Vulnerability Summary for the Week of May 14, 2007
Released
May 21, 2007
Document ID
SB07-141
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 3Com -- TippingPoint IMS 50 3Com -- TippingPoint IMS 2400E 3Com -- TippingPoint IMS 5000E 3Com -- TippingPoint IMS X505 3Com -- TippingPoint IMS 600E 3Com -- TippingPoint IMS 200 3Com -- TippingPoint IMS 200E 3Com -- TippingPoint IMS X506 | The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. |
| 7.0 | CVE-2007-2734 BUGTRAQ OTHER-REF OTHER-REF CERT-VN FRSIRT SECUNIA | ||
| Adobe -- Creative Suite | The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. |
| 7.0 | CVE-2007-2682 OTHER-REF BID SECTRACK SECUNIA | ||
| Agner Fog -- aForum | PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. |
| 7.0 | CVE-2007-2596 MILW0RM BID FRSIRT SECUNIA | ||
| Apple -- Quicktime | Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. |
| 8.0 | CVE-2007-0754 BUGTRAQ OTHER-REF OTHER-REF BID XF | ||
| b2evolution -- b2evolution | Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter. |
| 7.0 | CVE-2007-2681 BUGTRAQ XF | ||
| BEA Systems -- WebLogic Server | The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. |
| 7.0 | CVE-2007-2696 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. |
| 7.0 | CVE-2007-2697 BEA FRSIRT SECTRACK SECUNIA | ||
| Beacon -- Beacon | PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. |
| 7.0 | CVE-2007-2663 MILW0RM | ||
| Censura -- Censura | SQL injection vulnerability in censura.php in Censura 1.15.04 allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action. |
| 7.0 | CVE-2007-2673 MILW0RM BID | ||
| Centennial -- Discovery Symantec -- Discovery Numara -- Asset Manager | Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. |
| 10.0 | CVE-2007-1173 OTHER-REF OTHER-REF OTHER-REF FRSIRT FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA | ||
| Clever Components -- Clever Database Comparer | Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function. |
| 8.0 | CVE-2007-2648 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Comodo -- Comodo Personal Firewall Comodo -- Comodo Firewall Pro | Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. |
| 7.0 | CVE-2007-2729 BUGTRAQ OTHER-REF | ||
| Comodo -- Comodo Personal Firewall Comodo -- Comodo Firewall Pro Check Point Software -- ZoneAlarm | Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. |
| 7.0 | CVE-2007-2730 BUGTRAQ OTHER-REF | ||
| Computer Associates -- eTrust Integrated Threat Management Computer Associates -- eTrust PestPatrol Computer Associates -- eTrust EZ Antivirus | Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. |
| 10.0 | CVE-2007-2522 OTHER-REF BID FRSIRT BUGTRAQ OTHER-REF CERT-VN SECTRACK SECUNIA | ||
| Computer Associates -- Integrated Threat Management Computer Associates -- Anti-Virus | CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. |
| 7.0 | CVE-2007-2523 IDEFENSE OTHER-REF BID FRSIRT BUGTRAQ OTHER-REF CERT-VN SECTRACK SECUNIA | ||
| DB Soft Lab -- VImp X | Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter. |
| 10.0 | CVE-2007-2667 MILW0RM | ||
| DB Soft Lab -- DeWizardX | The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. |
| 10.0 | CVE-2007-2725 OTHER-REF OTHER-REF BID | ||
| DivX City -- GDivX Zenith Player | Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. |
| 8.0 | CVE-2007-2601 MILW0RM BID | ||
| Drumster -- BlogMe | SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. |
| 7.0 | CVE-2007-2661 MILW0RM BID XF | ||
| EfesTECH Haber -- EfesTECH Haber | SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI. |
| 7.0 | CVE-2007-2662 MILW0RM | ||
| EQdkp -- EQdkp | Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2716 FULLDISC FULLDISC BID SECUNIA | ||
| Feindt Computerservice -- News-Script | PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. |
| 7.0 | CVE-2007-2708 MILW0RM BID FRSIRT | ||
| Fotolog -- Fotolog | Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| 7.0 | CVE-2007-2724 BUGTRAQ | ||
| Free-SA -- Free-SA | Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-2652 OTHER-REF BID FRSIRT | ||
| FreeType -- FreeType | Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow. |
| 10.0 | CVE-2007-2754 MLIST OTHER-REF OTHER-REF | ||
