Vulnerability Summary for the Week of March 26, 2007
Released
Apr 02, 2007
Document ID
SB07-092
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". |
| 8.0 | CVE-2007-1701 OTHER-REF BID | |||
| Active Trade -- Active Trade | SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-1705 MILW0RM SECUNIA | ||
| Active Web Softwares -- Active Newsletter | SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. |
| 7.0 | CVE-2007-1696 MILW0RM BID | ||
| Active Web Softwares -- Active Auction House | SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-1712 MILW0RM FRSIRT SECUNIA | ||
| Advanced Website Creator -- Advanced Website Creator | Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string. |
| 7.0 | CVE-2007-1779 OTHER-REF | ||
| Ay System Solutions -- Web Content System | PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. |
| 8.0 | CVE-2007-1771 MILW0RM BID SECUNIA | ||
| CcCounter -- CcCounter | Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. |
| 7.0 | CVE-2007-1714 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| CipherTrust -- IronMail | Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do. |
| 7.0 | CVE-2007-1723 BUGTRAQ OTHER-REF | ||
| ClassWeb -- ClassWeb | Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. |
| 10.0 | CVE-2007-1640 MILW0RM BID FRSIRT XF | ||
| Corel -- WordPerfect Office X3 | Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document. |
| 8.0 | CVE-2007-1735 BUGTRAQ OTHER-REF BID MILW0RM FRSIRT SECUNIA XF | ||
| DataRescue -- IDA Pro | The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. |
| 7.0 | CVE-2007-1666 IDEFENSE OTHER-REF BID FRSIRT OSVDB SECTRACK SECUNIA XF | ||
| Eve-Nuke -- Eve-Nuke Forum | PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 10.0 | CVE-2007-1778 MILW0RM FRSIRT | ||
| eWebQuiz -- eWebQuiz | SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. |
| 7.0 | CVE-2007-1706 MILW0RM SECUNIA | ||
| Free PHP Scripts -- Free Image Hosting | PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763. |
| 7.0 | CVE-2007-1715 MILW0RM XF | ||
| FutureSoft -- TFTP Server 2000 | Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812. |
| 10.0 | CVE-2007-1645 MILW0RM XF | ||
| Giorgio Ciranni -- Splatt Forum | Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php. |
| 7.0 | CVE-2007-1633 MILW0RM BID FRSIRT | ||
| Hpaftpd -- Hpaftpd | Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command. |
| 10.0 | CVE-2007-1731 OTHER-REF BID | ||
| IceBB -- IceBB | SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. |
| 8.0 | CVE-2007-1725 MILW0RM MILW0RM FRSIRT SECUNIA | ||
| InterVations -- NaviCOPA Web Server | Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. |
| 10.0 | CVE-2007-1733 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| Ipswitch -- IMail Plus Ipswitch -- Ipswitch Collaboration Suite Ipswitch -- IMail Premium Ipswitch -- IMail | Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. |
| 8.0 | CVE-2007-1637 IDEFENSE OTHER-REF FRSIRT SECTRACK SECUNIA | ||
| Jason W. Bacon -- mcweject | Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name. |
| 7.0 | CVE-2007-1719 MILW0RM | ||
| Joomla! -- RWCards Component | SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| 7.0 | CVE-2007-1703 MILW0RM | ||
| Joomla! -- Car Manager | SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-1704 MILW0RM | ||
| Linux -- Kernel | The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730. |
| 7.0 | CVE-2007-1734 BUGTRAQ SECTRACK | ||
| LMS -- LAN Management System | Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php. |
| 10.0 | CVE-2007-1643 MILW0RM BID BID FRSIRT SECUNIA XF | ||
| Mambo -- SWmenu Component Joomla! -- SWmenu Component | Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. |
| 10.0 | CVE-2007-1699 MILW0RM BID | ||
| Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows Vista Microsoft -- Windows XP | Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred. |
| 8.0 | CVE-2007-0038 FULLDISC OTHER-REF CERT CERT-VN SECUNIA | ||
| Microsoft -- Windows | The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). |
| 10.0 | CVE-2007-1644 MILW0RM | ||
| Microsoft -- Small Business Server Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 | The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector. |
| 7.0 | CVE-2007-1692 MLIST OTHER-REF MSKB OTHER-REF OTHER-REF FRSIRT XF | ||
| MNews -- MNews | PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. |
| 10.0 | CVE-2006-7182 BUGTRAQ | ||
| Morcego CMS -- Morcego CMS | Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. |
| 10.0 | CVE-2006-7181 BUGTRAQ | ||
| Mozilla -- Firefox | Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. |
| 7.0 | CVE-2007-1736 BUGTRAQ | ||
