Vulnerability Summary for the Week of December 17, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adobe -- Flash Player | Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors." |
| 9.3 | CVE-2007-6242 OTHER-REF | ||
Adobe -- Flash Player | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks. |
| 9.3 | CVE-2007-6243 OTHER-REF OTHER-REF | ||
AdultScript -- AdultScript | admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php. |
| 7.5 | CVE-2007-6414 MILW0RM BID SECUNIA | ||
Aertherwide -- exiftags | Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355. |
| 10.0 | CVE-2007-6354 OTHER-REF SECUNIA | ||
Aertherwide -- exiftags | Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354. |
| 10.0 | CVE-2007-6355 OTHER-REF SECUNIA | ||
Apple -- Mac OS X | Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. |
| 9.3 | CVE-2007-4708 APPLE | ||
Apple -- Mac OS X | Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. |
| 8.8 | CVE-2007-4709 APPLE | ||
Apple -- Mac OS X | Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. |
| 9.3 | CVE-2007-4710 APPLE | ||
Apple -- Mac OS X | Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. |
| 7.2 | CVE-2007-5848 APPLE | ||
Apple -- Mac OS X | Integer underflow in CUPS in Apple Mac OS X 10.5.1, when SNMP is enabled, allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. |
| 9.3 | CVE-2007-5849 APPLE | ||
Apple -- Mac OS X | Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. |
| 8.8 | CVE-2007-5850 APPLE | ||
Apple -- Mac OS X | Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. |
| 9.3 | CVE-2007-5853 APPLE | ||
Apple -- Mac OS X | Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. |
| 9.4 | CVE-2007-5856 APPLE | ||
Apple -- Safari | Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. |
| 9.3 | CVE-2007-5859 APPLE | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." |
| 7.2 | CVE-2007-5860 APPLE | ||
Apple -- Mac OS X | Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. |
| 9.4 | CVE-2007-5862 OTHER-REF APPLE BID FRSIRT SECUNIA | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. |
| 9.3 | CVE-2007-5863 APPLE | ||
Cisco -- IP Phone Model 7940 | Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. |
| 7.8 | CVE-2007-5583 FULLDISC MILW0RM BID XF | ||
Cisco -- FWSM | Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections." |
| 7.8 | CVE-2007-5584 CISCO BID XF | ||
Cisco -- IP Phone Model 7940 | Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. |
| 7.8 | CVE-2007-6370 FULLDISC MILW0RM BID XF | ||
Clam Anti-Virus -- ClamAV | Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. |
| 7.5 | CVE-2007-6335 IDEFENSE DEBIAN SECUNIA | ||
Ethereal Group -- Ethereal Wireshark -- Wireshark | Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. |
| 7.8 | CVE-2007-6449 OTHER-REF | ||
exiv2 -- exiv2 | Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| 7.5 | CVE-2007-6353 OTHER-REF SECUNIA | ||
Falcon -- Series One CMS | Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors. |
| 7.5 | CVE-2007-6489 MILW0RM FRSIRT SECUNIA | ||
FreeWebShop -- FreeWebShop | Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. |
| 7.5 | CVE-2007-6466 OTHER-REF BID | ||
Gesytec Easylon -- OPC Server | Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions. |
| 10.0 | CVE-2007-4473 OTHER-REF OTHER-REF CERT-VN | ||
Hammer of Thyrion -- Hammer of Thyrion | Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2007-6468 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
Hosting Controller -- Hosting Controller | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters. |
| 10.0 | CVE-2007-6494 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219. |
| 7.5 | CVE-2007-6497 BUGTRAQ MILW0RM BID | ||
Hosting Controller -- Hosting Controller | Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. |
| 7.5 | CVE-2007-6498 BUGTRAQ MILW0RM BID XF | ||
HP -- Software Update | The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method. |
| 9.3 | CVE-2007-6506 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
iMesh.com -- iMesh | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method. |
| 7.1 | CVE-2007-6492 OTHER-REF SECUNIA | ||
iMesh.com -- iMesh | The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method. |
| 10.0 | CVE-2007-6493 OTHER-REF SECUNIA | ||
JBoss -- Seam | The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. |
| 7.5 | CVE-2007-6433 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Justsystem -- Ichitaro | Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2007-6436 OTHER-REF FRSIRT SECUNIA XF | ||