| Geeklog -- Media Gallery | PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. |
| 7.0 | CVE-2007-2706 MILW0RM | ||
| Glossword -- Glossword | PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. |
| 7.0 | CVE-2007-2743 MILW0RM BID | ||
| GNU Edu -- GNU Edu | Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php. |
| 7.0 | CVE-2007-2609 MILW0RM BID FRSIRT XF | ||
| HP -- Systems Insight Manager | Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. |
| 10.0 | CVE-2007-2719 OTHER-REF HP FRSIRT SECUNIA | ||
| iFusionServices -- iFdate | ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. |
| 7.0 | CVE-2007-2713 BUGTRAQ OTHER-REF BID | ||
| iGeneric -- iG Shop | SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. |
| 7.0 | CVE-2007-2717 MILW0RM BID | ||
| Jetbox -- Jetbox CMS | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. |
| 7.0 | CVE-2007-2732 BUGTRAQ FRSIRT | ||
| labs.beffa.org -- w2box | Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg. |
| 7.0 | CVE-2007-2742 BUGTRAQ BID XF | ||
| LaVague -- LaVague | PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter. |
| 7.0 | CVE-2007-2607 MILW0RM BID FRSIRT XF | ||
| libexif -- libexif | Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. |
| 8.0 | CVE-2007-2645 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Little CMS -- Little CMS | Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. |
| 7.0 | CVE-2007-2741 OTHER-REF BID FRSIRT SECUNIA | ||
| MH Software -- Connect Daily | Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors. |
| 7.0 | CVE-2007-2712 OTHER-REF BID FRSIRT SECUNIA | ||
| Microsoft -- Internet Explorer Stalker -- Communigate Pro | Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. |
| 7.0 | CVE-2007-2718 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| NagiosQL -- NagiosQL 2005 | PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. |
| 7.0 | CVE-2007-2709 MILW0RM BID FRSIRT | ||
| NagiosQL -- NagiosQL | PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2710 FRSIRT | ||
| Netsprint -- Netsprint Toolbar | Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-2678 BUGTRAQ BUGTRAQ | ||
| Notepad++ -- Notepad++ | Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1 and earlier allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-2666 MILW0RM SECUNIA | ||
| Open Translation Engine -- Open Translation Engine | PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter. |
| 7.0 | CVE-2007-2676 MILW0RM VIM BID | ||
| OpenLD -- OpenLD | Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter. |
| 7.0 | CVE-2007-2610 OTHER-REF OTHER-REF OTHER-REF SECUNIA BID FRSIRT | ||
| PHP -- PHP | The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. |
| 10.0 | CVE-2007-2727 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| PHP FirstPost -- PHP FirstPost | PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. |
| 7.0 | CVE-2007-2665 MILW0RM BID | ||
| phpChess -- phpChess | Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php. |
| 7.0 | CVE-2007-2677 MILW0RM VIM BID | ||
| PHPGlossar -- PHPGlossar | Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php. |
| 7.0 | CVE-2007-2751 MILW0RM | ||
| Pre Projects -- Pre Shopping Mall | SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. |
| 7.0 | CVE-2007-2674 MILW0RM BID | ||
| Pre Projects -- Pre Classifieds Listings | SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| 7.0 | CVE-2007-2675 MILW0RM BID XF | ||
| PrecisionID Barcode -- PrecisionID Barcode | Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657. |
| 7.0 | CVE-2007-2744 OTHER-REF OTHER-REF SECUNIA | ||
| PrecisionID Barcode -- PrecisionID Barcode | The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. |
| 10.0 | CVE-2007-2755 MILW0RM OTHER-REF OTHER-REF | ||
| Samba -- Samba | Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. |
| 7.0 | CVE-2007-2444 BUGTRAQ OTHER-REF OTHER-REF MANDRIVA SLACKWARE FRSIRT SECUNIA SECUNIA SECUNIA | ||
| Samba -- Samba | Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests. |
| 10.0 | CVE-2007-2446 BUGTRAQ OTHER-REF OTHER-REF MANDRIVA REDHAT SLACKWARE CERT-VN BID FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA | ||
| SimpleNews -- SimpleNews | SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
