Vulnerability Summary for the Week of April 9, 2007

Released
Apr 16, 2007
Document ID
SB07-106

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ACD Systems -- ACDSee Photo ManagerInteger overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.
unknown
2007-04-10
8.0CVE-2007-1943
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
AlstraSoft -- Video Share Enterprisesiteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.
unknown
2007-04-12
7.0CVE-2007-2017
OTHER-REF
BID
FRSIRT
SECUNIA
ArchiveXpert -- ArchiveXpertMultiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.
unknown
2007-04-10
7.0CVE-2007-1954
OTHER-REF
SECUNIA
CodeBreak -- CodeBreakPHP remote file inclusion vulnerability in codebreak.php in CodeBreak allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
unknown
2007-04-12
7.0CVE-2007-1996
BUGTRAQ
Cyboards -- Cyboards PHP LitePHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.
unknown
2007-04-11
7.0CVE-2007-1983
MILW0RM
VIM
BID
XF
Daniel Naber -- LanguageToolCross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
unknown
2007-04-10
7.0CVE-2007-1939
OTHER-REF
DropAFew -- DropAFewMultiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
unknown
2007-04-11
7.0CVE-2007-1363
OTHER-REF
OTHER-REF
BID
SECUNIA
FastStone -- Image ViewerInteger overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
unknown
2007-04-10
8.0CVE-2007-1942
BUGTRAQ
OTHER-REF
BID
SECUNIA
Gazi Okul Sitesi -- Gazi Okul SitesiSQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.
unknown
2007-04-11
7.0CVE-2007-1971
BUGTRAQ
BID
HIOX INDIA -- Guest BookDirect static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.
unknown
2007-04-12
7.0CVE-2007-1998
MILW0RM
holaCMS -- holaCMSCross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.
unknown
2007-04-11
7.0CVE-2007-1977
OTHER-REF
SECUNIA
HP -- Portable File SystemUnspecified vulnerability in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to gain privileges via unspecified vectors.
unknown
2007-04-12
7.0CVE-2007-1993
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
unknown
2007-04-10
7.0CVE-2007-1945
OTHER-REF
AIXAPAR
FRSIRT
XF
InoutMailingListManager -- InoutMailingListManagerMultiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.
unknown
2007-04-12
7.0CVE-2007-2004
MILW0RM
Internet Pictures Corporation -- iPIX Image WellMultiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-10
10.0CVE-2007-1687
CERT-VN
IrfanView -- IrfanViewBuffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
unknown
2007-04-10
8.0CVE-2007-1948
BUGTRAQ
OTHER-REF
FRSIRT
LedgerSMB -- LedgerSMB
DWS Systems Inc. -- SQL-Ledger		(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.
unknown
2007-04-10
7.0CVE-2007-1923
BUGTRAQ
BID
Mambo -- Taskhopper Component
Joomla! -- Taskhopper Component		Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
unknown
2007-04-12
7.0CVE-2007-2005
MILW0RM
MamboXChange -- com_zoomMultiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.
unknown
2007-04-12
7.0CVE-2007-1992
MILW0RM
BID
Microsoft -- Content Management ServerMicrosoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
unknown
2007-04-10
10.0CVE-2007-0938
MS
Microsoft -- Windows XPUnspecified vulnerability in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP requests that trigger memory corruption.
unknown
2007-04-10
8.0CVE-2007-1204
MS
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP		Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
unknown
2007-04-10
10.0CVE-2007-1205
MS
OTHER-REF
Microsoft -- Windows XPInteger overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
unknown
2007-04-10
10.0CVE-2007-1946
BUGTRAQ
OTHER-REF
BID
MyBB -- MyBB
MyBulletinBoard -- MyBulletinBoard		SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.
unknown
2007-04-11
7.0CVE-2007-1963
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
MyNews -- MyNewsPHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.
unknown
2007-04-12
7.0CVE-2007-2014
OTHER-REF
FRSIRT
nazarkin.name -- WeatimagesPHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.
unknown
2007-04-12
7.0CVE-2007-1999
MILW0RM
Nick Jones -- Topliste ModuleSQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2007-04-11
7.0CVE-2007-1980
MILW0RM
BID
FRSIRT
XF
NullSoft -- WinampLIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption.
