Vulnerability Summary for the Week of November 26, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Amensa-Soft -- K+B-Bestellsystem | kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action. |
| 10.0 | CVE-2007-6176 BUGTRAQ MILW0RM BID SECUNIA XF | ||
Apple -- Mac OS X | Mail in Apple Mac OS X Leopard allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. |
| 9.3 | CVE-2007-6165 OTHER-REF CERT-VN BID FRSIRT SECUNIA | ||
Apple -- Quicktime | Stack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows remote attackers to execute arbitrary code via a long Real Time Streaming Protocol (RTSP) Content-Type header. |
| 9.3 | CVE-2007-6166 MILW0RM OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
BitDefender -- Online Anti-Virus Scanner | A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow. |
| 9.3 | CVE-2007-6189 BUGTRAQ MILW0RM OTHER-REF FRSIRT SECTRACK SECUNIA | ||
Digium -- Asterisk | SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| 7.5 | CVE-2007-6171 OTHER-REF | ||
Dora Emlak -- Dora Emlak | Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp. |
| 7.5 | CVE-2007-6140 OTHER-REF BID SECUNIA | ||
Easy Hosting Control Panel -- Easy Hosting Control Panel | Multiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/. |
| 7.5 | CVE-2007-6178 MILW0RM | ||
Ethereal Group -- Ethereal Wireshark -- Wireshark | The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
| 7.8 | CVE-2007-6118 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Ethereal Group -- Ethereal Wireshark -- Wireshark | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. |
| 7.8 | CVE-2007-6121 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Eurologon -- Eurologon CMS | Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. |
| 7.5 | CVE-2007-6164 BUGTRAQ MILW0RM BID | ||
Eurologon -- Eurologon CMS | Directory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials. |
| 7.5 | CVE-2007-6185 BUGTRAQ MILW0RM | ||
Flor de Utopia -- WorkingOnWeb | SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. |
| 7.5 | CVE-2007-6128 MILW0RM BID | ||
GOUAE -- DWD Realty | SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6163 BUGTRAQ OTHER-REF BID SECUNIA | ||
GOUAE -- DWD Realty | SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-6169 SECUNIA | ||
Growth -- ISPManager | The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments. |
| 7.2 | CVE-2007-6182 OTHER-REF OTHER-REF SECUNIA | ||
IRC Services -- IRC Services | Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. |
| 10.0 | CVE-2007-6123 MLIST OTHER-REF BID SECUNIA | ||
Kinson Chan Charray -- CMS | Multiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/. |
| 7.5 | CVE-2007-6179 MILW0RM BID | ||
Mozilla -- SeaMonkey Mozilla -- Firefox | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. |
| 10.0 | CVE-2007-5959 OTHER-REF | ||
p3mbo -- Content Injector | SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6137 MILW0RM BID FRSIRT SECUNIA | ||
PHP-Con -- PHP-Con | PHP remote file inclusion vulnerability in Exchange/include.php in PHP-CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. |
| 7.5 | CVE-2007-6177 MILW0RM BID | ||
PHPDevShell -- PHPDevShell | PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information. |
| 8.5 | CVE-2007-6174 OTHER-REF SECUNIA | ||
PHPDevShell -- PHPDevShell | Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database." |
| 10.0 | CVE-2007-6186 OTHER-REF | ||
PHPKIT -- PHPKIT | SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. |
| 7.5 | CVE-2007-6134 MILW0RM BID FRSIRT SECUNIA | ||
Project Alumni -- Project Alumni | Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php. |
| 7.5 | CVE-2007-6127 MILW0RM BID | ||
Project Alumni -- Project Alumni | Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter. |
| 7.5 | CVE-2007-6184 MILW0RM OTHER-REF | ||
Proverbs -- Proverbs Web Calendar | Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. |
| 7.5 | CVE-2007-6158 BUGTRAQ BID XF | ||
Red Hat -- Cairo | Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image, which is not properly handled by the read_png function. |
| 7.5 | CVE-2007-5503 OTHER-REF OTHER-REF OTHER-REF REDHAT | ||
SoftBiz -- Freelancers Script | SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. |
| 7.5 | CVE-2007-6125 MILW0RM BID | ||
Sun -- Solaris | Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. |
| 7.6 | CVE-2007-6180 SUNALERT | ||
SuSE -- SuSE Linux | yast2-core includes the current working directory in its search path, which allows local users to gain privileges via malicious yast2 modules. |
| 7.2 | CVE-2007-6167 SUSE | ||
Tilde -- Tilde CMS | SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. |
| 7.5 | CVE-2007-6159 BUGTRAQ BID | ||
TuMusika Evolution -- TuMusika Evolution | Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. |
| 7.5 | CVE-2007-6188 MILW0RM | ||
VU -- Mass Mailer | SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6138 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
VU -- Case Manager | SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| 7.5 | CVE-2007-6143 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
VU -- Case Manager | SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-6168 FRSIRT SECUNIA | ||
Wesnoth -- Wesnoth | Directory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. |
| 9.0 | CVE-2007-5742 OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
Wire Plastic Design -- WpQuiz | Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. |
| 10.0 | CVE-2007-6172 MILW0RM BID SECUNIA | ||
Wireshark -- Wireshark | The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. |