| Net Portal Dynamic System -- Net Portal Dynamic System | Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation. |
| 7.0 | CVE-2007-1634 BUGTRAQ VIM SECUNIA | ||
| Net-Side.net -- Net Side Content Management System | PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter. |
| 7.0 | CVE-2007-1707 MILW0RM BID | ||
| Opera Software -- Opera | Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. |
| 7.0 | CVE-2007-1737 BUGTRAQ | ||
| Philex -- Philex | PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. |
| 10.0 | CVE-2007-1697 MILW0RM BID FRSIRT XF | ||
| PHP -- PHP | The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. |
| 10.0 | CVE-2007-1700 OTHER-REF BID | ||
| PHP -- PHP | Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. |
| 7.0 | CVE-2007-1777 OTHER-REF BID | ||
| phpBB Group -- phpBB | ** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly. |
| 10.0 | CVE-2007-1695 BUGTRAQ BUGTRAQ | ||
| PortailPHP -- PortailPHP | SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. |
| 7.0 | CVE-2007-1641 MILW0RM BID SECUNIA XF | ||
| Realink -- C-Abre | Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php. |
| 10.0 | CVE-2007-1721 MILW0RM OTHER-REF BUGTRAQ BID FRSIRT | ||
| revolutionProducts -- FlexBB | SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php. |
| 7.0 | CVE-2007-1729 BUGTRAQ OTHER-REF XF | ||
| RoseOnlineCMS -- RoseOnlineCMS | Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header. |
| 7.0 | CVE-2007-1636 MILW0RM BID FRSIRT XF | ||
| SB-WebSoft -- Addressbook | Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file. |
| 7.0 | CVE-2007-1720 MILW0RM XF | ||
| Sendmail -- Sendmail | The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. |
| 7.0 | CVE-2006-7175 OTHER-REF | ||
| SignKorea -- SKCommAX ActiveX Control | Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument. |
| 10.0 | CVE-2007-1722 FULLDISC FRSIRT SECUNIA | ||
| ttCMS -- ttForum | PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. |
| 7.0 | CVE-2007-1708 MILW0RM BID FRSIRT XF | ||
| X.Org -- libX11 | Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. |
| 8.0 | CVE-2007-1667 OTHER-REF OTHER-REF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. |
| 4.9 | CVE-2007-1713 OTHER-REF OTHER-REF SECUNIA | |||
| PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. |
| 4.9 | CVE-2007-1766 BUGTRAQ | |||
| CruiseWorks -- CruiseWorks | CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. |
| 4.9 | CVE-2007-1782 OTHER-REF OTHER-REF SECUNIA | ||
| Design for Joomla -- D4J eZine | SQL injection vulnerability in index.php in the D4JeZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. |
| 5.6 | CVE-2007-1776 MILW0RM BID | ||
| HP -- OpenView Network Node Manager | Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. |
| 4.2 | CVE-2007-1727 HP FRSIRT SECTRACK BID XF | ||
| IceBB -- IceBB | Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. |
| 4.2 | CVE-2007-1726 MILW0RM FRSIRT SECUNIA | ||
| JBrowser -- JBrowser | Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-1775 BID | ||
| Linux -- Kernel | Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. |
| 4.7 | CVE-2007-1730 BUGTRAQ BID SECTRACK | ||
| MADWifi -- MADWifi | ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of sevice (disrupted authentication) and conduct spoofing attacks. |
| 5.6 | CVE-2006-7180 OTHER-REF OTHER-REF OSVDB | ||
| Mambo -- Flatmenu | PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2007-1702 MILW0RM VIM | ||
| Microsoft -- Server 2003 Avaya -- IP600 Media Servers Avaya -- S8100 Media Servers Microsoft -- Windows XP Microsoft -- Windows Vista Microsoft -- Internet Explorer Avaya -- S3400 Message Application Server Microsoft -- Windows 2000 Avaya -- DefinityOne Media Servers | Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier. |
| 5.6 | CVE-2007-1765 OTHER-REF OTHER-REF OTHER-REF MICROSOFT BID FRSIRT SECTRACK | ||
| Minna De Office -- Minna De Office | Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information. |
| 4.9 | CVE-2007-1781 OTHER-REF OTHER-REF SECUNIA | ||
| Net Portal Dynamic System -- Net Portal Dynamic System | Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. |
| 6.0 | CVE-2007-1635 BUGTRAQ SECUNIA | ||
| PHPProjekt -- PHPProjekt | Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. |
| 5.6 | CVE-2007-1638 BUGTRAQ OTHER-REF OTHER-REF SECUNIA XF | ||
| ReactOS -- ReactOS | Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures. |
| 4.9 | CVE-2007-1724 OTHER-REF | ||
| Red Hat -- Red Hat Enterprise Linux | pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. |
| 4.9 | CVE-2007-1716 OTHER-REF | ||
| TrueCrypt Foundation -- TrueCrypt | TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589. |
