7.5 | CVE-2007-4340 BUGTRAQ | ||
Racer -- Racer | Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000. |
| 7.5 | CVE-2007-4370 MILW0RM BID |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AC Zoom -- BlockHosts | BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765. |
| 6.8 | CVE-2007-4322 OTHER-REF OTHER-REF | ||
Adobe -- Flash | ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash (SWF) movie that specifies a connection to make, then using timing discrepancies from the SecurityErrorEvent error to determine whether a host is open or not. |
| 5.0 | CVE-2007-4324 BUGTRAQ | ||
Apache -- Tomcat | Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests. |
| 4.3 | CVE-2007-3386 BUGTRAQ OTHER-REF | ||
Article Dashboard -- Article Dashboard | Multiple cross-site scripting (XSS) vulnerabilities in signup.php in Article Dashboard allow remote attackers to inject arbitrary web script or HTML via the (1) f_emailaddress, (2) f_reemailaddress, and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-4333 SECUNIA | ||
Aspindir -- Dersimiz Haber Ekleme Modulu | Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp in Dersimiz Haber Ekleme Modulu allow remote attackers to inject arbitrary web script or HTML via the (1) yazan, (2) mail, and (3) yorum parameters. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-4297 OTHER-REF SECUNIA | ||
ATI Technologies -- Display Driver | The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows local users to bypass the driver signing policy, write to arbitrary kernel memory locations, and thereby gain privileges via unspecified vectors, as demonstrated by "Purple Pill". |
| 6.9 | CVE-2007-4315 OTHER-REF OTHER-REF BID | ||
Cerb -- CerbNG | Multiple race conditions in (1) certain rules and (2) argument copying during VM protection, in CerbNG for FreeBSD 4.8 allow local users to defeat system call interposition and possibly gain privileges or bypass auditing, as demonstrated by modifying command lines in log-exec.cb. |
| 6.2 | CVE-2007-4303 OTHER-REF BID | ||
Cerb -- CerbNG | CerbNG for FreeBSD 4.8 does not properly implement VM protection when attempting to prevent system call wrapper races, which allows local users to have an unknown impact related to an "incorrect write protection of pages". |
| 6.2 | CVE-2007-4304 OTHER-REF | ||
CTW Design -- FindNix | PHP remote file inclusion vulnerability in index.php in FindNix allows remote attackers to include the contents of arbitrary URLs and conduct cross-site scripting (XSS) attacks via a URL in the page parameter. |
| 4.3 | CVE-2007-4331 BUGTRAQ | ||
Dell -- Remote Access Card | Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with firmware 1.50 Build 02.16 allows remote attackers to cause a denial of service (SSH daemon crash) via certain network traffic, as demonstrated by an "nmap -O" scan with nmap 4.03, possibly related to a Mocana (Mocanada) SSH vulnerability. |
| 4.3 | CVE-2007-4360 BUGTRAQ BUGTRAQ BID | ||
DenyHosts -- DenyHosts | DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. |
| 6.8 | CVE-2007-4323 OTHER-REF | ||
Diskeeper -- Diskeeper | The administrative interface (aka DkService.exe) in Diskeeper 9 Professional, 2007 Pro Premier, and probably other versions exposes a memory comparison function via RPC over TCP, which allows remote attackers to (1) obtain sensitive information (process memory contents), as demonstrated by an attack that obtains module base addresses to defeat Address Space Layout Randomization (ASLR); or (2) cause a denial of service (application crash) via an out-of-bounds address. |
| 5.8 | CVE-2007-4375 FULLDISC BID SECUNIA XF XF | ||
Drupal -- Content Construction Kit | Multiple cross-site scripting (XSS) vulnerabilities in the nodereference module in Drupal Content Construction Kit (CCK) before 4.7.x-1.6, and 5.x before 5.x-1.6 ,allow remote attackers to inject arbitrary web script or HTML via nodereference fields, when using (1) the plain formatter or (2) the autocomplete text field widget without Views.module. |
| 4.3 | CVE-2007-4363 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
exV2 -- Content Management System | Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a set_lang cookie to an unspecified component. NOTE: this may overlap CVE-2007-1965. |
| 4.3 | CVE-2007-4365 BUGTRAQ OTHER-REF | ||
Fail2Ban -- Fail2Ban | fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302. |
| 6.8 | CVE-2007-4321 OTHER-REF GENTOO | ||
freshmeat -- sysstat | The init script (sysstat.in) in sysstat creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code. |
| 4.4 | CVE-2007-3852 OTHER-REF | ||
freshmeat -- Generic Software Wrappers Toolkit | Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing. |
| 6.2 | CVE-2007-4302 OTHER-REF BID | ||
Hotscripts -- Neuron Blog | Unrestricted file upload vulnerability in admin/pages/blog-add.php in Neuron Blog 1.1 allows remote attackers to upload and execute arbitrary PHP files in uploads/. |
| 6.8 | CVE-2007-4371 BUGTRAQ XF | ||
IBM -- AIX | Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. |