unknown
2007-04-10
8.0CVE-2007-1921
BUGTRAQ
OTHER-REF
BID
FRSIRT
NullSoft -- WinampThe Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
unknown
2007-04-10
10.0CVE-2007-1922
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
Onelook -- oboShopSession fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
unknown
2007-04-10
7.0CVE-2007-1951
BUGTRAQ
OTHER-REF
Onelook -- onebyone CMSSession fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1952
BUGTRAQ
OTHER-REF
Onelook -- courts onlineSession fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1953
BUGTRAQ
OTHER-REF
PHP-Fusion -- Arcade ModuleSQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
unknown
2007-04-11
7.0CVE-2007-1978
MILW0RM
FRSIRT
XF
phpBB -- MutantPHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-04-11
7.0CVE-2007-1961
MILW0RM
BID
PHPEcho CMS -- PHPEcho CMS** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (1) because the inclusion occurs within a function that is not called during a direct request. CVE disputes (2) because root_path is defined in config.php before use.
unknown
2007-04-11
7.0CVE-2007-1987
BUGTRAQ
phpexplorator -- phpexploratorMultiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.
unknown
2007-04-11
7.0CVE-2007-1985
BUGTRAQ
Pineapple Technologies -- LoreMultiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.
unknown
2007-04-12
7.0CVE-2007-2021
BUGTRAQ
pL-PHP -- pL-PHPMultiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.
unknown
2007-04-12
7.0CVE-2007-2006
MILW0RM
pL-PHP -- pL-PHPadmin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.
unknown
2007-04-12
7.0CVE-2007-2007
MILW0RM
pL-PHP -- pL-PHPDirectory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
unknown
2007-04-12
7.0CVE-2007-2008
MILW0RM
Raphaël Limbach -- Crea-BookMultiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
unknown
2007-04-12
7.0CVE-2007-2000
MILW0RM
Roxio -- CinePlayerStack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via unspecified properties and methods in the SonicDVDDashVRNav.dll ActiveX control.
unknown
2007-04-11
10.0CVE-2007-1559
OTHER-REF
FRSIRT
SECUNIA
Ryan Haudenschilt -- Battle.Net Clan ScriptSQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.
unknown
2007-04-10
7.0CVE-2007-1909
MILW0RM
BID
Sam Crew -- MyBlogPHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-12
7.0CVE-2007-1990
FRSIRT
SAP -- RFC LibraryBuffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
7.0CVE-2007-1915
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC LibraryBuffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
10.0CVE-2007-1916
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC LibraryBuffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
10.0CVE-2007-1917
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Scar4U -- ScarNewsDirectory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.
unknown
2007-04-10
7.0CVE-2007-1932
MILW0RM
FRSIRT
SignKorea -- SKCommAX ActiveX ControlMultiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-10
10.0CVE-2007-1955
SECUNIA
Smarty -- Smarty** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant.
unknown
2007-04-12
7.0CVE-2006-7193
BUGTRAQ
BUGTRAQ
XF
SmodBIP -- SmodBIPSQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter.
unknown
2007-04-10
7.0CVE-2007-1920
MILW0RM
BID
XF
SmodCMS -- SmodCMSSQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
unknown
2007-04-10
7.0CVE-2007-1931
MILW0RM
FRSIRT
XF
Tomex -- phpGalleryScriptPHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.
unknown
2007-04-12
7.0CVE-2007-2019
BUGTRAQ
VIM
UBBCentral -- UBB.threadsSQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.
unknown
2007-04-10
7.0CVE-2007-1956
BUGTRAQ
WebBlizzard -- Content Management SystemSession fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.
