Vulnerability Summary for the Week of June 25, 2007
Released
Jul 02, 2007
Document ID
SB07-183
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Adam van Dongen -- com_forum Adam van Dongen -- phpBB component | PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2006-7208 BUGTRAQ MILW0RM | ||
| Ageet -- AGEphone | Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. |
| 10.0 | CVE-2006-7207 OTHER-REF | ||
| Ageet -- AGEphone | Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. |
| 10.0 | CVE-2007-3363 OTHER-REF | ||
| Apple -- Mac OS X Server | cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| 7.0 | CVE-2007-1863 OTHER-REF OTHER-REF REDHAT REDHAT BID | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. |
| 8.0 | CVE-2007-2399 OTHER-REF APPLE CERT-VN BID FRSIRT SECTRACK SECUNIA | ||
| Apple -- Safari | Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark. |
| 8.0 | CVE-2007-3376 FULLDISC | ||
| B1G -- b1gBB | PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. |
| 7.0 | CVE-2007-3401 MILW0RM BID | ||
| bugmall -- Shopping Cart | BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access. |
| 7.0 | CVE-2007-3446 MILW0RM BID | ||
| ClickTech -- ClickGallery | SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter. |
| 7.0 | CVE-2007-3411 OTHER-REF | ||
| DIA -- DIA | Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351. |
| 7.0 | CVE-2007-3408 OTHER-REF FRSIRT SECUNIA | ||
| dreamLog -- dreamLog | Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter. |
| 7.0 | CVE-2007-3403 MILW0RM | ||
| eDocStore -- eDocStore | SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. |
| 7.0 | CVE-2007-3452 MILW0RM SECUNIA | ||
| elkagroup -- Image Gallery | SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| 7.0 | CVE-2007-3461 MILW0RM | ||
| eNdonesia -- eNdonesia | Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873. |
| 7.0 | CVE-2007-3394 BUGTRAQ BID | ||
| EVA-Web -- EVA-Web | Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter. |
| 7.0 | CVE-2007-3460 MILW0RM | ||
| GD Graphics Library -- gdlib | Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. |
| 7.0 | CVE-2007-3474 OTHER-REF FRSIRT SECUNIA | ||
| KVIrc -- IRC client | The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI. |
| 8.0 | CVE-2007-2951 OTHER-REF OTHER-REF SECUNIA | ||
| MIT -- Kerberos 5 | Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value. |
| 8.0 | CVE-2007-2443 OTHER-REF CERT CERT-VN | ||
| NetArt Media -- Pharmacy System | SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. |
| 7.0 | CVE-2007-3433 MILW0RM BID | ||
| NLnet Labs -- Net DNS | Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin. |
| 7.0 | CVE-2007-3377 OTHER-REF OTHER-REF OTHER-REF | ||
| Pagetool -- Pagetool | SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. |
| 7.0 | CVE-2007-3402 MILW0RM | ||
| Papoo -- Papoo | SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. |
| 7.0 | CVE-2007-3453 BUGTRAQ OTHER-REF BID | ||
| PC Soft -- WinDEV | Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file. |
| 8.0 | CVE-2007-3479 OTHER-REF | ||
| PHPee -- Power Phlogger | SQL injection vulnerability in include/get_userdata.php in Power Phlogger 2.2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. |
| 7.0 | CVE-2007-3399 BUGTRAQ BID | ||
| phpRaider -- phpRaider | Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter. |
| 7.0 | CVE-2007-3415 OTHER-REF | ||
| Pluxml -- Pluxml | Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. |
| 7.0 | CVE-2007-3432 MILW0RM | ||
| Red Hat -- cluster_suite | Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long client messages. |
| 7.0 | CVE-2007-3374 MLIST OTHER-REF UBUNTU SECUNIA | ||
| RIM -- Blackberry Enterprise Server | Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware. |
| 10.0 | CVE-2007-3483 OTHER-REF OTHER-REF | ||
| RKD Software -- BarCode ActiveX | Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument. |
| 8.0 | CVE-2007-3435 MILW0RM BID SECUNIA | ||
| Simple Invoices -- Simple Invoices | SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. |
| 7.0 | CVE-2007-3430 MILW0RM BID | ||
| SofaWare -- Safe@Office 500 UTM | Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password. |
| 10.0 | CVE-2007-3465 BUGTRAQ OTHER-REF OTHER-REF | ||
| Sun -- Solaris | Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. |
| 7.0 | CVE-2007-3471 SUNALERT SECUNIA | ||
| Trend Micro -- OfficeScan | Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via crafted requests. |
| 10.0 | CVE-2007-3454 OTHER-REF FRSIRT SECUNIA | ||
| Trend Micro -- OfficeScan | cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via crafted HTTP headers, related to "stored decrypted user logon information." |
