Vulnerability Summary for the Week of June 25, 2007

Released
Jul 02, 2007
Document ID
SB07-183

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adam van Dongen -- com_forum
Adam van Dongen -- phpBB component
PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-06-26
7.0CVE-2006-7208
BUGTRAQ
MILW0RM
Ageet -- AGEphoneBuffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
unknown
2007-06-22
10.0CVE-2006-7207
OTHER-REF
Ageet -- AGEphoneMultiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.
unknown
2007-06-22
10.0CVE-2007-3363
OTHER-REF
Apple -- Mac OS X Servercache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
unknown
2007-06-27
7.0CVE-2007-1863
OTHER-REF
OTHER-REF
REDHAT
REDHAT
BID
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
unknown
2007-06-25
8.0CVE-2007-2399
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- SafariBuffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.
unknown
2007-06-25
8.0CVE-2007-3376
FULLDISC
B1G -- b1gBBPHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.
unknown
2007-06-26
7.0CVE-2007-3401
MILW0RM
BID
bugmall -- Shopping CartBugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.
unknown
2007-06-26
7.0CVE-2007-3446
MILW0RM
BID
ClickTech -- ClickGallerySQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
unknown
2007-06-26
7.0CVE-2007-3411
OTHER-REF
DIA -- DIAMultiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.
unknown
2007-06-26
7.0CVE-2007-3408
OTHER-REF
FRSIRT
SECUNIA
dreamLog -- dreamLogUnrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
unknown
2007-06-26
7.0CVE-2007-3403
MILW0RM
eDocStore -- eDocStoreSQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
unknown
2007-06-26
7.0CVE-2007-3452
MILW0RM
SECUNIA
elkagroup -- Image GallerySQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
unknown
2007-06-27
7.0CVE-2007-3461
MILW0RM
eNdonesia -- eNdonesiaMultiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action. NOTE: the mod.php viewdisk and viewlink vectors are already covered by CVE-2006-6873.
unknown
2007-06-26
7.0CVE-2007-3394
BUGTRAQ
BID
EVA-Web -- EVA-WebMultiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.
unknown
2007-06-27
7.0CVE-2007-3460
MILW0RM
GD Graphics Library -- gdlibMultiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact.
unknown
2007-06-28
7.0CVE-2007-3474
OTHER-REF
FRSIRT
SECUNIA
KVIrc -- IRC clientThe parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
unknown
2007-06-26
8.0CVE-2007-2951
OTHER-REF
OTHER-REF
SECUNIA
MIT -- Kerberos 5Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
unknown
2007-06-26
8.0CVE-2007-2443
OTHER-REF
CERT
CERT-VN
NetArt Media -- Pharmacy SystemSQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
unknown
2007-06-26
7.0CVE-2007-3433
MILW0RM
BID
NLnet Labs -- Net DNSHeader.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.
unknown
2007-06-25
7.0CVE-2007-3377
OTHER-REF
OTHER-REF
OTHER-REF
Pagetool -- PagetoolSQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
unknown
2007-06-26
7.0CVE-2007-3402
MILW0RM
Papoo -- PapooSQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
unknown
2007-06-26
7.0CVE-2007-3453
BUGTRAQ
OTHER-REF
BID
PC Soft -- WinDEVStack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
unknown
2007-06-28
8.0CVE-2007-3479
OTHER-REF
PHPee -- Power PhloggerSQL injection vulnerability in include/get_userdata.php in Power Phlogger 2.2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.
unknown
2007-06-26
7.0CVE-2007-3399
BUGTRAQ
BID
phpRaider -- phpRaiderMultiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
unknown
2007-06-26
7.0CVE-2007-3415
OTHER-REF
Pluxml -- PluxmlUnrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
unknown
2007-06-26
7.0CVE-2007-3432
MILW0RM
Red Hat -- cluster_suiteBuffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.