| 10.0 | CVE-2007-2598 MILW0RM FRSIRT OTHER-REF BID SECUNIA | ||
| SimpNews -- SimpNews | SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. |
| 7.0 | CVE-2007-2750 MILW0RM | ||
| Snaps Gallery -- Snaps Gallery | Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. |
| 10.0 | CVE-2007-2715 MILW0RM OTHER-REF BID FRSIRT | ||
| Symantec -- Norton Personal Firewall Symantec -- Norton Internet Security | Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. |
| 10.0 | CVE-2007-1689 OTHER-REF | ||
| TellTargetCMS -- TellTarget CMS | Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. |
| 7.0 | CVE-2007-2597 MILW0RM BID FRSIRT | ||
| Thinc4orce Marketing Group -- PHP Coupon Script | SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. |
| 7.0 | CVE-2007-2672 MILW0RM BID XF | ||
| TinyIRC -- TinyIdentD | Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113. |
| 10.0 | CVE-2007-2711 MILW0RM SECUNIA | ||
| Tomasz Rekawek -- Yet Another Asterisk Panel | PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. |
| 7.0 | CVE-2007-2664 MILW0RM | ||
| Touteresa -- ResManager | SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. |
| 7.0 | CVE-2007-2735 MILW0RM BID FRSIRT | ||
| VCDGear -- VCDGear | Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file. |
| 8.0 | CVE-2007-2568 OTHER-REF FRSIRT SECUNIA | ||
| VooDoo cIRCle -- VooDoo cIRCle | Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets. |
| 7.0 | CVE-2007-2651 OTHER-REF BID FRSIRT | ||
| Wavelink Media -- TutorialCMS | Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. |
| 7.0 | CVE-2007-2599 MILW0RM BID FRSIRT SECUNIA | ||
| Wavelink Media -- TutorialCMS | Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. |
| 7.0 | CVE-2007-2600 MILW0RM BID FRSIRT | ||
| webdesproxy -- webdesproxy | Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL. |
| 7.0 | CVE-2007-2668 MILW0RM | ||
| Xoops -- MyConference Module | SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2737 FRSIRT | ||
| Xoops -- Xoops Glossaire Module | SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. |
| 7.0 | CVE-2007-2738 MILW0RM BID | ||
| yEnc32 -- yEnc32 | Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. |
| 8.0 | CVE-2007-2646 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. |
| 5.6 | CVE-2007-2695 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. |
| 4.8 | CVE-2007-2699 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Portal | BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. |
| 4.2 | CVE-2007-2703 BEA FRSIRT SECUNIA | ||
| Caucho Technology -- Resin | Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. |
| 6.7 | CVE-2007-2439 OTHER-REF OTHER-REF SECTRACK SECUNIA | ||
| Drake Team -- Drake CMS | CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS." |
| 5.6 | CVE-2007-2618 BUGTRAQ BID XF | ||
| Linksnet -- Newsfeed | PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. |
| 5.6 | CVE-2007-2707 MILW0RM SECUNIA | ||
| Matt Mullenweg -- Akismet | Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. |
| 4.9 | CVE-2007-2714 OTHER-REF OTHER-REF BID | ||
| Monalbum -- Monalbum | Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. |
| 4.2 | CVE-2007-2647 MILW0RM OTHER-REF BID FRSIRT SECUNIA | ||
| Mutt -- Mutt | Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. |
| 4.9 | CVE-2007-2683 OTHER-REF | ||
| MySQL -- MySQL | The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. |
| 4.2 | CVE-2007-2692 OTHER-REF OTHER-REF FRSIRT | ||
| NetWin -- SurgeMail NetWin -- WebMail | Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors. |
| 4.9 | CVE-2007-2655 OTHER-REF BID SECUNIA | ||
| PHP -- PHP | The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-????. |
| 4.9 | CVE-2007-2728 OTHER-REF | ||
| RunawaySoft -- Haber Portal | SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 4.7 | CVE-2007-2752 MILW0RM BID | ||
| Simple PHP Scripts Gallery -- Simple PHP Scripts Gallery | PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-2679 VIM BID SECUNIA | ||
| SonicBB -- SonicBB | Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. |
| 5.6 | CVE-2007-1902 FULLDISC OTHER-REF OSVDB | ||
| VIM Development Group -- VIM | Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has unspecified attack vectors and impact. |
