Vulnerability Summary for the Week of July 9, 2007

Released
Jul 16, 2007
Document ID
SB07-197

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- TippingPoint IPS TOSUnspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
unknown
2007-07-11
7.5CVE-2007-3711
OTHER-REF
FRSIRT
SECUNIA
Adobe -- Flash PlayerUnspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SWF file, related to an "input validation error."
unknown
2007-07-11
9.3CVE-2007-3456
OTHER-REF
BID
FRSIRT
SECUNIA
Adobe -- Flash PlayerAdobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which potentially allows remote attackers to conduct a CSRF attack via a crafted SWF file.
unknown
2007-07-11
9.3CVE-2007-3457
OTHER-REF
FRSIRT
SECUNIA
Aigaion -- AigaionSQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.
unknown
2007-07-11
7.5CVE-2007-3683
MILW0RM
BID
SECUNIA
Apple -- SafariMultiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher.
unknown
2007-07-12
7.5CVE-2007-3718
OTHER-REF
BID
AsteriDex -- AsteriDexMultiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.
unknown
2007-07-09
7.5CVE-2007-3621
BUGTRAQ
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
AV Scripts -- AV Arcadeadmin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions.
unknown
2007-07-09
10.0CVE-2007-3643
BUGTRAQ
BID
XF
Computer Associates -- ERwin Process ModelerBuffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. NOTE: the researcher does not suggest any circumstances in which the filename would come from an untrusted source, and therefore perhaps the issue does not cross privilege boundaries and should not be included in CVE.
unknown
2007-07-11
10.0CVE-2007-3695
OTHER-REF
BID
Computer Associates -- ERwin Data Model ValidatorCA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.
unknown
2007-07-11
7.8CVE-2007-3696
OTHER-REF
BID
Drupal -- Print ModuleThe Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
unknown
2007-07-11
7.8CVE-2007-3689
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Drupal -- Forward ModuleThe Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
unknown
2007-07-11
7.8CVE-2007-3690
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
eMeeting -- Online Dating SoftwareMultiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.
unknown
2007-07-06
7.5CVE-2007-3609
MILW0RM
Entertainment CMS -- Entertainment CMSEntertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."
unknown
2007-07-11
7.5CVE-2007-3704
BUGTRAQ
BID
FlashGameScript -- FlashGameScriptSQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.
unknown
2007-07-10
7.5CVE-2007-3646
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
FreeBSD -- libarchivearchive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.
unknown
2007-07-13
9.3CVE-2007-3641
OTHER-REF
OTHER-REF
FREEBSD
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
FuseTalk Inc. -- FuseTalkSQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.
unknown
2007-07-11
7.5CVE-2007-3705
BUGTRAQ
GameSiteScript -- GameSiteScriptSQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.
unknown
2007-07-09
7.5CVE-2007-3631
MILW0RM
Hitachi -- Cosminexus TPBroker
Hitachi -- Cosminexus Application Server
Hitachi -- uCosminexus Application Server
Hitachi -- TPBroker Developer
Hitachi -- TPBroker		Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request.
unknown
2007-07-09
7.8CVE-2007-3626
OTHER-REF
SECUNIA
IBM -- AIXStack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.
unknown
2007-07-11
7.2CVE-2007-3680
IDEFENSE
OTHER-REF
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
KDDI -- EZFactory Download CGIDirectory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.
unknown
2007-07-11
7.8CVE-2007-3692
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
Konst -- CenterICQMultiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
unknown
2007-07-11
7.5CVE-2007-3713
BID
Levent Veysi Portal -- Levent Veysi PortalSQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-09
10.0CVE-2007-3629
SECUNIA
Linux -- KernelThe decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
unknown
2007-07-09
7.8CVE-2007-3642
OTHER-REF
SECUNIA
Masuga Design -- Unobtrusive Ajax Star Rating BarMultiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.
unknown
2007-07-11
7.5CVE-2007-3684
OTHER-REF
OSVDB
OSVDB
SECUNIA
Masuga Design -- Unobtrusive Ajax Star Rating BarCRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.
unknown
2007-07-11
7.5CVE-2007-3686
OTHER-REF
OSVDB
SECUNIA
maxsi -- evisit analystMultiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.
unknown
2007-07-11
7.5CVE-2007-3677
OTHER-REF
BID
McAfee -- ProtectionPilot
McAfee -- e-Business Server		Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.
unknown
2007-07-11
7.6CVE-2006-5271
ISS
OTHER-REF
FRSIRT
SECUNIA
XF
McAfee -- ProtectionPilot
McAfee -- e-Business Server
McAfee -- CMA		Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.