| 5.6 | CVE-2007-1738 BID SECUNIA BUGTRAQ | ||
| WordPress -- WordPress | ** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor. |
| 4.2 | CVE-2007-1732 FULLDISC OTHER-REF GENTOO SECUNIA SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AOL -- AOL Client Software | Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. |
| 3.3 | CVE-2007-1767 BUGTRAQ | ||
| Apache Software Foundation -- mod_perl | PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. |
| 3.3 | CVE-2007-1349 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| ESRI -- ArcSDE | ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three tiered configurations, allows remote attackers to cause a denial of service (giomgr crash) via a crafted connection string containing "extra characters." |
| 3.3 | CVE-2007-1770 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
| FastStone -- Image Viewer | Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image. |
| 3.4 | CVE-2007-1764 BUGTRAQ | ||
| Fizzle -- Fizzle | Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. |
| 1.9 | CVE-2007-1678 BUGTRAQ SECUNIA BID FRSIRT OSVDB XF | ||
| Horde -- Groupware | ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages. |
| 1.9 | CVE-2007-1679 BUGTRAQ BID BUGTRAQ XF | ||
| HP -- JetDirect | The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname. |
| 2.7 | CVE-2007-1772 FULLDISC BID | ||
| IBM -- Lotus Domino | Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. |
| 1.9 | CVE-2006-4843 IDEFENSE OTHER-REF BID FRSIRT SECUNIA SECTRACK XF | ||
| IBM -- Lotus Domino | Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. |
| 3.3 | CVE-2007-1675 OTHER-REF OTHER-REF BID FRSIRT SECUNIA BID SECTRACK XF | ||
| IBM -- Lotus Domino | Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. |
| 3.3 | CVE-2007-1739 IDEFENSE OTHER-REF BID FRSIRT SECUNIA CERT-VN BID SECTRACK XF | ||
| MADWifi -- MADWifi | MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." |
| 3.3 | CVE-2006-7177 OTHER-REF | ||
| MADWifi -- MADWifi | MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. |
| 3.3 | CVE-2006-7178 OTHER-REF OTHER-REF OSVDB | ||
| MADWifi -- MADWifi | ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. |
| 3.3 | CVE-2006-7179 OTHER-REF OTHER-REF OTHER-REF OSVDB | ||
| ManageEngine -- Firewall Analyzer | Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via unspecified vectors. |
| 1.4 | CVE-2007-1642 BUGTRAQ BID | ||
| Mephisto -- Mephisto Mephisto -- Mephisto Edge | Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment. |
| 1.9 | CVE-2007-1768 BUGTRAQ BID XF | ||
| Mephisto -- Mephisto | Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-1769 BID | ||
| Microsoft -- Windows Vista | The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. |
| 2.7 | CVE-2007-1763 VULNWATCH OTHER-REF | ||
| Mozilla -- Firefox | Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. |
| 2.3 | CVE-2007-1762 BUGTRAQ | ||
| Navision Software -- Navision Financials Server NetBSD -- NetBSD | Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. |
| 3.4 | CVE-2007-1677 NETBSD BID | ||
| Overlay Weaver -- Overlay Weaver | Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. |
| 1.9 | CVE-2007-1780 OTHER-REF SECUNIA | ||
| Philex -- Philex | download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. |
| 2.3 | CVE-2007-1698 MILW0RM BID FRSIRT XF | ||
| PHP -- PECL phpDOC | Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. |
| 2.9 | CVE-2007-1709 MILW0RM BUGTRAQ OTHER-REF BID XF | ||
| PHP -- PHP | The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. |
| 2.9 | CVE-2007-1710 MILW0RM | ||
| PHP -- PHP | Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007). |
| 2.9 | CVE-2007-1711 OTHER-REF BID | ||
| PHP -- PHP | The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed. |
| 3.3 | CVE-2007-1717 OTHER-REF BID | ||
| PHP -- PHP | CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. |
| 3.3 | CVE-2007-1718 OTHER-REF BID | ||
| Sendmail -- Sendmail | The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. |
| 3.3 | CVE-2006-7176 OTHER-REF | ||
| Sony -- PSP Sony -- PlayStation 3 | The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. |
| 3.3 | CVE-2007-1728 BUGTRAQ | ||
| Sun -- Java System Directory Server Sun -- ONE Directory Server | The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. |
| 3.3 | CVE-2006-4175 IDEFENSE SUNALERT BID FRSIRT SECTRACK SECUNIA | ||
| unverse.net -- aBitWhizzy | Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-1773 OTHER-REF BID | ||
| unverse.net -- aBitWhizzy | Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-1774 OTHER-REF BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.