Vulnerability Summary for the Week of August 20, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Checkpoint -- ZoneAlarm | vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. |
| 7.2 | CVE-2007-4216 IDEFENSE | ||
Cisco -- VoIP Phone CP-7940 | The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. |
| 7.1 | CVE-2007-4459 FULLDISC FULLDISC BID FRSIRT SECUNIA | ||
EMC Corporation -- Legato Networker | Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd." |
| 9.3 | CVE-2007-3618 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
eZ Systems -- eZ publish | eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module. |
| 7.8 | CVE-2007-4493 OTHER-REF OTHER-REF OTHER-REF | ||
Firesoft -- Firesoft | PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-4458 BID | ||
Grandstream -- SIP Phone | The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message. |
| 7.8 | CVE-2007-4498 FULLDISC BID XF | ||
Gurer Haber -- Gurer Haber | SQL injection vulnerability in uyeler2.php in Gurer haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-4491 BUGTRAQ BID | ||
id3lib -- id3lib | The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged. |
| 7.2 | CVE-2007-4460 OTHER-REF OTHER-REF BID SECUNIA | ||
Joomla -- BibTex | SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. |
| 7.5 | CVE-2007-4502 MILW0RM | ||
Joomla -- Nice Talk vtest -- ptest | SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. |
| 7.5 | CVE-2007-4503 MILW0RM | ||
Joomla -- NeoRecruit | SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. |
| 7.5 | CVE-2007-4506 MILW0RM | ||
Joomla -- EventList | SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action. |
| 7.5 | CVE-2007-4509 MILW0RM | ||
Lighthouse Development -- Squirrelcart | PHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php. |
| 7.5 | CVE-2007-4439 MILW0RM | ||
Linkliste -- Linkliste | Multiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter. |
| 7.5 | CVE-2007-4486 BUGTRAQ OTHER-REF OTHER-REF | ||
MamboServer -- Mambo Mambo -- RemoSitory | SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. |
| 7.5 | CVE-2007-4505 MILW0RM | ||
Mercury -- Mail Transport System | Stack-based buffer overflow in the SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. |
| 7.5 | CVE-2007-4440 FULLDISC MILW0RM BID FRSIRT SECUNIA | ||
My_REFERER -- My_REFERER | PHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter. |
| 7.5 | CVE-2007-4484 BUGTRAQ OTHER-REF OTHER-REF | ||
Olate -- OlateDownload | Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose an authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area. |
| 9.3 | CVE-2007-4419 BUGTRAQ OTHER-REF BID | ||
Olate -- OlateDownload | SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie. |
| 9.3 | CVE-2007-4421 BUGTRAQ OTHER-REF | ||
Palm -- Palm OS | Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293. |
| 7.1 | CVE-2007-4213 BUGTRAQ OTHER-REF BID | ||
Parkview Consultants -- SimpleFAQ Mambo -- Mambo | SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. |
| 7.5 | CVE-2007-4456 BUGTRAQ MILW0RM BID | ||
rFactor -- rFactor | Multiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID (1) 0x80 or (2) 0x88 to UDP port 34297, related to the buffer containing the server version number. |
| 7.5 | CVE-2007-4444 BUGTRAQ OTHER-REF BID SECUNIA | ||
rFactor -- rFactor | Image Space rFactor 1.250 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) an ID 0x30 packet, (2) an ID 0x38 packet, and an invalid 13-bit integer in (3) an ID 0x60 packet and (4) an ID 0x68 packet; and a denial of service (UDP port block) via (5) an ID 0x20 packet and (6) an ID 0x28 packet. |
| 7.5 | CVE-2007-4445 BUGTRAQ OTHER-REF BID SECUNIA | ||
Sun -- JDK Sun -- JRE Sun -- SDK | Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. |
| 9.3 | CVE-2007-4381 SUNALERT | ||
Symantec -- Enterprise Firewall | The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. |
| 9.3 | CVE-2007-4422 OTHER-REF BID | ||
Toribash -- Toribash | Format string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game. |
| 7.5 | CVE-2007-4446 BUGTRAQ OTHER-REF BID SECUNIA | ||
Toribash -- Toribash | Multiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character. |
| 7.5 | CVE-2007-4447 BUGTRAQ OTHER-REF BID SECUNIA | ||
TorrentTrader -- TorrentTrader | Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php. |
| 7.5 | CVE-2007-4435 OTHER-REF SECUNIA | ||
Trend Micro -- ServerProtect | Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service. |
| 9.3 | CVE-2007-4218 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