unknown
2007-07-11
7.5CVE-2006-5272
ISS
OTHER-REF
FRSIRT
SECUNIA
XF
McAfee -- ProtectionPilot
McAfee -- e-Business Server
McAfee -- CMA		Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
unknown
2007-07-11
7.6CVE-2006-5273
ISS
OTHER-REF
FRSIRT
SECUNIA
XF
McAfee -- CMA
McAfee -- ePolicy Orchestrator
McAfee -- ProtectionPilot		Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
unknown
2007-07-11
7.6CVE-2006-5274
ISS
OTHER-REF
FRSIRT
SECUNIA
XF
Microsoft -- windowsThe LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
unknown
2007-07-10
10.0CVE-2007-0040
MS
Microsoft -- .NET FrameworkThe PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
unknown
2007-07-10
9.3CVE-2007-0041
MS
Microsoft -- .NET FrameworkASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte.
unknown
2007-07-10
7.8CVE-2007-0042
MS
Microsoft -- .NET FrameworkThe Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
unknown
2007-07-10
9.3CVE-2007-0043
MS
Microsoft -- PublisherMicrosoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page, aka the "Publisher Invalid Memory Reference Vulnerability".
unknown
2007-07-10
9.3CVE-2007-1754
MS
Microsoft -- Office
Microsoft -- Excel		Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
unknown
2007-07-10
9.3CVE-2007-1756
MS
Microsoft -- Office
Microsoft -- Excel		Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
unknown
2007-07-10
9.3CVE-2007-3029
MS
Microsoft -- Excel
Microsoft -- Excel Viewer		Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
unknown
2007-07-10
7.6CVE-2007-3030
MS
Microsoft -- windowsThe Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
unknown
2007-07-10
7.8CVE-2007-3038
MS
Microsoft -- windowsUnspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.
unknown
2007-07-10
7.8CVE-2007-3671
OTHER-REF
OTHER-REF
BID
MKPortal -- MKPortalSQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-07-09
7.5CVE-2007-3637
MLIST
OTHER-REF
BID
Nonnoi Solutions -- ASP BarcodeThe Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.
unknown
2007-07-10
7.5CVE-2007-3660
BUGTRAQ
OTHER-REF
OpenLD -- OpenLDSQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-11
7.5CVE-2007-3682
MILW0RM
BID
SECUNIA
PHP Comet-Server -- PHP Comet-ServerPHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter.
unknown
2007-07-11
7.5CVE-2007-3710
BUGTRAQ
PHP Lite -- Calendar ExpressMultiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. NOTE: the month.php, year.php, week.php, and day.php vectors are already covered by CVE-2005-4009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-09
7.5CVE-2007-3627
BID
PowerPhlogger -- PowerPhloggerSQL injection vulnerability in include/get_userdata.php in PowerPhlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-06
7.5CVE-2007-3595
FRSIRT
Quark -- QuarkXPressStack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name.
unknown
2007-07-11
7.6CVE-2007-3678
OTHER-REF
SECUNIA
SAP -- SAPLPD
SAP -- SAPSPRINT		Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-09
7.8CVE-2006-7220
BID
SAP -- EnjoySAPStack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
unknown
2007-07-06
7.6CVE-2007-3605
BUGTRAQ
MILW0RM
BID
BID
XF
SAP -- EnjoySAPHeap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.
unknown
2007-07-06
7.6CVE-2007-3606
MILW0RM
BID
BID
XF
SAP -- SAP DBMultiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
unknown
2007-07-06
7.5CVE-2007-3614
BUGTRAQ
BID
SAP -- SAP Web Application Server
SAP -- Internet Communication Manager		Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.
unknown
2007-07-06
7.8CVE-2007-3615
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SAP -- SAP Message ServerHeap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
unknown
2007-07-09
10.0CVE-2007-3624
BUGTRAQ
OTHER-REF
BID
SECUNIA
SquirrelMail -- SquirrelMail
SquirrelMail -- GPG Plugin		Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
unknown
2007-07-09
7.5CVE-2007-3636
MLIST
Sun -- Java System Application Server
Sun -- Java System Web Server		Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-????.
unknown
2007-07-11
9.3CVE-2007-3715
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- JDK
Sun -- JRE		The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-????.
unknown
2007-07-11
9.3CVE-2007-3716
SUNALERT
FRSIRT
SECUNIA
Symantec -- Veritas Backup ExecHeap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.
