Vulnerability Summary for the Week of February 26, 2007

Released
Mar 05, 2007
Document ID
SB07-064

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ActiveCalendar -- ActiveCalendarMultiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
unknown
2007-02-26
7.0CVE-2007-1111
BUGTRAQ
BID
Arkoon -- FAST360Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
unknown
2007-02-23
7.0CVE-2006-7053
OTHER-REF
FRSIRT
SECUNIA
XF
Clan Manager Pro -- Clan Manager ProPHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-23
8.0CVE-2006-7046
OSVDB
SECUNIA
Claroline -- ClarolineMultiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
unknown
2007-02-23
7.0CVE-2006-7048
FULLDISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
CMPro Team -- Clan Manager ProPHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
unknown
2007-02-23
7.0CVE-2006-7044
OTHER-REF
FRSIRT
OSVDB
XF
CMPro Team -- Clan Manager ProPHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2007-02-23
7.0CVE-2006-7045
FRSIRT
OSVDB
Coppermine -- Photo GallerySQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.
unknown
2007-02-26
7.0CVE-2007-1107
BUGTRAQ
MILW0RM
EMC -- NetWorkerThe Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
unknown
2007-03-02
10.0CVE-2006-3892
OTHER-REF
OTHER-REF
CERT-VN
Hitachi -- JP1-Cm2-Network Node Manager Starter 250
Hitachi -- Cm2-Network Node Manager
Hitachi -- JP1-Cm2-Network Node Manager 250
Hitachi -- JP1-Cm2-Network Node Manager
Hitachi -- JP1-Cm2-Network Node Manager Starter
Hitachi -- Cm2-Network Node Manager 250		Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
unknown
2007-02-26
10.0CVE-2007-1093
OTHER-REF
SECUNIA
Invision Power Services -- Invision Power BoardCross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
unknown
2007-02-23
10.0CVE-2006-7064
BUGTRAQ
BID
XF
Keith Reichley -- dotWidget for ArticlesMultiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
unknown
2007-02-23
10.0CVE-2006-7052
BUGTRAQ
BID
XF
Matt Johnston -- Dropbear SSH Serverdbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
unknown
2007-02-26
7.0CVE-2007-1099
OTHER-REF
Microsoft -- PublisherUnspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
unknown
2007-02-26
10.0CVE-2007-1117
OTHER-REF
OTHER-REF
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox		Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
unknown
2007-02-26
10.0CVE-2007-0008
OTHER-REF
IDEFENSE
OTHER-REF
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox		Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
unknown
2007-02-26
10.0CVE-2007-0009
OTHER-REF
IDEFENSE
OTHER-REF
Mozilla -- FirefoxHeap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
unknown
2007-02-26
7.0CVE-2007-0776
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
unknown
2007-02-26
10.0CVE-2007-0777
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox		Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
unknown
2007-02-26
10.0CVE-2007-1092
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
MTCMS -- MTCMSMultiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload files via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
7.0CVE-2007-1129
BID
Scripter.ch -- Sinapis ForumPHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1131
MILW0RM
BID
Scripter.ch -- FCRingPHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1133
MILW0RM
BID
Scriptsez.net -- E-Dating SystemScriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
unknown
2007-02-23
10.0CVE-2006-7061
BUGTRAQ
SECUNIA
Sinapis -- GastebuchPHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1130
MILW0RM
BID
Sphider -- SphiderSQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2.
unknown
2007-02-23
7.0CVE-2006-7057
FRSIRT
SECUNIA
Steema Software -- TeeChart ProThe (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
8.0CVE-2007-1120
BID
SECUNIA
TinyPHPForum -- TinyPHPForumDirectory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
unknown
2007-02-23
7.0CVE-2006-7063
MILW0RM
BID
XF
VirtueMart -- VirtuemartCross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
unknown
2007-02-26
7.0CVE-2007-1096
OTHER-REF
WiClear -- WiClearUnspecified vulnerability in the upload tool in Wiclear before 0.11.1 has unknown impact and remote attack vectors.
unknown
2007-02-26
7.0CVE-2007-1097
OTHER-REF
WikkaWiki -- WikkaWikiThe Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
unknown
2007-02-23
7.0CVE-2006-7049
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
WikkaWiki -- WikkaWikiCross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.
unknown
2007-02-23
7.0CVE-2006-7050
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
CS-Gallery -- CS-GalleryPHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
unknown
2007-02-26
5.6CVE-2007-1108
MILW0RM
BID
DreamCost -- HostAdminMultiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
unknown
2007-02-23
5.6CVE-2006-7056
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
efiction -- efictionMultiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
unknown
2007-02-26
5.6CVE-2007-1118
MILW0RM
BID
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
unknown
2007-02-26
5.6CVE-2007-1091
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Firefox		GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
unknown
2007-02-26
5.6CVE-2007-0779
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox		browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
unknown
2007-02-26
5.6CVE-2007-0780
OTHER-REF
OTHER-REF
Mozilla -- FirefoxMozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
unknown
2007-02-26
5.6CVE-2007-1095
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
NoMoKeTos Rules -- NoMoKeTos RulesPHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-26