Kvaliitti -- WebDoc CMS | Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. |
| 10.0 | CVE-2007-6491 BUGTRAQ | ||
Linux -- Kernel | Linux kernel 2.6.22 and earlier, and possibly other versions, does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet. |
| 7.8 | CVE-2007-4567 UBUNTU | ||
Linux -- Kernel | Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information. |
| 7.2 | CVE-2007-5966 OTHER-REF BID FRSIRT SECUNIA | ||
Linux -- Kernel | The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly allocate memory in some circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash). |
| 7.2 | CVE-2007-6417 MLIST MLIST MLIST | ||
MKPortal -- MKPortal | SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. |
| 7.5 | CVE-2007-6467 BUGTRAQ BID XF | ||
my123tkShop -- e-Commerce-Suite | SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. |
| 7.5 | CVE-2007-6458 MILW0RM BID | ||
Novell -- Groupwise | Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail. |
| 9.3 | CVE-2007-6435 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
PeerCast -- PeerCast | Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| 10.0 | CVE-2007-6454 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Perforce -- P4Web | P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. |
| 7.8 | CVE-2007-6349 BUGTRAQ OTHER-REF BID SECUNIA | ||
PHP Real Estate Classifieds -- PHP Real Estate Classifieds Premium Plus | SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6462 MILW0RM OTHER-REF BID | ||
phpMyRealty -- phpMyRealty | Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6472 MILW0RM SECUNIA | ||
phpRPG -- phpRPG | SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. |
| 9.3 | CVE-2007-6469 BUGTRAQ BID SECUNIA | ||
Planamesa -- NeoOffice | Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability. |
| 10.0 | CVE-2007-6456 OTHER-REF BID SECUNIA XF | ||
St. Bernard -- Open File Manager | Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request. |
| 10.0 | CVE-2007-6281 FULLDISC OTHER-REF BID SECUNIA | ||
Sun -- Solaris | Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. |
| 9.3 | CVE-2007-6413 SUNALERT FRSIRT SECUNIA | ||
Sun -- Management Center | The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. |
| 9.4 | CVE-2007-6480 SUNALERT SECUNIA | ||
Sun -- Ray Server Software | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
| 7.8 | CVE-2007-6482 SUNALERT BID SECUNIA | ||
Trend Micro -- ServerProtect | SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code. |
| 10.0 | CVE-2007-6507 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
Wireshark -- Wireshark | Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) Firebird/Interbase, (2) DCP ETSI, (3) IPv6, or (4) USB dissector, which can trigger resource consumption or a crash. |
| 7.8 | CVE-2007-6439 OTHER-REF | ||
Wireshark -- Wireshark | Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms." |
| 7.8 | CVE-2007-6441 OTHER-REF | ||
Wireshark -- Wireshark | Wireshark (formerly Ethereal) 0.99.5 to 0.99.6 allows remote attackers to cause a denial of service (large loop) via a malformed DNP packet. |
| 7.8 | CVE-2007-6444 OTHER-REF | ||
Wireshark -- Wireshark | Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6, when running on "some systems," allows remote attackers to cause a denial of service (crash) via crafted chunked messages. |
| 7.8 | CVE-2007-6445 OTHER-REF | ||
Wireshark -- Wireshark | Buffer overflow in the iSeries (OS/400) Communication trace file parser in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code unknown vectors. |
| 7.5 | CVE-2007-6447 OTHER-REF | ||
Wireshark -- Wireshark | The Bluetooth SDP dissector in Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. |
| 7.8 | CVE-2007-6448 OTHER-REF | ||
Wireshark -- Wireshark | The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. |
| 7.8 | CVE-2007-6450 OTHER-REF | ||
Wireshark -- Wireshark | Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory. |
| 7.8 | CVE-2007-6451 OTHER-REF | ||
xeCMS -- xeCMS | Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter. |
| 7.5 | CVE-2007-6508 BUGTRAQ MILW0RM BID | ||
Xen -- Xen | The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. |
| 7.5 | CVE-2007-6416 OTHER-REF |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Adobe -- Flash Player | Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer. |
| 4.3 | CVE-2007-6244 OTHER-REF | ||
Adobe -- Flash Player | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. |
| 5.8 | CVE-2007-6245 OTHER-REF | ||