| 10.0 | CVE-2007-3455 OTHER-REF FRSIRT SECUNIA | ||
| Web-APP.org -- WebAPP | The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3419 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3420 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3421 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3422 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3423 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. |
| 7.0 | CVE-2007-3424 OTHER-REF OTHER-REF | ||
| ZoneO-Soft -- phpTrafficA | SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. |
| 7.0 | CVE-2007-3427 MILW0RM OTHER-REF VIM | ||
| ZoneO-Soft -- phpTrafficA | Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076. |
| 7.0 | CVE-2007-3428 OTHER-REF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| bugmall -- Shopping Cart | SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." |
| 5.6 | CVE-2007-3447 MILW0RM OTHER-REF BID FRSIRT | ||
| CivilTech -- Avax Vector ActiveX | A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method. |
| 4.7 | CVE-2007-3459 BUGTRAQ MILW0RM | ||
| e107 -- e107 | Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg. |
| 5.6 | CVE-2007-3429 MILW0RM | ||
| Frank Mancuso -- MyNews | SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie. |
| 5.6 | CVE-2007-2520 BUGTRAQ OTHER-REF OSVDB | ||
| GD Graphics Library -- gdlib | Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. |
| 4.8 | CVE-2007-3472 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| GD Graphics Library -- gdlib | Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. |
| 5.6 | CVE-2007-3478 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Gorani Network -- 6ALBlog | SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter. |
| 5.6 | CVE-2007-3449 MILW0RM BID FRSIRT | ||
| Gorani Network -- 6ALBlog | SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-3450 FRSIRT | ||
| Gorani Network -- 6ALBlog | PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter. |
| 4.2 | CVE-2007-3451 MILW0RM FRSIRT | ||
| Hiki -- Hiki | Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. |
| 4.7 | CVE-2007-3395 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Lhaca -- File Archiver | Stack-based buffer overflow in Lhaca File Archiver allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper. |
| 5.6 | CVE-2007-3375 OTHER-REF BID | ||
| MIT -- Kerberos 5 | The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup. |
| 5.6 | CVE-2007-2442 OTHER-REF CERT-VN CERT | ||
| MIT -- Kerberos 5 | Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal. |
| 4.8 | CVE-2007-2798 IDEFENSE CERT CERT-VN | ||
| NCTsoft Products -- NCTAudioEditor2 | The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 allows remote attackers to overwrite arbitrary files via the CreateFile method. |
| 5.6 | CVE-2007-3400 MILW0RM BID XF | ||
| RealNetworks -- Helix Player RealNetworks -- RealPlayer | Buffer overflow in the wallclock functionality (SmilTimeValue::parseWallClockValue function) in RealNetworks RealPlayer and HelixPlayer 10.5-GOLD allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via SMIL file containing a long time string. |
| 5.6 | CVE-2007-3410 IDEFENSE | ||
| Snom -- Snom 320 Linux | The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800. |
| 4.7 | CVE-2007-3440 OTHER-REF | ||
| SofaWare -- Safe@Office 500 UTM | Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors. |
| 6.0 | CVE-2007-3464 BUGTRAQ OTHER-REF OTHER-REF | ||
| Valerio Capello -- Dagger - The Cutting Edge | PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. |
| 5.6 | CVE-2007-3431 MILW0RM SECUNIA | ||
| Vincent Hor -- Calendarix | Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php. |
| 5.6 | CVE-2007-3183 BUGTRAQ OTHER-REF OSVDB | ||
| Web-APP.org -- WebAPP | The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users. |
| 4.2 | CVE-2007-3418 OTHER-REF OTHER-REF | ||
| Xythos -- Enterprise Document Manager | Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server. |
| 4.2 | CVE-2007-3255 BUGTRAQ BID SECTRACK SECTRACK |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame. |
| 1.9 | CVE-2007-3444 OTHER-REF OTHER-REF | |||
| Aastra Telecom -- 9112i SIP Phone | Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. |
| 2.3 | CVE-2007-3441 OTHER-REF | ||
| access2asp -- access2asp | Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. |
| 1.9 | CVE-2007-3414 OTHER-REF | ||
| AltaVista -- Search Engine | Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI. |
| 2.3 | CVE-2007-3486 OTHER-REF | ||
| AOL -- Instant Messenger | AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350. |
