Vulnerability Summary for the Week of November 12, 2007
Released
Nov 19, 2007
Document ID
SB07-323
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X Apple -- Mac OS X Server | CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. |
| 7.5 | CVE-2007-4679 APPLE | ||
| Apple -- Mac OS X Apple -- Mac OS X Server | CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. |
| 7.5 | CVE-2007-4680 APPLE | ||
| ACDsee -- Pro Photo Manager ACDsee -- Photo Editor ACDsee -- Photo Manager | Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow. |
| 9.3 | CVE-2007-4344 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| AOL -- Radio | Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods. |
| 10.0 | CVE-2007-5755 IDEFENSE BID FRSIRT SECTRACK SECUNIA XF | ||
| Apple -- Mac OS X | The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach thread or thread exception port, which allows local users to execute arbitrary code by writing to the address space of a privileged process. |
| 7.2 | CVE-2007-3749 APPLE | ||
| Apple -- Mac OS X | Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ioctl request to an AppleTalk socket. |
| 7.2 | CVE-2007-4267 APPLE | ||
| Apple -- Mac OS X | An "arithmetic error" in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message that triggers a buffer overflow. |
| 7.2 | CVE-2007-4268 APPLE | ||
| Apple -- Mac OS X | Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow. |
| 7.2 | CVE-2007-4269 IDEFENSE APPLE | ||
| Apple -- Quicktime | AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. |
| 7.1 | CVE-2007-4678 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." |
| 7.2 | CVE-2007-4685 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or execute arbitrary code via a crafted ioctl request. |
| 7.2 | CVE-2007-4686 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. |
| 9.3 | CVE-2007-4687 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Double-free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. |
| 10.0 | CVE-2007-4689 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. |
| 9.0 | CVE-2007-4690 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. |
| 10.0 | CVE-2007-4691 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields." |
| 7.2 | CVE-2007-4693 APPLE | ||
| Apple -- Safari | The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions. |
| 7.5 | CVE-2007-4699 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. |
| 7.5 | CVE-2007-4700 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions. |
| 10.0 | CVE-2007-4702 APPLE OTHER-REF | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The Application Firewall in Apple Mac OS X 10.5 does not prevent a root-owned executable from accepting incoming connections, even when "Block incoming connections" has been set for that executable, which might allow remote attackers or local root processes to bypass intended access restrictions. |
| 10.0 | CVE-2007-4703 APPLE OTHER-REF | ||
| Apple -- Mac OS X | The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted again, which might allow attackers to bypass intended access restrictions. |
| 10.0 | CVE-2007-4704 APPLE OTHER-REF | ||
| Autonomy -- KeyView Viewer SDK Autonomy -- KeyView Export SDK Autonomy -- KeyView Filter SDK | Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 9.3 | CVE-2007-6008 SECUNIA | ||
| BTI-Tracker -- BTI-Tracker | blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field. |
| 7.5 | CVE-2007-5988 OTHER-REF OTHER-REF SECUNIA XF | ||
| bug software -- bughotel reservation system | Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-6011 BID | ||
| datecomm -- Social Networking Script | SQL injection vulnerability in index.php in datecomm Social Networking Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-5992 BID | ||
| E-Vendejo -- 0.2 | SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-5951 OTHER-REF SECUNIA | ||
| EXO -- ExoPHPDesk | SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. |
| 7.5 | CVE-2007-5991 BUGTRAQ BID | ||
| HP -- HP-UX | Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access. |
| 7.2 | CVE-2007-5946 HP BID SECTRACK | ||
| IBM -- Informix Dynamic Server | Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows attackers to have an unknown impact via directory traversal sequences in the DBLANG environment variable. |
| 7.2 | CVE-2007-5956 OTHER-REF AIXAPAR BID FRSIRT SECUNIA XF | ||
| JPortal -- JPortal Web Portal | SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
| 7.5 | CVE-2007-5973 MILW0RM BID XF | ||
| JPortal -- JPortal Web Portal | SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. |
| 7.5 | CVE-2007-5974 MILW0RM BID XF | ||
| Justin Hagstrom -- AutoIndex PHP Script | classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation." |
| 7.8 | CVE-2007-5984 BUGTRAQ OTHER-REF BID | ||
| Microsoft -- windows-nt | The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors. |
| 7.8 | CVE-2007-3898 BUGTRAQ OTHER-REF MS CERT-VN BID SECTRACK SECUNIA XF | ||
| Novell -- Novell client | NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations. |
| 7.2 | CVE-2007-5667 IDEFENSE OTHER-REF FRSIRT SECUNIA | ||
| Pioneers -- Pioneers | Pioneers before 0.11.3 allows remote attackers to cause a denial of service (crash) by causing a "Broken pipe" error, which triggers a delete operation while the Session object is still being used. |
