Vulnerability Summary for the Week of June 11, 2007
Released
Jun 18, 2007
Document ID
SB07-169
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| American Financing -- Link Request Contact Form | Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. |
| 7.0 | CVE-2007-3199 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
| Apple -- Safari | Apple Safari for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demoonstrated using a gopher URI. |
| 8.0 | CVE-2007-3186 BUGTRAQ FULLDISC OTHER-REF BID XF | ||
| Apple -- Safari | Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. NOTE: as of 20070612, the original disclosure has no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. |
| 7.0 | CVE-2007-3187 OTHER-REF | ||
| Cellosoft -- Cellosoft Tokens Object | Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 8.0 | CVE-2007-3210 BID SECUNIA | ||
| Cisco -- Trust Agent | Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. |
| 7.0 | CVE-2007-3184 BUGTRAQ CISCO BID XF | ||
| Computer Associates -- BrightStor ARCserve Backup for Laptops & Desktops | Multiple unspecified vulnerabilities in the server component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via unknown attack vectors. NOTE: this information is based upon a vague pre-advisory. It is possible that this will be SPLIT when more details are released. |
| 10.0 | CVE-2007-3216 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Daniel Stenberg -- c-ares | c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. |
| 7.0 | CVE-2007-3152 OTHER-REF BID SECUNIA | ||
| EDraw -- Office Viewer Component | A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20 allows remote attackers to delete arbitrary files via the DeleteLocalFile method. |
| 8.0 | CVE-2007-3168 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
| eGroupWare -- eGroupWare | Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3154 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
| eGroupWare -- eGroupWare | Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. NOTE: due to lack of details from the vendor, it is uncertain whether this issue is already covered by another CVE identifier. |
| 7.0 | CVE-2007-3155 OTHER-REF OTHER-REF BID SECUNIA | ||
| Firebird -- Firebird BakBone -- NetVault | Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." |
| 7.0 | CVE-2007-3181 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| GeometriX Download Portal -- GeometriX Download Portal | SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-3188 MILW0RM BID SECUNIA | ||
| Google -- Google Desktop | Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. |
| 8.0 | CVE-2007-3150 OTHER-REF OTHER-REF | ||
| Jelsoft -- vBSupport Integrated Ticket System | SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. |
| 7.0 | CVE-2007-3196 BUGTRAQ BID XF | ||
| Jelsoft -- vBSupport Integrated Ticket System | SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2007-3197 OTHER-REF | ||
| JFFNMS -- JFFNMS | SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this issue reportedly exists because of an initial incomplete fix for CVE-2007-3190. The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-3204 SECUNIA | ||
| libexif -- libexif | Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. |
| 7.0 | CVE-2006-4168 IDEFENSE OTHER-REF FRSIRT SECUNIA | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption. |
| 8.0 | CVE-2007-0218 MS | ||
| Microsoft -- Visio | Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. |
| 8.0 | CVE-2007-0934 MS | ||
| Microsoft -- Visio Microsoft -- Office | Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." |
| 8.0 | CVE-2007-0936 MS | ||
| Microsoft -- Internet Explorer | Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. |
| 8.0 | CVE-2007-1750 MS | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, aka "Uninitialized Memory Corruption Vulnerability." |
| 8.0 | CVE-2007-1751 MS | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 7 allows remote attackers to spoof web site content and execute arbitrary code via script that modifies the Navigation Cancel page, aka " Navigation Cancel Page Spoofing Vulnerability." NOTE: this issue might be a duplicate of CVE-2007-1499; if so, then this CVE will be REJECTED. |
| 8.0 | CVE-2007-1752 MS | ||
| Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Windows XP | Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. |
| 8.0 | CVE-2007-2218 MS | ||
| Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Windows XP | Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. |
| 8.0 | CVE-2007-2219 MS | ||
| Microsoft -- Internet Explorer | Multiple unspecified vulnerabilities in speech control ActiveX controls in (1) Xlisten.dll and (2) Xvoice.dll, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption. |
| 8.0 | CVE-2007-2222 MS | ||
| Microsoft -- Windows Vista | Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka " Permissive User Information Store ACLs Information Disclosure Vulnerability." |
| 7.0 | CVE-2007-2229 MS | ||
| Microsoft -- Internet Explorer | Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." |
| 8.0 | CVE-2007-3027 MS | ||