unknown
2007-06-25
7.0CVE-2007-3374
MLIST
OTHER-REF
UBUNTU
SECUNIA
RIM -- Blackberry Enterprise ServerResearch in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.
unknown
2007-06-28
10.0CVE-2007-3483
OTHER-REF
OTHER-REF
RKD Software -- BarCode ActiveXStack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-06-26
8.0CVE-2007-3435
MILW0RM
BID
SECUNIA
Simple Invoices -- Simple InvoicesSQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
unknown
2007-06-26
7.0CVE-2007-3430
MILW0RM
BID
SofaWare -- Safe@Office 500 UTMCheck Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.
unknown
2007-06-27
10.0CVE-2007-3465
BUGTRAQ
OTHER-REF
OTHER-REF
Sun -- SolarisBuffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.
unknown
2007-06-28
7.0CVE-2007-3471
SUNALERT
SECUNIA
Trend Micro -- OfficeScanBuffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via crafted requests.
unknown
2007-06-26
10.0CVE-2007-3454
OTHER-REF
FRSIRT
SECUNIA
Trend Micro -- OfficeScancgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via crafted HTTP headers, related to "stored decrypted user logon information."
unknown
2007-06-26
10.0CVE-2007-3455
OTHER-REF
FRSIRT
SECUNIA
Web-APP.org -- WebAPPThe editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3419
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPThe Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3420
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPThe (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3421
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPThe getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3422
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPcgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3423
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPThe moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
unknown
2007-06-26
7.0CVE-2007-3424
OTHER-REF
OTHER-REF
ZoneO-Soft -- phpTrafficASQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.
unknown
2007-06-26
7.0CVE-2007-3427
MILW0RM
OTHER-REF
VIM
ZoneO-Soft -- phpTrafficAMultiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.
unknown
2007-06-26
7.0CVE-2007-3428
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
bugmall -- Shopping CartSQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box."
unknown
2007-06-26
5.6CVE-2007-3447
MILW0RM
OTHER-REF
BID
FRSIRT
CivilTech -- Avax Vector ActiveXA certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
unknown
2007-06-27
4.7CVE-2007-3459
BUGTRAQ
MILW0RM
e107 -- e107Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
unknown
2007-06-26
5.6CVE-2007-3429
MILW0RM
Frank Mancuso -- MyNewsSQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
unknown
2007-06-26
5.6CVE-2007-2520
BUGTRAQ
OTHER-REF
OSVDB
GD Graphics Library -- gdlibInteger overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact.
unknown
2007-06-28
4.8CVE-2007-3472
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
GD Graphics Library -- gdlibRace condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
unknown
2007-06-28
5.6CVE-2007-3478
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Gorani Network -- 6ALBlogSQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
unknown
2007-06-26
5.6CVE-2007-3449
MILW0RM
BID
FRSIRT
Gorani Network -- 6ALBlogSQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-26
5.6CVE-2007-3450
FRSIRT
Gorani Network -- 6ALBlogPHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.
unknown
2007-06-26
4.2CVE-2007-3451
MILW0RM
FRSIRT
Hiki -- HikiDirectory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
unknown
2007-06-26
4.7CVE-2007-3395
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Lhaca -- File ArchiverStack-based buffer overflow in Lhaca File Archiver allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
unknown
2007-06-25
5.6CVE-2007-3375
OTHER-REF
BID
MIT -- Kerberos 5The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
unknown
2007-06-26
5.6CVE-2007-2442
OTHER-REF
CERT-VN
CERT
MIT -- Kerberos 5Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.
unknown
2007-06-26
4.8CVE-2007-2798
IDEFENSE
CERT
CERT-VN
NCTsoft Products -- NCTAudioEditor2The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 allows remote attackers to overwrite arbitrary files via the CreateFile method.