| 7.8 | CVE-2007-5933 OTHER-REF OTHER-REF | ||
| Pioneers -- Pioneers | Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933. |
| 7.8 | CVE-2007-6010 OTHER-REF | ||
| redhat -- rhel_cluster redhat -- Conga | The ricci daemon in Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections. |
| 7.8 | CVE-2007-4136 OTHER-REF REDHAT SECTRACK | ||
| softbizscripts -- Link Directory Script | SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. |
| 7.5 | CVE-2007-5996 MILW0RM BID XF | ||
| softbizscripts -- Softbiz Auctions Script | SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-5999 MILW0RM BID XF | ||
| Sun -- Net Connect Software | Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. |
| 7.2 | CVE-2007-3880 IDEFENSE SUNALERT BID FRSIRT SECUNIA | ||
| Testlink -- testlink | TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors. |
| 10.0 | CVE-2007-6006 OTHER-REF SECUNIA | ||
| toko -- instan | Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action. |
| 7.5 | CVE-2007-6004 MILW0RM BID | ||
| Ubuntu -- Linux kernel | The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. |
| 7.8 | CVE-2006-7229 OTHER-REF | ||
| XOOPS -- MyLinks Module | SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. |
| 7.5 | CVE-2007-5978 BUGTRAQ BID XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X Apple -- Mac OS X Server | Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possible execute arbitrary code via a crafted directory hierarchy. |
| 4.4 | CVE-2007-4681 APPLE | ||
| Apple -- Mac OS X Apple -- Mac OS X Server | CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. |
| 4.3 | CVE-2007-4682 APPLE | ||
| Apple -- Mac OS X Apple -- Mac OS X Server | Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. |
| 4.6 | CVE-2007-4683 APPLE | ||
| ACDsee -- Pro Photo Manager ACDsee -- Photo Editor ACDsee -- Photo Manager | Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow. |
| 6.8 | CVE-2007-6007 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| ACDsee -- Pro Photo Manager ACDsee -- Photo Editor ACDsee -- Photo Manager | Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows. |
| 6.8 | CVE-2007-6009 OTHER-REF | ||
| Adobe -- ColdFusion Adobe -- ColdFusion MX | Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability. |
| 6.8 | CVE-2007-5905 OTHER-REF OTHER-REF BID SECTRACK | ||
| Adobe -- Shockwave | Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method. |
| 5.0 | CVE-2007-5941 MILW0RM BID | ||
| Apple -- Mac OS X | Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via crafted arguments to the i386_set_ldt system call. |
| 6.9 | CVE-2007-4684 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. |
| 5.0 | CVE-2007-4688 APPLE | ||
| Apple -- Safari | The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. |
| 4.3 | CVE-2007-4692 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. |
| 4.3 | CVE-2007-4694 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. |
| 4.3 | CVE-2007-4695 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. |
| 4.3 | CVE-2007-4696 APPLE | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption. |
| 6.8 | CVE-2007-4697 APPLE | ||
| Apple -- Safari | Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame. |
| 4.3 | CVE-2007-4698 APPLE | ||
| Bandersnatch -- Bandersnatch | Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages. |
| 5.0 | CVE-2007-5942 OTHER-REF XF | ||
| Bandersnatch -- Bandersnatch | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. |
| 4.3 | CVE-2007-6001 OTHER-REF XF | ||
| BTI-Tracker -- BTI-Tracker | Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. |
| 4.3 | CVE-2007-5985 OTHER-REF OTHER-REF OTHER-REF SECUNIA XF XF | ||
| BTI-Tracker -- BTI-Tracker | SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 5.0 | CVE-2007-5986 OTHER-REF OTHER-REF SECUNIA XF | ||
| BTI-Tracker -- BTI-Tracker | details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest. |
| 6.8 | CVE-2007-5987 OTHER-REF OTHER-REF SECUNIA XF | ||
| eggblog -- eggblog | Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-5980 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
| EXO -- ExoPHPDesk | Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile. |
| 4.3 | CVE-2007-5990 BUGTRAQ BID | ||
| F5 -- Firepass 4100 | Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. |
| 4.3 | CVE-2007-5979 BUGTRAQ OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Fenrir -- Grani Fenrir -- Sleipnir | Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. |
| 4.3 | CVE-2007-6002 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA SECUNIA | ||
| getmiro -- Broadcast Machine | Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter. |
| 4.3 | CVE-2007-3694 BUGTRAQ BID XF | ||
| helioscalendar -- Helios Calendar | Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5952 BID SECUNIA | ||
| IBM -- WebSphere Application Server | Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. |
| 4.3 | CVE-2007-5944 OTHER-REF AIXAPAR FRSIRT | ||
| IBM -- Informix Dynamic Server | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. |
| 4.9 | CVE-2007-5957 OTHER-REF AIXAPAR BID FRSIRT SECUNIA XF | ||
| JLMForo System -- JLMForo System | Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5954 BID | ||