| 4.9 | CVE-2007-2653 MLIST OTHER-REF VIM | ||
| Vincent Blavet -- PhpConcept Library CJG EXPLORER PRO -- CJG EXPLORER PRO | ** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199. |
| 5.6 | CVE-2007-2660 MILW0RM VIM SECUNIA | ||
| xajax -- xajax | Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS. |
| 4.9 | CVE-2007-2740 OTHER-REF SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Achievo -- Achievo | PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. |
| 1.9 | CVE-2007-2736 MILW0RM BID XF | ||
| Audio CD Tools -- Audio CD Ripper OCX | Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. |
| 3.3 | CVE-2007-2603 BUGTRAQ BID | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-2694 BEA FRSIRT SECUNIA | ||
| BEA Systems -- WebLogic Server | The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. |
| 2.3 | CVE-2007-2698 BEA FRSIRT SECTRACK | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. |
| 1.4 | CVE-2007-2700 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Server | The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." |
| 3.4 | CVE-2007-2701 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Portal | Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. |
| 1.1 | CVE-2007-2702 BEA FRSIRT SECUNIA | ||
| BEA Systems -- WebLogic Server | BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. |
| 2.7 | CVE-2007-2704 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Integration BEA Systems -- WebLogic Workshop | Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. |
| 3.3 | CVE-2007-2705 BEA FRSIRT | ||
| BitsCast -- BitsCast | BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. |
| 3.3 | CVE-2007-2726 MILW0RM BID | ||
| Brew City Software -- FlexLabel OCX | Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property. |
| 3.3 | CVE-2007-2604 BUGTRAQ | ||
| Brujula Toolbar -- Brujula Toolbar | Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. |
| 2.7 | CVE-2007-2605 BUGTRAQ BID | ||
| Bugada Andrea -- PHP Advanced Transfer Manager | Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action. |
| 3.3 | CVE-2007-2659 MILW0RM | ||
| Canon -- Network Camera Server VB150 Canon -- Network Camera Server VB101 Canon -- Network Camera Server VB100 | Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-2680 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Caucho Technology -- Resin | Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence. |
| 3.3 | CVE-2007-2440 OTHER-REF OTHER-REF SECTRACK SECUNIA | ||
| Caucho Technology -- Resin | Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. |
| 3.3 | CVE-2007-2441 OTHER-REF OTHER-REF SECTRACK SECUNIA | ||
| Check Point Software -- Web Intelligence | Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. |
| 3.3 | CVE-2007-2689 OTHER-REF CERT-VN | ||
| Cisco -- Cisco IOS Cisco -- Intrusion Prevention System | The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. |
| 3.3 | CVE-2007-2688 OTHER-REF CISCO CERT-VN BID FRSIRT SECUNIA | ||
| Clam Anti-Virus -- ClamXAV Clam Anti-Virus -- ClamAV Clam Anti-Virus -- ClamWin | The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. |
| 2.3 | CVE-2007-2650 MLIST OTHER-REF FRSIRT SECUNIA | ||
| FAQEngine -- FAQEngine | SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. |
| 2.3 | CVE-2007-2749 MILW0RM | ||
| Firebird -- Firebird | Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. |
| 3.3 | CVE-2007-2606 BUGTRAQ | ||
| GlobalMegaCorp -- PHPChain | Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure. |
| 1.9 | CVE-2007-2669 OTHER-REF BID | ||
| GlobalMegaCorp -- PHPChain | PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations. |
| 2.3 | CVE-2007-2670 OTHER-REF BID | ||
| Group-Office -- Group-Office Groupware | Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-2720 OTHER-REF BID FRSIRT | ||
| HP -- hpqvwocx.dll | Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. |
| 3.3 | CVE-2007-2656 MILW0RM BID | ||
| ID Automation -- Linear Barcode | Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. |
| 3.3 | CVE-2007-2658 MILW0RM OTHER-REF OTHER-REF OTHER-REF | ||
| Internet Security Systems -- Proventia G Series XPU Internet Security Systems -- Proventia A Series XPU Internet Security Systems -- Proventia M Series XPU | Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. |