unknown
2007-06-26
5.6CVE-2007-3400
MILW0RM
BID
XF
RealNetworks -- Helix Player
RealNetworks -- RealPlayer
Buffer overflow in the wallclock functionality (SmilTimeValue::parseWallClockValue function) in RealNetworks RealPlayer and HelixPlayer 10.5-GOLD allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via SMIL file containing a long time string.
unknown
2007-06-26
5.6CVE-2007-3410
IDEFENSE
Snom -- Snom 320 LinuxThe Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.
unknown
2007-06-26
4.7CVE-2007-3440
OTHER-REF
SofaWare -- Safe@Office 500 UTMCheck Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
unknown
2007-06-27
6.0CVE-2007-3464
BUGTRAQ
OTHER-REF
OTHER-REF
Valerio Capello -- Dagger - The Cutting EdgePHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.
unknown
2007-06-26
5.6CVE-2007-3431
MILW0RM
SECUNIA
Vincent Hor -- CalendarixMultiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.
unknown
2007-06-26
5.6CVE-2007-3183
BUGTRAQ
OTHER-REF
OSVDB
Web-APP.org -- WebAPPThe displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.
unknown
2007-06-26
4.2CVE-2007-3418
OTHER-REF
OTHER-REF
Xythos -- Enterprise Document ManagerMultiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.
unknown
2007-06-27
4.2CVE-2007-3255
BUGTRAQ
BID
SECTRACK
SECTRACK

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.
unknown
2007-06-26
1.9CVE-2007-3444
OTHER-REF
OTHER-REF
Aastra Telecom -- 9112i SIP PhoneFormat string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.
unknown
2007-06-26
2.3CVE-2007-3441
OTHER-REF
access2asp -- access2aspMultiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.
unknown
2007-06-26
1.9CVE-2007-3414
OTHER-REF
AltaVista -- Search EngineCross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI.
unknown
2007-06-28
2.3CVE-2007-3486
OTHER-REF
AOL -- Instant MessengerAOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.
unknown
2007-06-26
3.3CVE-2007-3437
OTHER-REF
Apache -- ApacheCross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
unknown
2007-06-27
2.3CVE-2006-5752
OTHER-REF
OTHER-REF
REDHAT
REDHAT
REDHAT
BID
Apple -- SafariRace condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, and Windows Vista allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.
unknown
2007-06-25
1.9CVE-2007-2400
APPLE
BID
SECTRACK
Apple -- Mac OS X Server
Apple -- Mac OS X
CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and 10.4.9 and later allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.
unknown
2007-06-25
2.3CVE-2007-2401
OTHER-REF
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- SafariCross-domain vulnerability in Apple Safari allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
unknown
2007-06-28
3.3CVE-2007-3482
OTHER-REF
Avahi -- AvahiThe Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
unknown
2007-06-22
1.6CVE-2007-3372
OTHER-REF
bitego -- bosDataGridMultiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.
unknown
2007-06-26
1.9CVE-2007-3413
OTHER-REF
bugmall -- Shopping CartCross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter.
unknown
2007-06-26
1.9CVE-2007-3448
MILW0RM
OTHER-REF
BID
FRSIRT
ClickTech -- ClickGalleryCross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.
unknown
2007-06-26
1.9CVE-2007-3412
OTHER-REF
ekg -- ekgMemory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
unknown
2007-06-26
2.3CVE-2007-1663
DEBIAN
BID
ekg -- ekgekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.
unknown
2007-06-26
2.3CVE-2007-1664
DEBIAN
BID
ekg -- ekgMemory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.
unknown
2007-06-26
2.3CVE-2007-1665
DEBIAN
BID
eTicket -- eTicketindex.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.