| Justin Hagstrom -- AutoIndex PHP Script | Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). |
| 4.3 | CVE-2007-5983 BUGTRAQ OTHER-REF SECUNIA | ||
| KDE -- Konqueror | KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. |
| 5.0 | CVE-2007-6000 BUGTRAQ BID XF | ||
| Lantronix -- SCS3200 | Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2007-5981 BID SECUNIA XF | ||
| Linux -- Kernel | The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| 5.0 | CVE-2007-5501 OTHER-REF | ||
| Mozilla -- Firefox | The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. |
| 4.3 | CVE-2007-5947 OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECUNIA | ||
| NetCommons -- NetCommons | Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165. |
| 4.3 | CVE-2007-5950 OTHER-REF OTHER-REF SECUNIA | ||
| nss_ldap -- nss_ldap | Race condition in nss_ldap, when used in applications that use pthread and fork after a call to nss_ldap, does not properly handle the LDAP connection, which might cause nss_ldap to return the wrong user data to the wrong process. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected. |
| 5.0 | CVE-2007-5794 OTHER-REF OTHER-REF MLIST MLIST | ||
| OrangeHRM -- OrangeHRM | The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.0 | CVE-2007-5931 OTHER-REF BID FRSIRT XF | ||
| PCRE -- PCRE | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. |
| 6.8 | CVE-2006-7227 OTHER-REF OTHER-REF REDHAT SECUNIA | ||
| PCRE -- PCRE | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. |
| 6.8 | CVE-2006-7228 OTHER-REF OTHER-REF SECUNIA | ||
| PCRE -- PCRE | Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. |
| 5.0 | CVE-2006-7230 OTHER-REF | ||
| PEAR -- Structures_DataGrid_DataSource_MDB2 | The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site. |
| 4.3 | CVE-2007-5934 OTHER-REF OTHER-REF MLIST BID SECUNIA | ||
| php-tools -- patBBcode | PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. |
| 6.8 | CVE-2007-5995 MILW0RM BID | ||
| phpMyAdmin -- phpMyAdmin | SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. |
| 6.5 | CVE-2007-5976 OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Really Simple CalDAV Store -- Really Simple CalDAV Store | Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors. |
| 5.0 | CVE-2007-5953 OTHER-REF FRSIRT | ||
| ruby-lang -- Ruby | The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162. |
| 5.0 | CVE-2007-5770 OTHER-REF OTHER-REF REDHAT REDHAT SECUNIA SECUNIA SECUNIA | ||
| script-fun -- SF-Shoutbox | Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters. |
| 4.3 | CVE-2007-5948 OTHER-REF BID SECUNIA | ||
| Simple Machines -- Simple Machines Forum | Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message. |
| 5.0 | CVE-2007-5943 BUGTRAQ | ||
| softbizscripts -- Banner Exchange Network Script | SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| 6.5 | CVE-2007-5997 MILW0RM BID XF | ||
| softbizscripts -- Ad Management plus Script | SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. |
| 6.5 | CVE-2007-5998 MILW0RM BID XF | ||
| Thomson -- SpeedTouch | Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-6003 SECUNIA XF | ||
| TorrentStrike -- TorrentStrike | SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. |
| 6.5 | CVE-2007-5975 BUGTRAQ BID SECUNIA | ||
| tug -- TeXlive 2007 teTeX -- teTeX | Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. |
| 6.8 | CVE-2007-5935 OTHER-REF OTHER-REF | ||
| tug -- TeXlive 2007 teTeX -- teTeX | Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute execute arbitrary code via a crafted DVI input file. |
| 6.8 | CVE-2007-5937 OTHER-REF OTHER-REF | ||
| tug -- TeXlive 2007 | feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file. |
| 4.6 | CVE-2007-5940 OTHER-REF | ||
| UPDIR -- UPDIR.NET | Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-5955 OTHER-REF OTHER-REF SECUNIA | ||
| USVN -- USVN | USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors. |
| 5.0 | CVE-2007-5945 OTHER-REF OTHER-REF BID | ||
| vtls -- vtls.web.gateway | Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. |
| 4.3 | CVE-2007-5993 BUGTRAQ | ||
| WebEx Communications -- WebEx GPCContainer ActiveX Control | Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method. |
| 4.3 | CVE-2007-6005 FULLDISC BID XF | ||
| WinPcap -- WinPcap | Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests. |
| 6.9 | CVE-2007-5756 IDEFENSE OTHER-REF BID FRSIRT SECUNIA | ||
| X7 Group -- X7 Chat | Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. |
| 4.3 | CVE-2007-5982 OTHER-REF BID SECUNIA | ||
| yappa-ng -- yappa-ng | PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter. |
| 6.8 | CVE-2007-5994 OTHER-REF BID |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X Server Apple -- Mac OS X | WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. |
| 2.1 | CVE-2007-4701 APPLE | ||
| IBM -- Tivoli Service Desk | Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action. |
| 3.5 | CVE-2007-5949 AIXAPAR BID FRSIRT SECUNIA XF | ||
| phpMyAdmin -- phpMyAdmin | Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942. |
| 3.5 | CVE-2007-5977 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| tug -- TeXlive 2007 teTeX -- teTeX | dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. |
| 3.6 | CVE-2007-5936 OTHER-REF OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.