2007-03-30
2007-04-10
7.0CVE-2007-1949
BUGTRAQ
OTHER-REF
WitShare -- WitShareDirectory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the menu parameter.
unknown
2007-04-10
7.0CVE-2007-1928
BUGTRAQ
BID
XodaGallery -- XodaGallery** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion.
unknown
2007-04-12
7.0CVE-2007-2020
BUGTRAQ
VIM
XF
Xoops -- Rha7 Downloads ModuleSQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-04-11
7.0CVE-2007-1960
MILW0RM
BID
Xoops -- WF-SnippetsSQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat op action.
unknown
2007-04-11
7.0CVE-2007-1962
MILW0RM
XF
Xoops -- Happy Linux XFsection
WF-Sections -- WF-Sections
Xoops -- ZMagazine		SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.
unknown
2007-04-11
7.0CVE-2007-1974
MILW0RM
MILW0RM
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
VIM
BID
BID
BID
FRSIRT
FRSIRT
FRSIRT
XF
XF
XF
Xoops -- Xoops Virii Info Module** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.
unknown
2007-04-11
7.0CVE-2007-1976
MILW0RM
VIM
VIM
FRSIRT
XF
Xoops -- Xoops PopnupBlogSQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and 3.05 might also be affected.
unknown
2007-04-11
7.0CVE-2007-1979
MILW0RM
BID
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2007-04-10
5.6CVE-2007-1919
BUGTRAQ
BID
 Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.
unknown
2007-04-10
4.9CVE-2007-1933
MILW0RM
AlstraSoft -- Video Share EnterpriseSQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
unknown
2007-04-12
4.2CVE-2007-2018
OTHER-REF
BID
FRSIRT
SECUNIA
Apache Software Foundation -- Apache HTTP ServerMultiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the vendor has reportedly disputed this issue, stating that "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
unknown
2007-04-13
5.6CVE-2007-1741
IDEFENSE
MLIST
MLIST
BID
SECTRACK
XF
Barnraiser -- AROUNDMeMultiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php. NOTE: this issue might overlap CVE-2006-5533.
unknown
2007-04-11
5.6CVE-2007-1986
MILW0RM
BID
Crea-Book -- Crea-BookMultiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
unknown
2007-04-12
4.2CVE-2007-2001
MILW0RM
Debian -- Debian LinuxBuffer overflow in man and man-db 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.
unknown
2007-04-10
4.9CVE-2006-4250
DEBIAN
BID
FRSIRT
FRSIRT
DreamCodes -- Scorp BookPHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
unknown
2007-04-10
5.6CVE-2007-1937
MILW0RM
FRSIRT
eCardMAX.com -- Hot Editor
MyBB -- MyBB Hot Editor Plugin		Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
unknown
2007-04-10
5.6CVE-2007-1906
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Guernion Sylvain Portail -- Web PhpMultiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.
unknown
2007-04-10
5.6CVE-2007-1957
BUGTRAQ
InoutMailingListManager -- InoutMailingListManagerInoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.
unknown
2007-04-12
5.6CVE-2007-2002
MILW0RM
InoutMailingListManager -- InoutMailingListManagerInoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.
unknown
2007-04-12
5.6CVE-2007-2003
MILW0RM
JBMC Software -- DirectAdminCross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.
unknown
2007-04-10
5.6CVE-2007-1926
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
lite-cms -- lite-cmsPHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
unknown
2007-04-11
5.6CVE-2007-1984
BUGTRAQ
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP		The Windows Kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 uses insecure permissions on mapped memory segments, which allows local users to gain privileges.
unknown
2007-04-10
5.6CVE-2007-1206
MS
Microsoft -- Windows VistaUse-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.
unknown
2007-04-10
5.6CVE-2007-1209
BUGTRAQ
MS
Microsoft -- WordBuffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
unknown
2007-04-10
5.6CVE-2007-1910
MILW0RM
BID
Microsoft -- Windows NT
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP		Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.
unknown
2007-04-10
5.6CVE-2007-1912
MILW0RM
BID
Microsoft -- Windows NTRace condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.
unknown
2007-04-11
5.6CVE-2007-1973
BUGTRAQ
OTHER-REF
Pathos -- Content Management SystemPHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-04-10
5.6CVE-2007-1907
MILW0RM
PHP-Nuke -- eBoard ModuleDirectory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.
unknown
2007-04-10
5.6CVE-2007-1934
MILW0RM
FRSIRT
PHP121 -- PHP121 Instant MessengerPHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.
unknown
2007-04-10
5.6CVE-2007-1908
MILW0RM
phpContact -- phpContact** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php. NOTE: this issue is disputed by CVE and a reliable third party, because include_path is initialized to a fixed value before use.