unknown
2007-06-28
2.3CVE-2007-2800
FULLDISC
OTHER-REF
OSVDB
GD Graphics Library -- gdlibThe gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
unknown
2007-06-28
3.3CVE-2007-3473
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
GD Graphics Library -- gdlibThe GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
unknown
2007-06-28
3.3CVE-2007-3475
OTHER-REF
OTHER-REF
GD Graphics Library -- gdlibArray index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
unknown
2007-06-28
2.7CVE-2007-3476
OTHER-REF
OTHER-REF
GD Graphics Library -- gdlibThe (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
unknown
2007-06-28
2.0CVE-2007-3477
OTHER-REF
OTHER-REF
OTHER-REF
Google -- Google Custom Search EngineCross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-06-28
2.3CVE-2007-3484
OTHER-REF
IBM -- WebSphere Application ServerThe web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.
unknown
2007-06-26
2.3CVE-2007-3397
OTHER-REF
AIXAPAR
BID
SECUNIA
Key Focus -- KF Web ServerCross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.
unknown
2007-06-26
1.9CVE-2007-3396
BUGTRAQ
Lebisoft -- Lebisoft zdefterMultiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-26
1.9CVE-2007-3405
BID
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Windows XP
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
unknown
2007-06-27
2.3CVE-2006-7210
MILW0RM
MILW0RM
MILW0RM
OTHER-REF
BID
Microsoft -- Internet ExplorerMultiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.
unknown
2007-06-26
1.9CVE-2007-3406
OTHER-REF
BID
Microsoft -- MSN Messenger ServiceMicrosoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.
unknown
2007-06-26
2.3CVE-2007-3436
OTHER-REF
Microsoft -- Windows XP** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program. NOTE: the researcher claims a vendor dispute in which the vendor states that "RunAs and UAC are convenience features, not security boundaries. If you need a security guarantee, please log out and log back in with a different account."
unknown
2007-06-27
1.4CVE-2007-3463
BUGTRAQ
BUGTRAQ
Microsoft -- Internet ExplorerCross-domain vulnerability in Microsoft Internet Explorer allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
unknown
2007-06-28
3.3CVE-2007-3481
OTHER-REF
NetArt Media -- Pharmacy Systemindex.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.
unknown
2007-06-26
2.3CVE-2007-3434
MILW0RM
NLnet Labs -- Net DNSNet::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.
unknown
2007-06-26
2.3CVE-2007-3409
OTHER-REF
Nortel -- PC Client SIP Soft PhoneThe Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.
unknown
2007-06-22
3.3CVE-2007-3361
OTHER-REF
BID
Nortel -- SIP Soft PhoneBuffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.
unknown
2007-06-26
3.3CVE-2007-3438
OTHER-REF
PC Soft -- WinDEVPCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
unknown
2007-06-28
2.7CVE-2007-3480
OTHER-REF
Perception -- LiteWebLiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.
unknown
2007-06-26
2.3CVE-2007-3398
BUGTRAQ
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.
unknown
2007-06-26
1.0CVE-2007-0773
OTHER-REF
REDHAT
Red Hat -- Enterprise LinuxThe sysfs_readdir function in the Linux kernel in Red Hat Enterprise Linux 4.5 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
unknown
2007-06-26
1.6CVE-2007-3104
OTHER-REF
REDHAT
Red Hat -- cluster_suitedaemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow remote attackers to obtain sensitive information from previous requests.
unknown
2007-06-25
2.3CVE-2007-3373
MLIST
Research In Motion Limited -- BlackBerry 7270Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.
unknown
2007-06-26
1.1CVE-2007-3442
OTHER-REF
OTHER-REF
Research In Motion Limited -- BlackBerry 7270The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.
unknown
2007-06-26
1.1CVE-2007-3443
OTHER-REF
OTHER-REF
Sergey Lyubka -- Simple HTTPDSergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).
unknown
2007-06-26
2.3CVE-2007-3407
BUGTRAQ
BID
SiteDepth -- SiteDepth CMSDirectory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
unknown
2007-06-26
2.3CVE-2007-3404
MILW0RM
FRSIRT
SJ Labs -- SJPhoneBuffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.
unknown
2007-06-26
1.9CVE-2007-3445
OTHER-REF
Snom -- Snom 320 LinuxThe Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.