| 3.3 | CVE-2007-3437 OTHER-REF | ||
| Apache -- Apache | Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. |
| 2.3 | CVE-2006-5752 OTHER-REF OTHER-REF REDHAT REDHAT REDHAT BID | ||
| Apple -- Safari | Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, and Windows Vista allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. |
| 1.9 | CVE-2007-2400 APPLE BID SECTRACK | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and 10.4.9 and later allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. |
| 2.3 | CVE-2007-2401 OTHER-REF OTHER-REF APPLE CERT-VN BID FRSIRT SECTRACK SECUNIA | ||
| Apple -- Safari | Cross-domain vulnerability in Apple Safari allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. |
| 3.3 | CVE-2007-3482 OTHER-REF | ||
| Avahi -- Avahi | The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. |
| 1.6 | CVE-2007-3372 OTHER-REF | ||
| bitego -- bosDataGrid | Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component. |
| 1.9 | CVE-2007-3413 OTHER-REF | ||
| bugmall -- Shopping Cart | Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. |
| 1.9 | CVE-2007-3448 MILW0RM OTHER-REF BID FRSIRT | ||
| ClickTech -- ClickGallery | Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. |
| 1.9 | CVE-2007-3412 OTHER-REF | ||
| ekg -- ekg | Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. |
| 2.3 | CVE-2007-1663 DEBIAN BID | ||
| ekg -- ekg | ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality. |
| 2.3 | CVE-2007-1664 DEBIAN BID | ||
| ekg -- ekg | Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service. |
| 2.3 | CVE-2007-1665 DEBIAN BID | ||
| eTicket -- eTicket | index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages. |
| 2.3 | CVE-2007-2800 FULLDISC OTHER-REF OSVDB | ||
| GD Graphics Library -- gdlib | The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. |
| 3.3 | CVE-2007-3473 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| GD Graphics Library -- gdlib | The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. |
| 3.3 | CVE-2007-3475 OTHER-REF OTHER-REF | ||
| GD Graphics Library -- gdlib | Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. |
| 2.7 | CVE-2007-3476 OTHER-REF OTHER-REF | ||
| GD Graphics Library -- gdlib | The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. |
| 2.0 | CVE-2007-3477 OTHER-REF OTHER-REF OTHER-REF | ||
| Google -- Google Custom Search Engine | Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| 2.3 | CVE-2007-3484 OTHER-REF | ||
| IBM -- WebSphere Application Server | The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. |
| 2.3 | CVE-2007-3397 OTHER-REF AIXAPAR BID SECUNIA | ||
| Key Focus -- KF Web Server | Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. |
| 1.9 | CVE-2007-3396 BUGTRAQ | ||
| Lebisoft -- Lebisoft zdefter | Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2007-3405 BID | ||
| Microsoft -- Windows 2003 Microsoft -- Windows 2000 Microsoft -- Windows XP | Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. |
| 2.3 | CVE-2006-7210 MILW0RM MILW0RM MILW0RM OTHER-REF BID | ||
| Microsoft -- Internet Explorer | Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag. |
| 1.9 | CVE-2007-3406 OTHER-REF BID | ||
| Microsoft -- MSN Messenger Service | Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation. |
| 2.3 | CVE-2007-3436 OTHER-REF | ||
| Microsoft -- Windows XP | ** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account." |
| 1.4 | CVE-2007-3463 BUGTRAQ BUGTRAQ | ||
| Microsoft -- Internet Explorer | Cross-domain vulnerability in Microsoft Internet Explorer allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. |
| 3.3 | CVE-2007-3481 OTHER-REF | ||
| NetArt Media -- Pharmacy System | index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message. |
| 2.3 | CVE-2007-3434 MILW0RM | ||
| NLnet Labs -- Net DNS | Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop. |
| 2.3 | CVE-2007-3409 OTHER-REF | ||
| Nortel -- PC Client SIP Soft Phone | The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header. |
| 3.3 | CVE-2007-3361 OTHER-REF BID | ||
| Nortel -- SIP Soft Phone | Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361. |
| 3.3 | CVE-2007-3438 OTHER-REF | ||
| PC Soft -- WinDEV | PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file. |
| 2.7 | CVE-2007-3480 OTHER-REF | ||
| Perception -- LiteWeb | LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. |
| 2.3 | CVE-2007-3398 BUGTRAQ | ||
| Red Hat -- Enterprise Linux AS Red Hat -- Enterprise Linux ES Red Hat -- Enterprise Linux WS Red Hat -- Desktop | The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1. |