unknown
2007-04-10
5.6CVE-2007-1924
BUGTRAQ
VIM
Pineapple Technologies -- QuizShockCross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".
unknown
2007-04-10
5.6CVE-2007-1905
BUGTRAQ
BID
Really Simple PHP and Ajax -- Really Simple PHP and AjaxMultiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.
unknown
2007-04-11
5.6CVE-2007-1982
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Request It -- Request ItPHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
unknown
2007-04-12
5.6CVE-2007-2015
BUGTRAQ
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
Sam Crew -- MyBlogPHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.
unknown
2007-04-11
5.6CVE-2007-1968
BUGTRAQ
VIM
BID
Scar4U.de -- ScarAdControllerPHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.
unknown
2007-04-10
5.6CVE-2007-1935
MILW0RM
Scar4U.de -- ScarAdControllerPHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.
unknown
2007-04-10
5.6CVE-2007-1936
MILW0RM
SimpCMS -- SimpCMSPHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
unknown
2007-04-12
5.6CVE-2007-2009
MILW0RM
VIM
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
unknown
2007-04-09
5.6CVE-2007-1895
MILW0RM
FRSIRT
SECUNIA
SLAED -- Content Management SystemMultiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.
unknown
2007-04-11
5.6CVE-2007-1975
BUGTRAQ
XF
Stat12 -- Stat12PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter. NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected. This could be an invalid report.
unknown
2007-04-11
5.6CVE-2007-1967
BUGTRAQ
TinyMUX -- TinyMUXUnspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."
unknown
2007-04-11
4.9CVE-2007-1959
OTHER-REF
FRSIRT
Tru-Zone -- NukeETThe borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.
unknown
2007-04-10
4.2CVE-2007-1925
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
WordPress -- WordPressSQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
unknown
2007-04-09
4.2CVE-2007-1897
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Directory traversal vulnerability in downloadpic.php in Beryo 2.0 allows remote atatckers to read arbitrary files via a .. (dot dot) in the chemin parameter.
unknown
2007-04-10
2.3CVE-2007-1929
MILW0RM
FRSIRT
XF
Adobe -- BridgeUnspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors.
unknown
2007-04-11
3.9CVE-2007-1279
OTHER-REF
BID
FRSIRT
SECTRACK
Adobe -- ColdFusion MXAdobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.
unknown
2007-04-11
3.9CVE-2007-1874
OTHER-REF
IDEFENSE
SECUNIA
AOL -- ICQ
AOL -- Instant Messenger		Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
unknown
2007-04-10
1.9CVE-2007-1904
IDEFENSE
BID
Apple -- AirPort ExtremeThe AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1 does not properly enforce password protection of a USB hard drive, which allows remote attackers on the local network to list arbitrary directories.
unknown
2007-04-10
1.9CVE-2007-0734
OTHER-REF
APPLE
FRSIRT
SECUNIA
bftpd -- bftpdDouble-free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. NOTE: some of these details are obtained from third party information.
unknown
2007-04-12
2.0CVE-2007-2010
OTHER-REF
SECUNIA
cattaDoc -- cattaDocDirectory traversal vulnerability in download2.php in cattaDoc 2.21 allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.
unknown
2007-04-10
3.3CVE-2007-1930
MILW0RM
FRSIRT
XF
DeskPRO -- DeskPROCross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2007-04-12
1.9CVE-2007-2011
BUGTRAQ
BID
SECUNIA
DotClear -- DotClearMultiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.
unknown
2007-04-12
1.9CVE-2007-1989
OTHER-REF
OTHER-REF
SECUNIA
DropAFew -- DropAFewDropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php; (2) add arbitrary links via links.php; or (3) create arbitrary users via newaccount2.php.
unknown
2007-04-11
2.3CVE-2007-1364
OTHER-REF
OTHER-REF
BID
SECUNIA
exV2 -- Content Management SystemMultiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.