unknown
2007-07-11
7.5CVE-2007-3509
IDEFENSE
OTHER-REF
BID
SECUNIA
Symantec -- GhostBuffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
unknown
2007-07-10
7.5CVE-2007-3666
BUGTRAQ
BUGTRAQ
OTHER-REF
The GIMP Team -- GIMPMultiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
unknown
2007-07-10
9.3CVE-2006-4519
IDEFENSE
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
Tipping Point -- Tipping Point
3Com -- TippingPoint IPS TOS		TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
unknown
2007-07-11
7.5CVE-2007-3701
BUGTRAQ
OTHER-REF
OTHER-REF
BID
TUFaT -- FlashBBPHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
unknown
2007-07-11
7.5CVE-2007-3697
BUGTRAQ
MILW0RM
Valarsoft -- WebMaticSQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. NOTE: some of these details are obtained from third party information.
unknown
2007-07-10
7.5CVE-2007-3648
OTHER-REF
FRSIRT
Valarsoft -- WebMaticMultiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."
unknown
2007-07-12
7.5CVE-2007-3727
OTHER-REF
FRSIRT
Vastal I-Tech -- phpVIDSQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-07-06
7.5CVE-2007-3610
MILW0RM
FRSIRT
Visual IRC -- Visual IRCStack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
unknown
2007-07-06
7.5CVE-2007-3612
MILW0RM
VRNews -- VRNewsadmin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.
unknown
2007-07-06
9.3CVE-2007-3611
MILW0RM
vtiger -- vtiger CRMvtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.
unknown
2007-07-06
8.5CVE-2007-3599
OTHER-REF
OTHER-REF
Zen Cart -- Zen CartSession fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.
unknown
2007-07-06
8.5CVE-2007-3597
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
ZoneO-Soft -- phpTrafficAThe isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.
unknown
2007-07-10
10.0CVE-2007-3647
BUGTRAQ
OTHER-REF
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ActiveReportsExcelReport -- ActiveReportsExcelReportUnspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable.
unknown
2007-07-10
5.0CVE-2007-3667
BUGTRAQ
ADA -- ImgSvrDirectory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464.
unknown
2007-07-11
5.0CVE-2007-3714
BID
Adobe -- Adobe Integrated RuntimeAdobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. NOTE: this may be an intended consequence of the AIR permission model; if so, then perhaps this issue should not be included in CVE.
unknown
2007-07-09
4.3CVE-2007-3640
BUGTRAQ
AdventNet -- ManageEngine Netflow AnalyzerMultiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp.
unknown
2007-07-06
4.3CVE-2007-3593
OTHER-REF
BID
SECUNIA
AV Scripts -- AV Tutorial ScriptchangePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
unknown
2007-07-09
6.4CVE-2007-3630
MILW0RM
AV Scripts -- AV Tutorial ScriptMultiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.
unknown
2007-07-11
6.8CVE-2007-3691
VIM
SECUNIA
Chilkat Software -- Chilkat Zip ActiveX controlAbsolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
unknown
2007-07-09
6.4CVE-2007-3633
MILW0RM
BID
Citrix -- Citrix Presentation ServerThe Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.
unknown
2007-07-09
5.0CVE-2007-3625
OTHER-REF
SECUNIA
Clam Anti-Virus -- ClamAVThe RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
unknown
2007-07-12
4.3CVE-2007-3725
BUGTRAQ
OTHER-REF
OTHER-REF
CodeIgniter -- CodeIgniterDirectory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
unknown
2007-07-11
5.0CVE-2007-3707
BUGTRAQ
CodeIgniter -- CodeIgniterCross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.
unknown
2007-07-11
4.3CVE-2007-3708
BUGTRAQ
CodeIgniter -- CodeIgniterCRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.
unknown
2007-07-11
5.0CVE-2007-3709
BUGTRAQ
DotClear -- DotClearCross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.
unknown
2007-07-10
4.3CVE-2007-3672
OTHER-REF
SECUNIA
Elite Bulletin Board -- Elite Bulletin BoardUnspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.
unknown
2007-07-06
5.0CVE-2007-3591
OTHER-REF
BID
SECUNIA
Elite Bulletin Board -- Elite Bulletin BoardPM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.
unknown
2007-07-06
6.5CVE-2007-3592
OTHER-REF
BID
SECUNIA
Eltima Software -- Virtual Serial PortEltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.
unknown
2007-07-10
5.0CVE-2007-3661
BUGTRAQ
Eltima Software -- RunServiceMultiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine.