| 6.9 | CVE-2007-4353 OTHER-REF AIXAPAR AIXAPAR BID SECTRACK SECUNIA | ||
IBM -- Rational ClearQuest | SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. |
| 6.8 | CVE-2007-4368 BUGTRAQ MILW0RM BID | ||
Lenovo -- Access Support Lenovo -- Automated Solutions | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), does not properly validate digital signatures of downloaded software, which makes it easier for remote attackers to spoof a download. |
| 5.8 | CVE-2007-2240 OTHER-REF MS CERT-VN BID | ||
Lenovo -- Access Support Lenovo -- Automated Solutions | Format string vulnerability in the IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), allows remote attackers to execute arbitrary code via format string specifiers in unknown data. |
| 5.8 | CVE-2007-2928 OTHER-REF MS CERT-VN BID | ||
Lenovo -- Access Support Lenovo -- Automated Solutions | The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows remote attackers to download arbitrary code onto a client system and execute this code. |
| 5.8 | CVE-2007-2929 OTHER-REF MS CERT-VN BID | ||
Linux -- Kernel | The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 does not properly perform reseed operations, which has unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2007-4311 OTHER-REF FRSIRT | ||
Mapos Scripts -- Gaestebuch | PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. |
| 6.8 | CVE-2007-4325 BUGTRAQ BID | ||
Mapos Scripts -- Bilder Uploader | Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php, (2) bild.php, (3) feed.php, (4) mitglieder.php, (5) online.php, (6) profil.php, and possibly other unspecified PHP scripts. |
| 6.8 | CVE-2007-4326 BUGTRAQ | ||
Mapos Scripts -- File Uploader | Multiple PHP remote file inclusion vulnerabilities in File Uploader 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php or (2) datei.php. |
| 6.8 | CVE-2007-4327 BUGTRAQ BID | ||
Mapos Scripts -- Bilder Galerie | Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. |
| 6.8 | CVE-2007-4328 BUGTRAQ BID | ||
Mapos Scripts -- Web News | Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php. |
| 6.8 | CVE-2007-4329 BUGTRAQ BID | ||
Mapos Scripts -- Shoutbox | PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| 6.8 | CVE-2007-4330 BUGTRAQ BID | ||
Microsoft -- Internet Explorer | Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing. |
| 6.8 | CVE-2007-0943 MS | ||
Microsoft -- windows | Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported. |
| 6.8 | CVE-2007-3032 BID SECTRACK SECUNIA | ||
Microsoft -- windows | Unspecified vulnerability in Windows Vista Feed Headlines Gadgets in Windows Vista allows remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes. |
| 6.8 | CVE-2007-3033 MS BID SECTRACK SECUNIA | ||
Microsoft -- windows | Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes. |
| 6.8 | CVE-2007-3891 MS BID SECTRACK SECUNIA | ||
Microsoft -- DirectX Media | Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value. |
| 4.3 | CVE-2007-4336 MILW0RM CERT-VN FRSIRT SECUNIA | ||
Motive Incorporated -- Self Service Manager Motive Incorporated -- Service Activation Manager | Multiple stack-based buffer overflows in the Motive ActiveEmailTest.EmailData (ActiveUtils EmailData) ActiveX control in ActiveUtils.dll in Motive Service Activation Manager 5.1 and Self Service Manager 5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors. |
| 6.8 | CVE-2007-0319 OTHER-REF MS CERT-VN BID | ||
Mozilla -- Firefox | Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. |
| 5.0 | CVE-2007-4357 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF | ||
NetWin -- SurgeMail | Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long argument to the SEARCH command. NOTE: this might overlap CVE-2007-4372. |
| 6.0 | CVE-2007-4377 FULLDISC MILW0RM BID FRSIRT SECUNIA XF | ||
Php Blue Dragon -- Php Blue Dragon CMS | PHP remote file inclusion vulnerability in public_includes/pub_blocks/activecontent.php in Php Blue Dragon CMS 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter, a different vector than CVE-2006-2392, CVE-2006-3076, and CVE-2006-6958. |
| 6.8 | CVE-2007-4313 MILW0RM BID | ||
PHP-Stats -- PHP-Stats | Cross-site scripting (XSS) vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter. |
| 4.3 | CVE-2007-4334 BUGTRAQ BID SECUNIA | ||
phpMyAdmin -- phpMyAdmin | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7. |
| 4.3 | CVE-2007-4306 OTHER-REF | ||
Pixlie -- Pixlie | pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service. |
| 6.8 | CVE-2007-4314 MILW0RM | ||
ProZIlla -- Webring | SQL injection vulnerability in category.php in Prozilla Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| 6.8 | CVE-2007-4362 MILW0RM BID SECUNIA | ||
Qbik -- WinGate | Format string vulnerability in the SMTP server component in Qbik WinGate 5.x and 6.x before 6.2.2 allows remote attackers to cause a denial of service (service crash) via format string specifiers in certain unexpected commands, which trigger a crash during error logging. |