| 1.0 | CVE-2007-0773 OTHER-REF REDHAT | ||
| Red Hat -- Enterprise Linux | The sysfs_readdir function in the Linux kernel in Red Hat Enterprise Linux 4.5 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. |
| 1.6 | CVE-2007-3104 OTHER-REF REDHAT | ||
| Red Hat -- cluster_suite | daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow remote attackers to obtain sensitive information from previous requests. |
| 2.3 | CVE-2007-3373 MLIST | ||
| Research In Motion Limited -- BlackBerry 7270 | Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header. |
| 1.1 | CVE-2007-3442 OTHER-REF OTHER-REF | ||
| Research In Motion Limited -- BlackBerry 7270 | The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered. |
| 1.1 | CVE-2007-3443 OTHER-REF OTHER-REF | ||
| Sergey Lyubka -- Simple HTTPD | Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). |
| 2.3 | CVE-2007-3407 BUGTRAQ BID | ||
| SiteDepth -- SiteDepth CMS | Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. |
| 2.3 | CVE-2007-3404 MILW0RM FRSIRT | ||
| SJ Labs -- SJPhone | Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351. |
| 1.9 | CVE-2007-3445 OTHER-REF | ||
| Snom -- Snom 320 Linux | The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800. |
| 2.3 | CVE-2007-3439 OTHER-REF | ||
| SofaWare -- Safe@Office 500 UTM | Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network. |
| 3.4 | CVE-2007-3462 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
| Sun -- Solaris | The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. |
| 2.3 | CVE-2007-3458 SUNALERT FRSIRT | ||
| Sun -- Solaris | Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors. |
| 2.3 | CVE-2007-3469 SUNALERT FRSIRT SECUNIA | ||
| Sun -- Solaris | Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records. |
| 3.3 | CVE-2007-3470 SUNALERT FRSIRT SECUNIA | ||
| Symantec -- Mail Security | libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02". |
| 3.3 | CVE-2007-1792 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| VideoLAN -- VLC Media Player | Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate. |
| 3.3 | CVE-2007-3467 OTHER-REF | ||
| VideoLAN -- VLC Media Player | input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used. |
| 3.3 | CVE-2007-3468 OTHER-REF | ||
| Vincent Hor -- Calendarix | Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835. |
| 1.9 | CVE-2007-3182 BUGTRAQ OTHER-REF OSVDB | ||
| Vincent Hor -- Calendarix | calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message. |
| 2.3 | CVE-2007-3258 BUGTRAQ FULLDISC OTHER-REF OSVDB XF | ||
| Vincent Hor -- Calendarix | Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages. |
| 2.3 | CVE-2007-3259 BUGTRAQ OTHER-REF OSVDB | ||
| Web-APP.org -- WebAPP | Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in web-app.org WebAPP before 0.9.9.7 allow remote attackers to perform deletions as administrators. |
| 2.3 | CVE-2007-3416 OTHER-REF OTHER-REF | ||
| Web-APP.org -- WebAPP | Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function. |
| 1.9 | CVE-2007-3417 OTHER-REF OTHER-REF | ||
| Wireshark -- Wireshark | Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. |
| 2.3 | CVE-2007-3389 OTHER-REF OTHER-REF | ||
| Wireshark -- Wireshark | Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP. |
| 2.3 | CVE-2007-3390 OTHER-REF OTHER-REF | ||
| Wireshark -- Wireshark | Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
| 2.3 | CVE-2007-3391 OTHER-REF OTHER-REF | ||
| Wireshark -- Wireshark | Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop. |
| 2.3 | CVE-2007-3392 OTHER-REF OTHER-REF OTHER-REF | ||
| Wireshark -- Wireshark | Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets. |
| 2.3 | CVE-2007-3393 OTHER-REF OTHER-REF | ||
| Xythos -- Enterprise Document Manager | Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server. |
| 1.4 | CVE-2007-3254 BUGTRAQ BID SECTRACK SECTRACK | ||
| Xythos -- Enterprise Document Manager Xythos -- WebFile Server Xythos -- Digital Locker | Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. |
| 1.4 | CVE-2007-3256 BUGTRAQ BID SECTRACK SECTRACK | ||
| Yandex -- Yandex.Server | Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. |
| 2.3 | CVE-2007-3485 OTHER-REF OTHER-REF | ||
| ZoneO-Soft -- phpTrafficA | Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics. |
| 1.9 | CVE-2006-7209 OTHER-REF | ||
| ZoneO-Soft -- phpTrafficA | Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. |
| 2.3 | CVE-2007-3425 MILW0RM OTHER-REF VIM | ||
| ZoneO-Soft -- phpTrafficA | Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| 1.9 | CVE-2007-3426 MILW0RM OTHER-REF VIM |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.