Trend Micro -- ServerProtect | Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow. |
| 9.3 | CVE-2007-4219 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
Trend Micro -- ServerProtect | Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO. |
| 10.0 | CVE-2007-4490 OTHER-REF FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
ALeadSoft.com -- Search Engine Builder Professional | Cross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter. |
| 4.3 | CVE-2007-4479 BUGTRAQ OTHER-REF OTHER-REF | ||
American Financing -- eMail Image Upload | Unrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.8 | CVE-2007-4499 BID | ||
Ampache -- Ampache | SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information. |
| 6.8 | CVE-2007-4437 OTHER-REF SECUNIA | ||
Ampache -- Ampache | Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors. |
| 6.8 | CVE-2007-4438 OTHER-REF SECUNIA | ||
Apache -- Apache HTTP Server | The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. |
| 5.0 | CVE-2007-3847 MLIST MLIST MLIST | ||
Apple -- Safari | Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. |
| 4.3 | CVE-2007-4424 BUGTRAQ BUGTRAQ SECTRACK | ||
Apple -- Safari | Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." |
| 6.8 | CVE-2007-4431 OTHER-REF OTHER-REF OTHER-REF BID | ||
Aspindir -- Text File Search | Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field. |
| 4.3 | CVE-2007-4433 OTHER-REF BID | ||
Aspindir -- Text File Search | Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
| 4.3 | CVE-2007-4434 OTHER-REF BID | ||
Asterisk -- AsteriskNOW Asterisk -- Asterisk Asterisk -- Asterisk Appliance Developer Kit | The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created. |
| 5.0 | CVE-2007-4455 FULLDISC OTHER-REF | ||
Butterfly -- Butterfly | PHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter. |
| 6.8 | CVE-2007-4485 BUGTRAQ OTHER-REF OTHER-REF | ||
Cisco -- CLI Cisco -- IOS Cisco -- CBOS Cisco -- IDS Cisco -- IOS_XR | Unspecified vulnerability in Cisco IOS allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access. |
| 5.0 | CVE-2007-4430 OTHER-REF BID | ||
Drupal -- Project Issue Tracking Module Drupal -- Project | The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 does not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity. |
| 5.0 | CVE-2007-4436 OTHER-REF SECUNIA | ||
dscripting.com -- D22-Shoutbox | Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-4487 BUGTRAQ OTHER-REF | ||
eCentrex -- VOIP Client module | Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method. |
| 6.8 | CVE-2007-4489 MILW0RM BID XF | ||
EDraw -- Office Viewer Component | Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169. |
| 6.8 | CVE-2007-4420 MILW0RM BID XF | ||
Epic Games -- Unreal Engine | Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII. |
| 5.0 | CVE-2007-4442 BUGTRAQ SECUNIA | ||
Epic Games -- Unreal Engine | The UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors. |
| 5.0 | CVE-2007-4443 BUGTRAQ SECUNIA | ||
eZ Systems -- eZ publish | The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. |
| 5.0 | CVE-2007-4494 OTHER-REF OTHER-REF OTHER-REF | ||
Florian Mahieu -- Dalai Forum | Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.4 | CVE-2007-4457 BID | ||
Ghisler -- Total Commander Fransois Gannier -- FileInfo plugin | The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file. |
| 5.0 | CVE-2007-4463 BUGTRAQ OTHER-REF OTHER-REF BID | ||
Ghisler -- Total Commander Fransois Gannier -- FileInfo plugin | CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CLRF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which would complicate forensics investigations. |
| 4.3 | CVE-2007-4464 BUGTRAQ OTHER-REF OTHER-REF | ||
IBM -- DB2 Universal Database | IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. |
| 6.0 | CVE-2007-4417 OTHER-REF OTHER-REF AIXAPAR AIXAPAR SECUNIA | ||
IBM -- DB2 Universal Database | IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details. |
| 5.5 | CVE-2007-4418 OTHER-REF AIXAPAR SECUNIA | ||
IBM -- DB2 Universal Database | Unspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service. |
| 5.0 | CVE-2007-4423 OTHER-REF AIXAPAR SECUNIA | ||
Jelsoft -- vBulletin | ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable. |
| 4.3 | CVE-2007-4453 BUGTRAQ BUGTRAQ | ||
Joomla -- RSfiles | Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. |
| 5.0 | CVE-2007-4504 MILW0RM | ||
Kolab -- Kolab Server Clam Anti-Virus -- ClamAV | ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-4510 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA XF XF | ||