| 3.3 | CVE-2007-2690 OTHER-REF CERT-VN | ||
| Ipswitch -- WhatsUp Gold | Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. |
| 3.3 | CVE-2007-2602 BUGTRAQ | ||
| Jasper JPEG-2000 -- Jasper JPEG-2000 | The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert. |
| 1.9 | CVE-2007-2721 OTHER-REF OTHER-REF OTHER-REF | ||
| Jetbox -- Jetbox CMS | formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. |
| 3.7 | CVE-2007-1898 BUGTRAQ OTHER-REF BID FRSIRT OSVDB SECTRACK XF | ||
| Jetbox -- Jetbox CMS | CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. |
| 3.7 | CVE-2007-2731 BUGTRAQ OTHER-REF BID FRSIRT OSVDB SECTRACK XF | ||
| Jetbox -- Jetbox CMS | Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448. |
| 3.4 | CVE-2007-2733 BUGTRAQ | ||
| Linux -- Kernel | The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs"). |
| 1.6 | CVE-2006-7203 OTHER-REF | ||
| Media Player Classic -- Media Player Classic | Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. |
| 2.7 | CVE-2007-2723 BUGTRAQ BUGTRAQ BID XF | ||
| Mozilla -- Firefox | Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. |
| 2.7 | CVE-2007-2671 FULLDISC OTHER-REF BID XF | ||
| MyBB -- MyBB | MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. |
| 2.3 | CVE-2007-0689 FULLDISC OTHER-REF | ||
| MySQL -- MySQL | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. |
| 2.8 | CVE-2007-2691 OTHER-REF OTHER-REF FRSIRT | ||
| MySQL -- MySQL | MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. |
| 2.0 | CVE-2007-2693 OTHER-REF OTHER-REF FRSIRT | ||
| NewzCrawler -- NewzCrawler | Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence. |
| 3.3 | CVE-2007-2722 MILW0RM | ||
| PHP -- PHP | The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. |
| 1.9 | CVE-2007-2748 OTHER-REF VIM BID | ||
| PinkCrow Designs -- maGAZIn | Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. |
| 3.3 | CVE-2007-2643 MILW0RM OTHER-REF BID FRSIRT SECUNIA | ||
| Plain Black -- WebGUI | The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. |
| 1.1 | CVE-2007-2746 OTHER-REF FRSIRT | ||
| PNG Reference Library -- libpng | The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. |
| 2.3 | CVE-2007-2445 OTHER-REF OTHER-REF OTHER-REF CERT-VN FRSIRT SECUNIA | ||
| PrecisionID Barcode -- PrecisionID Barcode | Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method. |
| 3.3 | CVE-2007-2657 MILW0RM OTHER-REF OTHER-REF | ||
| rdiffWeb -- rdiffWeb | Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI. |
| 2.3 | CVE-2007-2747 MLIST OTHER-REF FRSIRT | ||
| RunawaySoft -- Haber Portal | RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. |
| 2.3 | CVE-2007-2753 MILW0RM | ||
| Samba -- Samba | The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. |
| 3.4 | CVE-2007-2447 BUGTRAQ OTHER-REF IDEFENSE OTHER-REF MANDRIVA REDHAT SLACKWARE CERT-VN BID FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA | ||
| SonicBB -- SonicBB | SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. |
| 1.9 | CVE-2007-1901 FULLDISC OTHER-REF OSVDB | ||
| SonicBB -- SonicBB | Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. |
| 1.9 | CVE-2007-1903 FULLDISC OTHER-REF OSVDB | ||
| T-Com -- Speedport W 700v | Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script. |
| 3.3 | CVE-2007-2649 BUGTRAQ OTHER-REF SECUNIA | ||
| vDesk -- Webmail | Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-2745 BID | ||
| xajax -- xajax | Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-2739 OTHER-REF SECUNIA | ||
| xfsdump -- xfsdump SuSE -- SuSE Linux School Server SuSE -- SuSE Open Enterprise Server SuSE -- SuSE Linux Openexchange Server SuSE -- OpenSuSE SuSE -- SuSE Linux Enterprise Server SuSE -- SuSE Linux Standard Server SuSE -- SuSE Linux Desktop | xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. |
| 3.9 | CVE-2007-2654 SUSE BID SECUNIA | ||
| Yet Another Telephony Engine -- Yet Another Telephony Engine | The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using a incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter. |
| 3.3 | CVE-2007-1693 BUGTRAQ OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.