2007-04-01
2007-04-11
1.9CVE-2007-1965
BUGTRAQ
OTHER-REF
BID
exV2 -- Content Management SystemSession fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.
unknown
2007-04-11
2.3CVE-2007-1966
BUGTRAQ
OTHER-REF
HP -- HP-UXUnspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details, it is not clear whether this is the same as CVE-2007-0916.
unknown
2007-04-12
2.3CVE-2007-1994
HP
BID
SECTRACK
IBM -- Tivoli Business Service ManagerIBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.
unknown
2007-04-10
2.3CVE-2007-1940
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- Lotus NotesCross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.
unknown
2007-04-10
1.9CVE-2007-1941
OTHER-REF
OTHER-REF
SECTRACK
IBM -- WebSphere Application ServerThe Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability.
unknown
2007-04-10
2.3CVE-2007-1944
OTHER-REF
FRSIRT
Ichitaro -- IchitaroIchitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact, possibly cross-site scripting (XSS), via unspecified vectors in a document distributed through e-mail or a web site.
unknown
2007-04-10
1.9CVE-2007-1938
OTHER-REF
FRSIRT
SECUNIA
IPsec-Tools -- IPsec-ToolsThe isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.
unknown
2007-04-10
2.3CVE-2007-1841
MLIST
OTHER-REF
FRSIRT
SECUNIA
JEX-Treme -- Einfacher PassworschutzCross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-04-12
1.9CVE-2007-2013
OTHER-REF
FRSIRT
Linux -- KernelThe atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
unknown
2007-04-10
3.3CVE-2007-1357
OTHER-REF
OTHER-REF
BID
SECUNIA
Metamod-P -- Metamod-PThe safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.
unknown
2007-04-11
3.3CVE-2007-1981
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- .NET FrameworkMicrosoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
unknown
2007-04-10
1.9CVE-2006-7192
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Microsoft -- Content Management ServerCross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability"
unknown
2007-04-10
1.9CVE-2007-0939
MS
Microsoft -- WordMultiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
unknown
2007-04-10
2.7CVE-2007-1911
MILW0RM
MimarSinan -- CompreXXMultiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.
unknown
2007-04-12
3.7CVE-2007-2012
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.
unknown
2007-04-11
2.3CVE-2007-1970
BUGTRAQ
MyBB -- MyBB
MyBulletinBoard -- MyBulletinBoard		member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.
unknown
2007-04-11
3.4CVE-2007-1964
BUGTRAQ
Parakey Inc. -- FirebugCross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.
unknown
2007-04-10
1.1CVE-2007-1947
BUGTRAQ
OTHER-REF
OTHER-REF
PHP -- PHPCRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
unknown
2007-04-10
2.3CVE-2007-1900
OTHER-REF
BID
SECUNIA
PHPEcho CMS -- PHPEcho CMSCross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-04-11
1.9CVE-2007-1988
BUGTRAQ
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.
unknown
2007-04-12
1.9CVE-2007-2016
BUGTRAQ
Quagga -- Quagga Routing Software Suitebgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.
unknown
2007-04-12
2.7CVE-2007-1995
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Sam Crew -- MyBlogCross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-04-11
1.9CVE-2007-1969
BUGTRAQ
SAP -- RFC LibraryThe TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
2.3CVE-2007-1913
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC LibraryThe RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
3.3CVE-2007-1914
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SAP -- RFC LibraryThe RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-04-10
2.3CVE-2007-1918
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sky Gunning -- MySpeachDirectory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
unknown
2007-04-09
3.7CVE-2007-1896
MILW0RM
FRSIRT
SECUNIA
TinyMUX -- TinyMUXBuffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.
unknown
2007-04-11
2.3CVE-2007-1958
OTHER-REF
FRSIRT
WebBlizzard -- Content Management SystemCross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.
unknown
2007-04-10
1.9CVE-2007-1950
BUGTRAQ
OTHER-REF
WordPress -- WordPressxmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
unknown
2007-04-09
3.4CVE-2007-1893
OTHER-REF
OTHER-REF
SECUNIA
XF
WordPress -- WordPressCross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
unknown
2007-04-09
1.9CVE-2007-1894
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
YoungZSoft -- CMailServerCross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.
unknown
2007-04-10
1.9CVE-2007-1927
BUGTRAQ
BID
YoungZSoft -- CMailServerCross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.
unknown
2007-04-12
1.9CVE-2007-1991
BID
SECUNIA
XF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.