| myWebland -- myBloggie | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggie_root_path parameter to (1) config.php; (2) db.php, (3) template.php, (4) functions.php, and (5) classes.php in includes/; (6) viewmode.php; and (7) blog_body.php. NOTE: another researcher disputes the vulnerability because the files are protected against direct requests, contain no relevant include statements, or do not exist. |
| 7.0 | CVE-2007-3194 BUGTRAQ BUGTRAQ | ||
| newsSync -- newsSync | PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. |
| 7.0 | CVE-2007-3136 MILW0RM BID | ||
| OpenOffice -- OpenOffice | Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a crafted RTF file. |
| 8.0 | CVE-2007-0245 DEBIAN | ||
| Particle Blogger -- Particle Blogger | Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. |
| 7.0 | CVE-2007-3179 BUGTRAQ | ||
| PHP Real Estate Classifieds -- PHP Real Estate Classifieds | PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. |
| 7.0 | CVE-2007-3160 MILW0RM BID | ||
| PHPMailer -- PHPMailer | PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. |
| 8.0 | CVE-2007-3215 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
| PhpWiki -- PhpWiki | lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. |
| 10.0 | CVE-2007-3193 OTHER-REF OTHER-REF SECUNIA | ||
| Prototype Of An PHP Application -- Prototype Of An PHP Application | Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php. |
| 7.0 | CVE-2007-3217 BUGTRAQ BID | ||
| Software602 -- 602Pro LAN SUITE | Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-3203 BID SECUNIA | ||
| Todd Miller -- Sudo MIT -- Kerberos 5 | sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo." |
| 7.0 | CVE-2007-3149 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF BID | ||
| Vivotek -- MjpegControl | Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. |
| 8.0 | CVE-2007-3167 MILW0RM | ||
| W2B -- Online Banking | Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. |
| 7.0 | CVE-2007-3175 OTHER-REF XF | ||
| YaBB -- YaBB | CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code. |
| 10.0 | CVE-2007-3208 IDEFENSE OTHER-REF BID SECTRACK SECUNIA | ||
| Yahoo! -- Messenger Yahoo! -- Yahoo Webcam ActiveX Control | Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information. |
| 8.0 | CVE-2007-3147 FULLDISC MILW0RM OTHER-REF OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| Yahoo! -- Messenger Yahoo! -- Yahoo Webcam ActiveX Control | Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. |
| 8.0 | CVE-2007-3148 FULLDISC MILW0RM OTHER-REF OTHER-REF OTHER-REF CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| Zindizayn Okul Web Sistemi -- Zindizayn Okul Web Sistemi | Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. |
| 7.0 | CVE-2007-3178 BUGTRAQ | ||
| Zoomify -- Zoomify Viewer ActiveX Control | Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. |
| 8.0 | CVE-2007-2920 CERT-VN BID |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| e-Vision -- e-Vision CMS | SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. |
| 5.6 | CVE-2007-3214 MILW0RM BID FRSIRT SECUNIA XF | ||
| HP -- Help and Support Center | Buffer overflow in Help and Support Center before 4.4 C on HP systems allows remote attackers to read or write arbitrary files via unknown vectors. |
| 6.7 | CVE-2007-3180 OTHER-REF | ||
| Ingate -- Ingate Firewall Ingate -- Ingate SIParator | Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. |
| 4.2 | CVE-2007-3177 OTHER-REF FRSIRT SECUNIA | ||
| JFFNMS -- JFFNMS | Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. |
| 5.6 | CVE-2007-3190 FULLDISC SECUNIA | ||
| JFFNMS -- JFFNMS | Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. |
| 6.7 | CVE-2007-3191 FULLDISC SECUNIA | ||
| JFFNMS -- JFFNMS | admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. |
| 6.7 | CVE-2007-3192 FULLDISC SECUNIA | ||
| KDE -- Konqueror | Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
| 4.7 | CVE-2007-3143 OTHER-REF BID | ||
| Linux -- Kernel | The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. |
| 4.9 | CVE-2007-2453 MLIST MLIST OTHER-REF | ||
| Mozilla -- Mozilla | Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
| 4.7 | CVE-2007-3144 OTHER-REF BID | ||
| Qualcomm -- Eudora | Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. |
| 5.6 | CVE-2007-3166 MILW0RM | ||
| Visicom Media -- Ace-FTP | Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. |
| 5.6 | CVE-2007-3161 MILW0RM |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 3Com -- OfficeConnect Secure Router | Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. |
| 1.9 | CVE-2006-3974 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Almnzm -- Almnzm | Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters. |
| 2.3 | CVE-2007-3173 BUGTRAQ XF | ||
| Apache Software Foundation -- Tomcat | Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence. |
| 2.3 | CVE-2007-2449 BUGTRAQ OTHER-REF | ||
| Apple -- Safari | Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-2391 APPLE | ||
| Apple -- Safari | Apple Safari for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. |
| 3.3 | CVE-2007-3185 OTHER-REF | ||
| Arris -- Cadant C3 CMTS | Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. |
| 3.3 | CVE-2007-2796 OTHER-REF | ||
| Beehive Forum -- Beehive Forum | Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. |
| 2.3 | CVE-2007-3212 OTHER-REF BID SECUNIA | ||
| Bruce Corkhill -- Web Wiz Rich Text Editor | Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. |