unknown
2007-06-26
2.3CVE-2007-3439
OTHER-REF
SofaWare -- Safe@Office 500 UTMCross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.
unknown
2007-06-27
3.4CVE-2007-3462
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Sun -- SolarisThe libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
unknown
2007-06-27
2.3CVE-2007-3458
SUNALERT
FRSIRT
Sun -- SolarisUnspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.
unknown
2007-06-28
2.3CVE-2007-3469
SUNALERT
FRSIRT
SECUNIA
Sun -- SolarisMultiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.
unknown
2007-06-28
3.3CVE-2007-3470
SUNALERT
FRSIRT
SECUNIA
Symantec -- Mail Securitylibdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".
unknown
2007-06-27
3.3CVE-2007-1792
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
VideoLAN -- VLC Media PlayerInteger overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.
unknown
2007-06-27
3.3CVE-2007-3467
OTHER-REF
VideoLAN -- VLC Media Playerinput.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.
unknown
2007-06-27
3.3CVE-2007-3468
OTHER-REF
Vincent Hor -- CalendarixMultiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php. NOTE: the ycyear parameter to yearcal.php is already covered by CVE-2006-1835.
unknown
2007-06-26
1.9CVE-2007-3182
BUGTRAQ
OTHER-REF
OSVDB
Vincent Hor -- Calendarixcalendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.
unknown
2007-06-27
2.3CVE-2007-3258
BUGTRAQ
FULLDISC
OTHER-REF
OSVDB
XF
Vincent Hor -- CalendarixCalendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.
unknown
2007-06-26
2.3CVE-2007-3259
BUGTRAQ
OTHER-REF
OSVDB
Web-APP.org -- WebAPPMultiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in web-app.org WebAPP before 0.9.9.7 allow remote attackers to perform deletions as administrators.
unknown
2007-06-26
2.3CVE-2007-3416
OTHER-REF
OTHER-REF
Web-APP.org -- WebAPPMultiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.
unknown
2007-06-26
1.9CVE-2007-3417
OTHER-REF
OTHER-REF
Wireshark -- WiresharkWireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
unknown
2007-06-25
2.3CVE-2007-3389
OTHER-REF
OTHER-REF
Wireshark -- WiresharkWireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.
unknown
2007-06-25
2.3CVE-2007-3390
OTHER-REF
OTHER-REF
Wireshark -- WiresharkWireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
unknown
2007-06-25
2.3CVE-2007-3391
OTHER-REF
OTHER-REF
Wireshark -- WiresharkWireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.
unknown
2007-06-25
2.3CVE-2007-3392
OTHER-REF
OTHER-REF
OTHER-REF
Wireshark -- WiresharkOff-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.
unknown
2007-06-25
2.3CVE-2007-3393
OTHER-REF
OTHER-REF
Xythos -- Enterprise Document ManagerMultiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
unknown
2007-06-27
1.4CVE-2007-3254
BUGTRAQ
BID
SECTRACK
SECTRACK
Xythos -- Enterprise Document Manager
Xythos -- WebFile Server
Xythos -- Digital Locker
Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.
unknown
2007-06-27
1.4CVE-2007-3256
BUGTRAQ
BID
SECTRACK
SECTRACK
Yandex -- Yandex.ServerMultiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
unknown
2007-06-28
2.3CVE-2007-3485
OTHER-REF
OTHER-REF
ZoneO-Soft -- phpTrafficAMultiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.
unknown
2007-06-26
1.9CVE-2006-7209
OTHER-REF
ZoneO-Soft -- phpTrafficADirectory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.
unknown
2007-06-26
2.3CVE-2007-3425
MILW0RM
OTHER-REF
VIM
ZoneO-Soft -- phpTrafficACross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
unknown
2007-06-26
1.9CVE-2007-3426
MILW0RM
OTHER-REF
VIM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.