| 7.8 | CVE-2007-6119 OTHER-REF BID FRSIRT SECTRACK SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Amber Script -- Amber Script | Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged for remote file inclusion in PHP 5 using a UNC share pathname, ftp, ftps, or ssh2.sftp URL. |
| 5.8 | CVE-2007-6129 BUGTRAQ MILW0RM BID SECUNIA | ||
Apple -- Quicktime | An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. |
| 6.8 | CVE-2007-4674 OTHER-REF OTHER-REF | ||
BASE -- Basic Analysis and Security Engine | Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters. |
| 4.3 | CVE-2007-6156 OTHER-REF OTHER-REF OSVDB SECUNIA | ||
Citrix -- NetScaler | The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. |
| 4.0 | CVE-2007-6192 BUGTRAQ SECTRACK XF | ||
Citrix -- NetScaler | The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface. |
| 5.0 | CVE-2007-6193 BUGTRAQ | ||
DevMass -- DevMass Cart | PHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter. |
| 5.8 | CVE-2007-6133 MILW0RM BID FRSIRT SECUNIA | ||
Digium -- Asterisk | SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. |
| 6.5 | CVE-2007-6170 OTHER-REF | ||
Ethereal Group -- Ethereal Wireshark -- Wireshark | The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. |
| 4.3 | CVE-2007-6120 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
GNU -- GNUMP3D | gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. |
| 5.0 | CVE-2007-6130 OTHER-REF OTHER-REF | ||
Hitachi -- JP1 File Transmission Server | Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors. |
| 5.0 | CVE-2007-6145 OTHER-REF BID FRSIRT SECUNIA | ||
Hitachi -- JP1 File Transmission Server | Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command. |
| 5.0 | CVE-2007-6146 OTHER-REF BID FRSIRT SECUNIA | ||
iaprcommence -- IAPR COMMENCE | Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/. |
| 6.8 | CVE-2007-6147 MILW0RM BID SECUNIA | ||
IHU -- I Hear U | I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp. |
| 5.0 | CVE-2007-6103 OTHER-REF OTHER-REF SECUNIA | ||
IRC Services -- IRC Services | The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information. |
| 5.0 | CVE-2007-6122 MLIST MLIST OTHER-REF BID SECUNIA | ||
Lhaplus -- Lhaplus | Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048. |
| 6.6 | CVE-2007-6175 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Liferay -- Liferay Enterprise Portal | Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-6173 BUGTRAQ BID FRSIRT SECUNIA | ||
M2Scripts -- MySpace Scripts Poll Creator | Multiplce cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-6136 BUGTRAQ BID SECUNIA | ||
Mozilla -- SeaMonkey Mozilla -- Firefox | Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. |
| 4.3 | CVE-2007-5960 OTHER-REF | ||
Mp3 -- Toolbox | PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. |
| 6.8 | CVE-2007-6139 BUGTRAQ MILW0RM FRSIRT | ||
NoAh -- NoAh | Multiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/. |
| 5.0 | CVE-2007-6187 MILW0RM | ||
OpenSSL Project -- FIPS Object Module | The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. |
| 6.4 | CVE-2007-5502 OTHER-REF BID FRSIRT SECUNIA | ||
PHPSlideShow -- PHPSlideShow | Cross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file. |
| 4.3 | CVE-2007-6135 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
pmapper -- p.mapper | Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper. |
| 6.8 | CVE-2007-6191 OTHER-REF BID | ||
Project Alumni -- Project Alumni | Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php. |
| 4.3 | CVE-2007-6126 MILW0RM BID | ||
Red Hat -- Cygwin_dll | Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19. |
| 6.0 | CVE-2007-6181 BUGTRAQ MLIST MLIST MLIST | ||
redhat -- enterprise_linux | Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP. |
| 4.9 | CVE-2007-5494 OTHER-REF REDHAT | ||
Ruby_Gnome2 -- Ruby_Gnome2 | Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| 6.8 | CVE-2007-6183 BUGTRAQ OTHER-REF | ||
Salims Softhouse -- JAF CMS | Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-6142 BID SECUNIA | ||
SimpleGallery -- SimpleGallery | Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter. |
| 4.3 | CVE-2007-6157 BUGTRAQ BID | ||
SoftBiz -- Freelancers Script | Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. |
| 4.3 | CVE-2007-6124 MILW0RM BID | ||
Symantec -- BackupExec System Recovery | The Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp. |
| 5.0 | CVE-2007-4346 OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA | ||
Symantec -- BackupExec System Recovery | Multiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop. |
| 5.0 | CVE-2007-4347 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
Tilde -- Tilde CMS | Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action. |
| 4.3 | CVE-2007-6160 BUGTRAQ BID | ||
Tilde -- Tilde CMS | index.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path. |
| 5.0 | CVE-2007-6161 BUGTRAQ | ||
VBTube -- VBTube | Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| 4.3 | CVE-2007-6141 BUGTRAQ BID | ||
WSDeluxe -- FMDeluxe | Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action. |
| 4.3 | CVE-2007-6162 BUGTRAQ BID SECUNIA | ||
Xunlei -- Web Thunder | Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information. |
| 6.0 | CVE-2007-6144 OTHER-REF OTHER-REF BID FRSIRT SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Cisco -- Unified IP Phone | The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. |
| 3.5 | CVE-2007-6190 OTHER-REF CISCO SECTRACK | ||
FreeBSD -- FreeBSD | The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values. |
| 2.1 | CVE-2007-6150 FREEBSD BID | ||
Red Hat -- Fedora_Fedora | buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files. |
| 2.1 | CVE-2007-6131 OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.