Vulnerability Summary for the Week of October 1, 2007
Released
Oct 08, 2007
Document ID
SB07-281
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| actSite -- actSite | Directory traversal vulnerability in phpinc/news.php in actSite 1.56 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the do parameter. |
| 7.5 | CVE-2007-5174 MILW0RM OTHER-REF BID SECUNIA | ||
| ASP Product Catalog -- ASP Product Catalog | SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. |
| 7.5 | CVE-2007-5220 BUGTRAQ BID | ||
| Axis Communications -- 2100 Network Camera | Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_MailServer1 parameter to ServerManager.srv and (2) a hostname change through the conf_Network_HostName parameter on the Network page. |
| 9.3 | CVE-2007-5213 BUGTRAQ OTHER-REF BID | ||
| Computer Associates -- Desktop Management Suite Computer Associates -- Protection Suites Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops | Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function. |
| 10.0 | CVE-2007-5003 EEYE IDEFENSE OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Computer Associates -- Desktop Management Suite Computer Associates -- Protection Suites Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops | Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password. |
| 9.3 | CVE-2007-5004 EEYE OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Computer Associates -- Desktop Management Suite Computer Associates -- Protection Suites Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops | Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command. |
| 10.0 | CVE-2007-5005 EEYE OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Computer Associates -- Desktop Management Suite Computer Associates -- Protection Suites Computer Associates -- BrightStor ARCserve Backup Laptops_Desktops | Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. |
| 10.0 | CVE-2007-5006 IDEFENSE OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Computer Associates -- BrightStor Hierarchical Storage Manager | Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands. |
| 10.0 | CVE-2007-5082 IDEFENSE OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Computer Associates -- BrightStor Hierarchical Storage Manager | Multiple integer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands that trigger a heap-based buffer overflow. |
| 10.0 | CVE-2007-5083 IDEFENSE OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| e-Ark -- e-Ark | Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086. |
| 7.5 | CVE-2007-5216 OTHER-REF | ||
| iceows -- iceows | IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow. |
| 9.3 | CVE-2007-5155 OTHER-REF SECUNIA | ||
| Jacob Hinkle -- Godsend | Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal. |
| 7.5 | CVE-2007-5215 OTHER-REF | ||
| Linux -- Kernel | mount and umount in Linux kernel calls the setuid and setgid functions in the wrong order and does not check the return values, which allows attackers to gain privileges via helpers such as mount.nfs. |
| 7.2 | CVE-2007-5191 OTHER-REF | ||
| MambAds -- MambAds Mambo -- Mambo | SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. |
| 7.5 | CVE-2007-5177 MILW0RM BID | ||
| MAXdev -- MDPro | SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. |
| 7.5 | CVE-2007-5222 OTHER-REF OTHER-REF BID FRSIRT XF | ||
| Netkamp -- Netkamp Emlak Scripti | SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-5181 SECUNIA | ||
| NukeScripts -- NukeSentinel | SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. |
| 7.5 | CVE-2007-5150 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| NukeScripts -- NukeSentinel | SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie. |
| 7.5 | CVE-2007-5151 BUGTRAQ OTHER-REF BID | ||
| Ohesa Emlak Portali -- Ohesa Emlak Portali | Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.5 | CVE-2007-5180 SECUNIA | ||
| PHP-Fusion -- Expanded Calendar module PHP-Fusion -- PHP-Fusion | SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. |
| 7.5 | CVE-2007-5187 MILW0RM | ||
| Poppawid -- Poppawid | PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter. |
| 7.5 | CVE-2007-5221 MILW0RM BID | ||
| SmbFTPD -- SmbFTPD | Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. |
| 7.5 | CVE-2007-5184 MILW0RM OTHER-REF BID FRSIRT SECUNIA | ||
| Sun -- Java System Application Server Sun -- Java System Access Manager | Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks. |
| 7.5 | CVE-2007-5152 SUNALERT | ||
| Tcl_Tk -- Tcl_Tk | Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) before 8.4.16 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. |
| 7.5 | CVE-2007-5137 OTHER-REF SECUNIA | ||
| x-script -- GuestBook | Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. |