Adobe -- Flash Player | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges. |
| 6.9 | CVE-2007-6246 OTHER-REF | ||
Aertherwide -- exiftags | exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image. |
| 5.0 | CVE-2007-6356 OTHER-REF SECUNIA | ||
Anon Proxy Server -- Anon Proxy Server | Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. |
| 6.8 | CVE-2007-6459 BUGTRAQ MILW0RM BID | ||
Anon Proxy Server -- Anon Proxy Server | Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459. |
| 4.3 | CVE-2007-6460 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Apple -- Mac OS X | Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via crafted command line arguments to (1) mount_smbfs and (2) smbutil. |
| 6.6 | CVE-2007-3876 APPLE | ||
Apple -- Mac OS X | Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. |
| 6.6 | CVE-2007-5847 APPLE | ||
Apple -- Mac OS X | Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. |
| 4.3 | CVE-2007-5854 APPLE | ||
Apple -- Mac OS X | Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. |
| 6.4 | CVE-2007-5855 APPLE | ||
Apple -- Mac OS X | Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. |
| 6.4 | CVE-2007-5857 APPLE | ||
Apple -- Safari | WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. |
| 4.3 | CVE-2007-5858 APPLE | ||
Apple -- Mac OS X | Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. |
| 6.8 | CVE-2007-5861 APPLE | ||
Asterisk -- Asterisk Business Edition Asterisk -- Open Source | Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username. |
| 4.3 | CVE-2007-6430 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Balabit -- syslog-ng Premium Edition Balabit -- syslog-ng Open Source Edition | Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference. |
| 5.0 | CVE-2007-6437 BUGTRAQ FRSIRT SECTRACK SECUNIA XF | ||
Bitweaver -- Bitweaver | Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. |
| 6.8 | CVE-2007-6412 BUGTRAQ OTHER-REF BID | ||
Centreon -- Centreon | Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. |
| 6.8 | CVE-2007-6485 BUGTRAQ MILW0RM BID XF | ||
Citrix -- Web Interface | Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-6477 OTHER-REF FRSIRT SECUNIA | ||
Clam Anti-Virus -- ClamAV | Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP file. |
| 6.8 | CVE-2007-6336 DEBIAN BID | ||
Dokeos -- Dokeos | Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/. |
| 4.9 | CVE-2007-6479 MILW0RM SECUNIA | ||
Falcon -- Series One CMS | Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php. |
| 6.8 | CVE-2007-6488 MILW0RM FRSIRT SECUNIA | ||
Falcon -- Series One CMS | Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php. |
| 4.3 | CVE-2007-6490 MILW0RM FRSIRT SECUNIA | ||
Flyspray -- Flyspray | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function. |
| 4.3 | CVE-2007-6461 OTHER-REF SECUNIA | ||
Fonality -- Trixbox | registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack. |
| 4.3 | CVE-2007-6424 MLIST OTHER-REF OTHER-REF | ||
Form Tools -- Form Tools | Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. |
| 6.8 | CVE-2007-6464 MILW0RM | ||
Ganglia -- Ganglia | Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-6465 OTHER-REF SECUNIA | ||
Geek-Palace.com -- LineShout | Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-6486 OTHER-REF BID SECUNIA | ||
GF_3Xplorer -- GF_3Xplorer | Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors. |
| 4.3 | CVE-2007-6474 MILW0RM SECUNIA | ||
GF_3Xplorer -- GF_3Xplorer | Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php. |
| 6.4 | CVE-2007-6475 MILW0RM | ||
GF_3Xplorer -- GF_3Xplorer | GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function. |
| 5.0 | CVE-2007-6476 MILW0RM SECUNIA | ||
Google -- Google Web Toolkit | Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). |
| 4.3 | CVE-2007-6452 OTHER-REF BID FRSIRT SECUNIA | ||
Hosting Controller -- Hosting Controller | inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db. |
| 6.5 | CVE-2007-6495 BUGTRAQ MILW0RM BID | ||
Hosting Controller -- Hosting Controller | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654. |
| 6.8 | CVE-2007-6496 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value." |
| 5.5 | CVE-2007-6499 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp. |
| 4.9 | CVE-2007-6500 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp. |
| 5.5 | CVE-2007-6501 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found. |
| 5.5 | CVE-2007-6502 BUGTRAQ MILW0RM BID XF XF | ||
Hosting Controller -- Hosting Controller | Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters. |