unknown
2007-07-10
5.0CVE-2007-3664
BUGTRAQ
EZ Publish -- EZ PublisheZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
unknown
2007-07-06
4.0CVE-2006-7218
OTHER-REF
OTHER-REF
OTHER-REF
EZ Publish -- EZ PublisheZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
unknown
2007-07-06
4.0CVE-2006-7219
OTHER-REF
OTHER-REF
OTHER-REF
FreeBSD -- libarchivearchive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.
unknown
2007-07-13
4.3CVE-2007-3644
OTHER-REF
OTHER-REF
FREEBSD
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
FreeWRL -- FreeWRLBuffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-07-10
4.6CVE-2007-3659
BUGTRAQ
OTHER-REF
Gobi and Helma -- GobiCross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.
unknown
2007-07-11
4.3CVE-2007-3693
OTHER-REF
HiddenChest -- Yb ve Bayi Babvuru FormuMultiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-11
4.3CVE-2007-3712
BID
Hitachi -- JP1-HiCommand Device Manager
Hitachi -- JP1-HiCommand Tiered Storage Manager
Hitachi -- JP1-HiCommand Global Link Availability Manager
Hitachi -- JP1-HiCommand Replication Monitor		Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
unknown
2007-07-09
4.3CVE-2007-3623
OTHER-REF
SECUNIA
HP -- Photo Digital Imaging ActiveX ControlAbsolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
unknown
2007-07-10
6.8CVE-2007-3649
MILW0RM
BID
XF
HP -- OpenVMSThe default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.
unknown
2007-07-12
5.0CVE-2007-3729
OTHER-REF
SECUNIA
HP -- OpenVMSThe default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.
unknown
2007-07-12
5.0CVE-2007-3730
OTHER-REF
SECUNIA
Inferno Technologies -- RPG InfernoSQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 module for vBulletin allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
unknown
2007-07-11
6.5CVE-2007-3687
MILW0RM
BID
Innovasys -- DockStudioXPMultiple unspecified vulnerabilities in the InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function.
unknown
2007-07-10
5.0CVE-2007-3669
BUGTRAQ
IzzySoft -- phpVideoProinc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).
unknown
2007-07-06
4.3CVE-2007-3596
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
LimeSurvey -- LimeSurveyMultiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
unknown
2007-07-09
6.8CVE-2007-3632
MILW0RM
Maia Mailguard -- Maia MailguardDirectory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
unknown
2007-07-09
5.0CVE-2007-3619
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Maia Mailguard -- Maia MailguardMultiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php.
unknown
2007-07-09
5.0CVE-2007-3620
OTHER-REF
OTHER-REF
SECUNIA
Mail Machine -- Mail MachineDirectory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the archives parameter in a Load action.
unknown
2007-07-11
5.0CVE-2007-3702
MILW0RM
BID
Media Player Classic -- Media Player ClassicMedia Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.
unknown
2007-07-10
6.8CVE-2007-3662
BUGTRAQ
BUGTRAQ
Media Player Classic -- Media Player ClassicDivide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file.
unknown
2007-07-10
6.8CVE-2007-3663
BUGTRAQ
OTHER-REF
Microsoft -- Windows Server 2000The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
unknown
2007-07-10
5.0CVE-2007-3028
MS
Microsoft -- Register ServerUnspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library.
unknown
2007-07-10
5.0CVE-2007-3658
BUGTRAQ
BUGTRAQ
OTHER-REF
Microsoft -- Internet Explorer
Mozilla -- Firefox		Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.
unknown
2007-07-10
4.3CVE-2007-3670
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.
unknown
2007-07-10
6.8CVE-2007-3656
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Mozilla -- Firefox** DISPUTED ** Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition."
unknown
2007-07-10
4.3CVE-2007-3657
BUGTRAQ
BUGTRAQ
BID
NMSDVDXLib -- NMSDVDXLibMultiple unspecified vulnerabilities in NMSDVDXU.DLL in NMSDVDXLib allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables.
unknown
2007-07-10
5.0CVE-2007-3668
BUGTRAQ
PEAR -- Structures_DataGrid_DataSource_MDB2Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."
unknown
2007-07-09
5.0CVE-2007-3628
OTHER-REF
FRSIRT
RARLAB -- UnRARInteger signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.