5.6CVE-2007-1106
MILW0RM
BID
Novell -- ZENworksUnspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.
unknown
2007-02-26
4.7CVE-2007-1119
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SweetPHP -- TotalCalendarPHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
unknown
2007-02-23
5.6CVE-2006-7055
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
OSVDB
XF
Watersweb Shops -- Shop Kit PlusDirectory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
unknown
2007-02-26
4.7CVE-2007-1127
BUGTRAQ
BID
Zephyr -- ZephyrSoft Toolbox Address Book ContinuedMultiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
unknown
2007-02-26
4.7CVE-2007-1121
OTHER-REF
BID
FRSIRT
SECUNIA
ZephyrSoft Toolbox -- Address Book ContinuedMultiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.
unknown
2007-02-26
4.7CVE-2007-1122
OTHER-REF
BID
FRSIRT
SECUNIA
ZPanel -- ZPanelMultiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
5.6CVE-2007-1123
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ActiveCalendar -- ActiveCalendarDirectory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
unknown
2007-02-26
2.3CVE-2007-1110
BUGTRAQ
BID
Arkoon -- FAST360The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite.
unknown
2007-02-23
3.3CVE-2006-7054
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Chipmunk Scripts -- Chipmunk BloggerMultiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.
unknown
2007-02-23
1.4CVE-2006-7043
BUGTRAQ
BID
XF
Extreme phpBB -- Extreme phpBBPHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-26
2.3CVE-2007-1105
MILW0RM
BID
KMail -- KMailcalendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.
unknown
2007-02-23
3.3CVE-2006-7062
OTHER-REF
OSVDB
XF
Linux -- LinuxThe sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
unknown
2007-02-23
2.3CVE-2006-7051
BUGTRAQ
MILW0RM
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
unknown
2007-03-02
2.3CVE-2006-7065
FULLDISC
OTHER-REF
BID
Microsoft -- Windows ExplorerMicrosoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
unknown
2007-02-26
2.7CVE-2007-1090
OTHER-REF
OTHER-REF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
unknown
2007-02-26
2.7CVE-2007-1094
BUGTRAQ
BID
Microsoft -- Internet ExplorerThe child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
1.9CVE-2007-1114
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird		Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.1, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
unknown
2007-02-26
3.9CVE-2007-0775
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox		The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
unknown
2007-02-26
2.7CVE-2007-0778
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox		Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
unknown
2007-02-26
2.3CVE-2007-0995
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox		The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
3.7CVE-2007-0996
OTHER-REF
OTHER-REF
REDHAT
Mozilla -- FirefoxThe CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, whcih allows remote attackers to obtain sensitive information by querying the browser's session history.
unknown
2007-02-26
2.3CVE-2007-1116
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
MTCMS -- MTCMSMultiple cross-site scripting (XSS) vulnerabilities in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
2.3CVE-2007-1132
BID
Opera Software -- OperaThe child frames in Opera 9 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
3.7CVE-2007-1115
OTHER-REF
Photostand -- PhotostandMultiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) name field, or the (3) q parameter in a search action in index.php.
unknown
2007-02-26
1.9CVE-2007-1101
BUGTRAQ
BID
BID
Photostand -- PhotostandPhotostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
unknown
2007-02-26
2.3CVE-2007-1102
BUGTRAQ
PHP MIP -- PHP MIPPHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
unknown
2007-02-26
1.9CVE-2007-1104
MILW0RM
PhpWebGallery -- PhpWebGalleryMultiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674.
unknown
2007-02-26
1.9CVE-2007-1109
BUGTRAQ
BID
picKLE -- picKLEDirectory traversal vulnerability in download.php in Pickle allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-02-26
2.3CVE-2007-1100
BUGTRAQ
BID
Scriptsez.net -- E-Dating SystemMultiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.
unknown
2007-02-23
1.9CVE-2006-7059
BUGTRAQ
BID
SECUNIA
XF
Scriptsez.net -- E-Dating Systemcindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.
unknown
2007-02-23
2.3CVE-2006-7060
BUGTRAQ
SECUNIA
ScryMUD -- ScryMUDMultiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.
unknown
2007-02-26
2.3CVE-2007-1098
MLIST
OTHER-REF
ShoutPro -- ShoutProinclude.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
unknown
2007-02-23
2.3CVE-2006-7047
BUGTRAQ
BUGTRAQ
XF
Sphider -- SphiderMultiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-23
2.3CVE-2006-7058
FRSIRT
OSVDB
SECUNIA
Tor -- TorTor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
unknown
2007-02-26
1.9CVE-2007-1103
MLIST
MLIST
MLIST
OTHER-REF
Watersweb Shops -- Shop Kit Plusshopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
unknown
2007-02-26
2.3CVE-2007-1128
BUGTRAQ
XeroXer -- Simple one-file galleryDirectory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
unknown
2007-02-26
2.3CVE-2007-1124
BUGTRAQ
BID
XeroXer -- Simple one-file galleryCross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
unknown
2007-02-26
1.9CVE-2007-1125
BUGTRAQ
BID
XT-Commerce -- XT-Commerce Community Made ShoppingDirectory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
unknown
2007-02-26
2.3CVE-2007-1126
BUGTRAQ

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.