| 5.0 | CVE-2007-4335 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
RndLabs -- Babo Violent | The server in Babo Violent 2 2.08.00 and earlier does not properly implement password protection, which might allow remote attackers to bypass authentication by reconnecting after a connection closes. |
| 6.8 | CVE-2007-4373 BUGTRAQ OTHER-REF | ||
RndLabs -- Babo Violent | Babo Violent 2 2.08.00 does not validate the sender field of a chat message composed by a client, which allows remote authenticated users to spoof messages. |
| 4.0 | CVE-2007-4374 BUGTRAQ OTHER-REF | ||
RndLabs -- Babo Violent | Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and earlier allow remote attackers to execute arbitrary code via format string specifiers in (1) a message or (2) certain data associated with an admin login. |
| 6.8 | CVE-2007-4378 BUGTRAQ OTHER-REF BID SECUNIA | ||
RndLabs -- Babo Violent | Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a denial of service (application crash) via (1) a value greater than 0x27 for the (a) 0xca, (b) 0xcb, (c) 0xcc, (d) 0xce, (e) 0xcf, or (f) 0xd0 data ID; (2) a nonexistent map name; or (3) a UDP packet that specifies a large data size. |
| 4.3 | CVE-2007-4379 BUGTRAQ OTHER-REF BID SECUNIA | ||
Rsync -- Rsync | Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. |
| 6.8 | CVE-2007-4091 OTHER-REF OTHER-REF BID | ||
SkilMatch Staffing Systems -- JobLister3 | Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems JobLister3 allow remote attackers to execute arbitrary SQL commands via (1) the search form or (2) the jobid parameter to index.php in a showbyID action. |
| 6.8 | CVE-2007-4359 BUGTRAQ BID | ||
SOTE -- SOTEeSKLEP | Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| 5.0 | CVE-2007-4369 BUGTRAQ BUGTRAQ MILW0RM BID XF | ||
Storesprite -- Storesprite | Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 and earlier allow remote attackers to inject arbitrary web script or HTML via the next parameter to (1) addaddress.php, (2) editshipdetails.php, (3) register.php, or (4) login.php in secure/. |
| 4.3 | CVE-2007-4307 OTHER-REF | ||
Streamripper -- Streamripper | Buffer overflow in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allows remote attackers to execute arbitrary code via long HTTP headers, a different vulnerability than CVE-2006-3124. |
| 4.3 | CVE-2007-4337 OTHER-REF OTHER-REF BID SECUNIA | ||
Sun -- Solaris | The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. |
| 4.3 | CVE-2007-4310 BUGTRAQ BUGTRAQ | ||
Symantec -- Altiris Deployment Solution 6 | Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 (6.8.378) allows local users to gain local System privileges via the Log File Viewer. |
| 6.6 | CVE-2007-4380 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Szymon Kosok -- Best Top List | Unrestricted file upload vulnerability in banner-upload.php in Szymon Kosok Best Top List allows remote attackers to upload and execute arbitrary PHP files in banners/. |
| 6.8 | CVE-2007-4376 BUGTRAQ BID XF | ||
Todd Miller -- Sudo Sysjail -- Sysjail Systrace -- Systrace | Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing. |
| 6.2 | CVE-2007-4305 OTHER-REF BID | ||
WebCart -- WebCart | Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-4301 OTHER-REF OTHER-REF BID SECUNIA | ||
Wengo -- WengoPhone | WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header. |
| 5.0 | CVE-2007-4366 BUGTRAQ MILW0RM BID XF | ||
Zoidcom -- Zoidcom | Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643. |
| 4.3 | CVE-2007-4358 BUGTRAQ OTHER-REF BID | ||
ZyXEL -- Zywall 2 ZyXEL -- ZyNOS | The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device has a certain default password, which allows remote attackers to perform administrative actions. |
| 4.3 | CVE-2007-4316 BUGTRAQ OTHER-REF XF | ||
ZyXEL -- Zywall 2 ZyXEL -- ZyNOS | Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General_1 with the (1) sysSystemName and (2) sysDomainName parameters. |
| 4.3 | CVE-2007-4317 BUGTRAQ OTHER-REF BID XF | ||
ZyXEL -- Zywall 2 ZyXEL -- ZyNOS | Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter. |
| 4.3 | CVE-2007-4318 BUGTRAQ OTHER-REF BID XF | ||
ZyXEL -- Zywall 2 ZyXEL -- ZyNOS | The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE. |
| 4.0 | CVE-2007-4319 BUGTRAQ OTHER-REF BID |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adaptec -- AACRAID controller | The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. |
| 1.9 | CVE-2007-4308 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
IBM -- Lotus Notes | IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. |
| 3.5 | CVE-2007-4309 OTHER-REF OTHER-REF SECTRACK | ||
Linux -- Kernel | Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). |
| 1.9 | CVE-2007-3848 MLIST OTHER-REF | ||
Linux -- Kernel | The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. |
| 1.0 | CVE-2007-3851 OTHER-REF SECUNIA | ||
NetWin -- SurgeMail | Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. |
| 0.0 | CVE-2007-4372 OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.