| 5.5 | CVE-2007-6503 BUGTRAQ MILW0RM BID XF | ||
Hosting Controller -- Hosting Controller | Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter. |
| 5.5 | CVE-2007-6504 BUGTRAQ MILW0RM BID XF | ||
Ingres -- Ingres | Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. |
| 5.0 | CVE-2007-6334 OTHER-REF OTHER-REF BID SECUNIA SECUNIA | ||
KDE -- KDE | Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. |
| 4.7 | CVE-2007-5963 BUGTRAQ OTHER-REF | ||
libexif -- libexif | libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags. |
| 4.3 | CVE-2007-6351 OTHER-REF REDHAT | ||
libexif -- libexif | Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags. |
| 6.8 | CVE-2007-6352 REDHAT REDHAT BID | ||
Mambo -- Mambo | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. |
| 4.3 | CVE-2007-6455 BUGTRAQ | ||
Net_DNS -- Net_DNS | Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response. |
| 5.0 | CVE-2007-6341 OTHER-REF OTHER-REF BID SECTRACK | ||
NetWin -- SurgeMail | Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header. |
| 5.0 | CVE-2007-6457 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
PHP Real Estate Script -- Classifieds | Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes." |
| 4.3 | CVE-2007-6463 OTHER-REF | ||
phPay -- phPay | Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter. |
| 5.8 | CVE-2007-6471 BUGTRAQ BID FRSIRT SECUNIA XF | ||
phpRPG -- phpRPG | phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies. |
| 6.4 | CVE-2007-6470 BUGTRAQ BID SECUNIA | ||
phpRPG -- phpRPG | SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.8 | CVE-2007-6484 SECUNIA | ||
Plain Black -- WebGUI | Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680. |
| 4.9 | CVE-2007-6487 OTHER-REF OTHER-REF SECUNIA XF | ||
Raiden Professional Servers -- RaidenHTTPD | Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter. |
| 6.4 | CVE-2007-6453 BUGTRAQ OTHER-REF BID SECUNIA | ||
Red Hat -- Enterprise Linux Red Hat -- Fedora | Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. |
| 4.9 | CVE-2007-6283 OTHER-REF | ||
Rosoft Engineering -- Rosoft Media Player | Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information. |
| 6.8 | CVE-2007-6478 BUGTRAQ BID FRSIRT SECUNIA XF | ||
SafeNet -- Sentinel Protection Server SafeNet -- Sentinel Keys Server | Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. |
| 5.0 | CVE-2007-6483 BUGTRAQ BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
Sun -- Ray Server Software | Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors. |
| 6.4 | CVE-2007-6481 SUNALERT BID SECUNIA | ||
Texas Imperial Software -- WFTPD Pro Explorer | Heap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command. |
| 5.8 | CVE-2007-6473 MILW0RM SECUNIA | ||
Wireshark -- Wireshark | Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.6 allow remote attackers to cause a denial of service via (1) a crafted MP3 file, (2) the NCP dissector, or (3) the SMB dissector. |
| 5.0 | CVE-2007-6438 OTHER-REF | ||
Wireshark -- Wireshark | Buffer overflow in the PPP dissector in Wireshark (formerly Ethereal) 0.99.6 might allow remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. |
| 5.0 | CVE-2007-6440 OTHER-REF | ||
Wireshark -- Wireshark | Buffer overflow in the SSL dissector in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. |
| 5.0 | CVE-2007-6442 OTHER-REF | ||
Wireshark -- Wireshark | Buffer overflow in the ANSI MAP dissector in Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on some unspecified platforms, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. |
| 5.0 | CVE-2007-6443 OTHER-REF | ||
Wireshark -- Wireshark | The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (large loop and resource consumption) via unknown vectors. |
| 5.0 | CVE-2007-6446 OTHER-REF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apple -- Mac OS X | iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. |
| 3.6 | CVE-2007-5851 APPLE | ||
Debian -- Debian Linux | The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments. |
| 2.1 | CVE-2007-6418 OTHER-REF | ||
Linux -- Kernel | Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function. |
| 2.1 | CVE-2007-6434 OTHER-REF FRSIRT SECUNIA | ||
Red Hat -- Enterprise Linux | The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server. |
| 1.9 | CVE-2007-6285 REDHAT REDHAT | ||
Sun -- Solaris | Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. |
| 3.5 | CVE-2007-6505 SUNALERT |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.