unknown
2007-07-12
4.3CVE-2007-3726
BUGTRAQ
BUGTRAQ
BUGTRAQ
SAP -- EnjoySAPMultiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
unknown
2007-07-06
5.0CVE-2007-3607
BUGTRAQ
MILW0RM
MILW0RM
BID
SAP -- EnjoySAPMultiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
unknown
2007-07-06
5.0CVE-2007-3608
BUGTRAQ
MILW0RM
MILW0RM
BID
SAP -- Internet Graphics ServerCross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
unknown
2007-07-06
4.3CVE-2007-3613
BUGTRAQ
BID
SECUNIA
SILC -- SILC Client
SILC -- SILC Toolkit		Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
unknown
2007-07-12
5.0CVE-2007-3728
OTHER-REF
SECUNIA
SquirrelMail -- SquirrelMail
SquirrelMail -- GPG Plugin		Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-07-09
6.5CVE-2007-3634
MLIST
MLIST
MLIST
OTHER-REF
BID
SquirrelMail -- SquirrelMail
SquirrelMail -- GPG Plugin		Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow remote authenticated users to inject certain commands via unspecified vectors, probably related to a "dangerous PHP call."
unknown
2007-07-09
6.5CVE-2007-3635
MLIST
OTHER-REF
Sun -- JREStack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.
unknown
2007-07-10
6.8CVE-2007-3655
BUGTRAQ
BID
Sun -- JDK
Sun -- SDK
Sun -- JRE		The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.2.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
unknown
2007-07-11
4.3CVE-2007-3698
SUNALERT
Sun -- Solarisrcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
unknown
2007-07-12
6.9CVE-2007-3717
SUNALERT
FRSIRT
SECUNIA
Symantec -- GhostMultiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions.
unknown
2007-07-10
5.0CVE-2007-3665
BUGTRAQ
BUGTRAQ
OTHER-REF
vtiger -- vtiger CRMindex.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo.
unknown
2007-07-06
5.5CVE-2007-3598
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMWordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.
unknown
2007-07-06
4.0CVE-2007-3600
OTHER-REF
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMThe SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.
unknown
2007-07-06
5.5CVE-2007-3602
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMSQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.
unknown
2007-07-06
6.5CVE-2007-3603
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMvtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.
unknown
2007-07-06
4.0CVE-2007-3604
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMindex.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.
unknown
2007-07-06
6.5CVE-2007-3616
OTHER-REF
OTHER-REF
vtiger -- vtiger CRMThe report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.
unknown
2007-07-06
4.0CVE-2007-3617
OTHER-REF
OTHER-REF
WinPcap -- WinPcapThe IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
unknown
2007-07-11
6.6CVE-2007-3681
IDEFENSE
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
WordPress -- WordPressWordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.
unknown
2007-07-09
4.0CVE-2007-3639
BUGTRAQ
XF
Yahoo -- MessengerBuffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-07-09
6.0CVE-2007-3638
OTHER-REF
BID
Zenturi -- Zenturi ProgramCheckerStack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
unknown
2007-07-11
6.8CVE-2007-3703
MILW0RM
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AdventNet -- ManageEngine Netflow AnalyzerMultiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. NOTE: the searchTerm parameter in Search.do is already covered by CVE-2006-2343.
unknown
2007-07-06
2.6CVE-2007-3594
OTHER-REF
BID
Alt-N -- MDaemonUnspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.
unknown
2007-07-09
2.6CVE-2007-3622
OTHER-REF
SECUNIA
CodeIgniter -- CodeIgniterThe _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.
unknown
2007-07-11
2.1CVE-2007-3706
BUGTRAQ
DotClear -- DotClearMultiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.
unknown
2007-07-11
2.6CVE-2007-3688
OTHER-REF
SECUNIA
FreeBSD -- FreeBSDThe ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3721
OTHER-REF
FreeBSD -- FreeBSDThe 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3722
OTHER-REF
Linux -- KernelThe process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3719
OTHER-REF
Linux -- KernelThe process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3720
OTHER-REF
Masuga Design -- Unobtrusive Ajax Star Rating BarCross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-07-11
2.6CVE-2007-3685
OTHER-REF
OSVDB
SECUNIA
Microsoft -- Windows XPThe process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3724
OTHER-REF
Red Hat -- LinuxThe signal handling in the Linux kernel 2.6.2 and later, when run on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency.
unknown
2007-07-10
2.1CVE-2007-3107
OTHER-REF
REDHAT
SECTRACK
SECUNIA
Sun -- Java System Access ManagerSun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.
unknown
2007-07-11
1.7CVE-2007-3700
SUNALERT
Sun -- SolarisThe process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."
unknown
2007-07-12
2.1CVE-2007-3723
OTHER-REF
vtiger -- vtiger CRMvtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.
unknown
2007-07-06
2.1CVE-2007-3601
OTHER-REF
OTHER-REF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.