| 1.9 | CVE-2007-3202 BUGTRAQ BID | ||
| Daniel Stenberg -- c-ares | The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. |
| 2.3 | CVE-2007-3153 OTHER-REF | ||
| Domain Technologie Control -- Domain Technologie Control | Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-3211 BID SECUNIA XF | ||
| EDraw -- Office Viewer Component | Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. |
| 1.9 | CVE-2007-3169 MILW0RM OTHER-REF BID FRSIRT SECUNIA XF | ||
| ERFAN WIKI -- ERFAN WIKI | Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-3195 BID SECUNIA | ||
| Frederico Caldeira Knabben -- FCKeditor | Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658. |
| 2.3 | CVE-2007-3163 OTHER-REF OTHER-REF | ||
| Galeon -- Galeon Browser | Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
| 3.7 | CVE-2007-3145 OTHER-REF BID | ||
| Hardened-PHP Project -- Subhosin PHP -- PHP Hardened-PHP Project -- Hardened-PHP | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Subhosin. |
| 2.3 | CVE-2007-3205 BUGTRAQ BUGTRAQ | ||
| Ingate -- Ingate Firewall Ingate -- Ingate SIParator | Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. |
| 1.4 | CVE-2007-3176 OTHER-REF FRSIRT SECUNIA | ||
| Invision Power Services -- Invision Power Board | Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. |
| 3.3 | CVE-2007-3219 OTHER-REF BID SECUNIA | ||
| JFFNMS -- JFFNMS | Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| 2.3 | CVE-2007-3189 FULLDISC SECUNIA | ||
| Linux -- Kernel | Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. |
| 2.3 | CVE-2007-2875 IDEFENSE OTHER-REF OTHER-REF BID | ||
| Linux -- Kernel | The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. |
| 2.3 | CVE-2007-2876 MLIST MLIST OTHER-REF | ||
| Maran -- PHP Blog | Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 2.3 | CVE-2007-3198 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
| Microsoft -- Outlook Express Microsoft -- Windows Mail | A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." |
| 1.9 | CVE-2007-2225 MS | ||
| Microsoft -- Outlook Express Microsoft -- Windows Mail | The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." |
| 1.9 | CVE-2007-2227 MS | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. |
| 3.7 | CVE-2007-3164 OTHER-REF OTHER-REF | ||
| MiniWeb HTTP Server -- MiniWeb HTTP Server | http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. |
| 2.3 | CVE-2007-3159 MILW0RM BID SECUNIA XF | ||
| NonGNU -- Mail Notification | Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. |
| 3.3 | CVE-2007-3209 OTHER-REF OTHER-REF SECUNIA XF | ||
| Novell -- Novell Modular Authentication Service | NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. |
| 2.3 | CVE-2007-3200 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Packeteer -- PacketShaper | rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. |
| 2.3 | CVE-2007-3151 BUGTRAQ BID | ||
| PHP Live! -- PHP Live! | Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. |
| 2.3 | CVE-2007-3218 OTHER-REF BID | ||
| Red Hat -- Red Hat Enterprise Linux Desktop Red Hat -- Red Hat Enterprise Linux | usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). |
| 3.3 | CVE-2007-3099 OTHER-REF OTHER-REF REDHAT SECUNIA | ||
| Red Hat -- Red Hat open-iscsi | usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. |
| 2.3 | CVE-2007-3100 OTHER-REF OTHER-REF REDHAT SECUNIA | ||
| SafeNet -- SafeNet HighAssurance Remote SafeNet -- SoftRemote VPN Client | IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. |
| 2.3 | CVE-2007-3157 FULLDISC OTHER-REF BID XF | ||
| SpamAssassin -- SpamAssassin | SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. |
| 1.3 | CVE-2007-2873 OTHER-REF | ||
| Sporum Forum -- Sporum Forum | Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. |
| 1.9 | CVE-2007-3213 OTHER-REF SECUNIA | ||
| Subversion -- Subversion | Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. |
| 2.0 | CVE-2007-2448 OTHER-REF BID SECTRACK | ||
| TenYearsGone -- ASP Folder Gallery | download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. |
| 2.3 | CVE-2007-3158 BUGTRAQ BID | ||
| Tor -- Tor | Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. |
| 2.3 | CVE-2007-3165 MLIST BID FRSIRT SECUNIA | ||
| UebiMiau -- UebiMiau | Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. |
| 1.9 | CVE-2007-3170 FULLDISC BID XF | ||
| UebiMiau -- UebiMiau | Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. |
| 2.3 | CVE-2007-3171 FULLDISC BID XF | ||
| UebiMiau -- UebiMiau | Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. |
| 2.3 | CVE-2007-3172 FULLDISC BID XF | ||
| W2B -- Online Banking | Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. |
| 1.9 | CVE-2007-3174 OTHER-REF XF | ||
| Webmin -- Webmin | Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-3156 OTHER-REF BID FRSIRT SECUNIA | ||
| WestByte -- Internet Download Accelerator | Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. |
| 2.3 | CVE-2007-3162 MILW0RM BID | ||
| WinPT -- WinPT | Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. |
| 2.7 | CVE-2007-3201 BUGTRAQ OTHER-REF BID XF | ||
| Zen Help Desk Software -- Zen Help Desk | Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb. |
| 2.3 | CVE-2007-3146 BUGTRAQ |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.