Lhaz -- Lhaz | Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116. |
| 6.8 | CVE-2007-4428 OTHER-REF OTHER-REF BID | ||
Live for Speed -- Live for Speed | Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. |
| 6.0 | CVE-2007-4425 BUGTRAQ FULLDISC XF | ||
Live for Speed -- Live for Speed | Live for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference. |
| 5.0 | CVE-2007-4426 BUGTRAQ FULLDISC XF XF | ||
Microsoft -- Internet Explorer | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content. |
| 4.3 | CVE-2007-4478 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
NuFW -- NuFW | NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time. |
| 4.3 | CVE-2007-4461 OTHER-REF SECUNIA | ||
Olate -- OlateDownload | Eval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute. |
| 6.8 | CVE-2007-4454 BUGTRAQ OTHER-REF BID XF | ||
PHP -- PHP | Buffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function. |
| 4.6 | CVE-2007-4441 MILW0RM | ||
PHP -- PHP | Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions. |
| 6.8 | CVE-2007-4507 MILW0RM | ||
Planet Technology Corp -- VC-200M VDSL2 | The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header. |
| 5.0 | CVE-2007-4477 BUGTRAQ OTHER-REF OTHER-REF | ||
Rival Interactive -- Prism Rebellion -- Rogue Trooper | Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query. |
| 6.8 | CVE-2007-4508 BUGTRAQ BID | ||
Siemens -- Gigaset SE361 WLAN router | Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page. |
| 4.3 | CVE-2007-4488 BUGTRAQ | ||
Skype Technologies -- Skype | Unspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem that did not occur because of any attack. As of 20070820, it is not clear whether this issue is simply a symptom of the larger sign-on problem. |
| 5.0 | CVE-2007-4429 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
SSHKeychain -- SSHKeychain | Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors. |
| 6.9 | CVE-2007-4500 MLIST MLIST MLIST BID | ||
Sun -- Java System Application Server | The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. |
| 5.0 | CVE-2007-4511 BUGTRAQ BID XF | ||
SuSE -- SuSE Linux Enterprise Desktop SuSE -- SuSE Linux | Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables. |
| 4.6 | CVE-2007-4432 SUSE | ||
Toribash -- Toribash | The server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1. |
| 5.0 | CVE-2007-4448 BUGTRAQ OTHER-REF BID SECUNIA | ||
Toribash -- Toribash | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command. |
| 5.0 | CVE-2007-4449 BUGTRAQ OTHER-REF BID SECUNIA | ||
Toribash -- Toribash | The server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-???? easier. |
| 5.0 | CVE-2007-4450 BUGTRAQ OTHER-REF BID SECUNIA | ||
Toribash -- Toribash | The server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters. |
| 5.0 | CVE-2007-4451 BUGTRAQ OTHER-REF BID SECUNIA | ||
Toribash -- Toribash | The client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command. |
| 5.0 | CVE-2007-4452 BUGTRAQ OTHER-REF BID SECUNIA | ||
Trend Micro -- AntiSpyware Trend Micro -- PC-Cillin Internet Security 2007 | Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification. |
| 6.9 | CVE-2007-3873 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
WordPress -- Sirius | Cross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-4480 BUGTRAQ OTHER-REF OTHER-REF | ||
WordPress -- Blix | Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-4481 BUGTRAQ OTHER-REF OTHER-REF | ||
WordPress -- Pool | Cross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-4482 BUGTRAQ OTHER-REF OTHER-REF | ||
WordPress -- WordPressClassic | Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-4483 BUGTRAQ OTHER-REF OTHER-REF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
InterSystems -- Cache Database | Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/. |
| 3.5 | CVE-2007-0437 OTHER-REF OTHER-REF OTHER-REF | ||
InterSystems -- Cache Database | Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116. |
| 3.5 | CVE-2007-4427 MLIST | ||
po4a -- po4a | lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file. |
| 3.3 | CVE-2007-4462 OTHER-REF OTHER-REF | ||
SSHKeychain -- SSHKeychain | Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection." |
| 1.9 | CVE-2007-4501 MLIST MLIST MLIST BID | ||
Sun -- Solaris | Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123. |
| 2.1 | CVE-2007-4492 SUNALERT BID FRSIRT SECUNIA | ||
Sun -- Solaris | Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124. |
| 2.1 | CVE-2007-4495 SUNALERT BID FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.