| 7.5 | CVE-2007-5189 BUGTRAQ | ||
| XOOPS -- Xoops | Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension. |
| 7.5 | CVE-2007-5188 OTHER-REF OTHER-REF FRSIRT SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| actSite -- actSite | PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. |
| 6.8 | CVE-2007-5175 MILW0RM BID | ||
| aimluck -- Aipo ASP aimluck -- Aipo | Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. |
| 4.3 | CVE-2007-5154 OTHER-REF SECUNIA | ||
| AlstraSoft -- Affiliate Network Pro | Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to include local files and have other unspecified impact, related to incorrect input validation or other defects involving (1) admin/backupstart.php, (2) a .sql filename under admin/admin/dump/, (3) a .sql filename in the fl parameter to admin/downloadbackup.php, and (4) a .. (dot dot) in the fl parameter to admin/downloadbackup.php. |
| 6.8 | CVE-2007-5223 BUGTRAQ BID | ||
| Apache Software Foundation -- HTTP Server sitex -- sitex CMS FCKeditor -- FCKeditor | Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529. |
| 6.8 | CVE-2007-5156 BUGTRAQ OTHER-REF | ||
| Apple -- Quicktime | Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045. |
| 6.8 | CVE-2007-4673 OTHER-REF APPLE BID | ||
| Arbor Networks -- Peakflow SP | Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.9 | CVE-2007-5210 SECUNIA | ||
| Arbor Networks -- Peakflow SP | Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving GET or POST requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5211 SECUNIA | ||
| Axis Communications -- 2100 Network Camera | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. |
| 4.3 | CVE-2007-5212 BUGTRAQ OTHER-REF BID | ||
| Axis Communications -- 2100 Network Camera | Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. NOTE: an attacker can leverage a CSRF vulnerability to modify saved settings. |
| 4.3 | CVE-2007-5214 BUGTRAQ OTHER-REF BID XF XF XF | ||
| CenterTools -- DriveLock | Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock 5.0 allows remote attackers to execute arbitrary code via a long HTTP request to TCP port 6061. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.8 | CVE-2007-5209 SECUNIA | ||
| Chupix -- Chupix CMS | PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. |
| 6.8 | CVE-2007-5139 MILW0RM | ||
| clanlite -- clanlite | Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules/serveur_jeux.php or (2) conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the require_once is only reached when a certain constant has already been defined. |
| 6.8 | CVE-2007-5168 OTHER-REF | ||
| Computer Associates -- BrightStor Hierarchical Storage Manager | Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via unspecified CsAgent service commands. |
| 6.8 | CVE-2007-5084 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Cyberlink -- PowerDVD | Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method. |
| 6.4 | CVE-2007-5219 MILW0RM BID SECUNIA | ||
| Der Dirigent -- Der Dirigent | Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. NOTE: vectors 4 and 5 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement. |
| 6.8 | CVE-2007-5146 OTHER-REF | ||
| Don Barnes -- DRBGuestbook | Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| 5.0 | CVE-2007-5218 BUGTRAQ | ||
| egov -- Manger | Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe. |
| 5.0 | CVE-2007-5078 BUGTRAQ OTHER-REF BID | ||
| FrontAccounting -- FrontAccounting | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure. |
| 6.8 | CVE-2007-5148 OTHER-REF | ||
| Grokster -- Grokster Altnet -- Altnet Download Manager KaZaA -- KaZaA Media Desktop | Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.8 | CVE-2007-5217 FRSIRT FRSIRT SECUNIA SECUNIA | ||
| grouplink -- eHelpDesk | Multiple cross-site scripting (XSS) vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) NA_DISPLAYNAME parameter in helpdesk/user/rf_create.jsp and the (2) username and (3) LDAPError parameters in index2.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5176 SECUNIA | ||
| i-Systems Inc. -- Feedreader | Cross-site scripting (XSS) vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. |
| 4.3 | CVE-2007-5161 BUGTRAQ BID | ||
| IntegraMOD -- Nederland | PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 6.8 | CVE-2007-5140 MILW0RM | ||
| Jimmac -- Original Photo Gallery | inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call. |
| 6.8 | CVE-2007-5224 BUGTRAQ OTHER-REF OTHER-REF | ||
| lustig -- lustig.cms | PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. |
| 6.8 | CVE-2007-5138 MILW0RM | ||
| megasol -- OdysseySuite | Cross-site scripting (XSS) vulnerability in Mailbox.mws in OdysseySuite, possibly 4.0.729, allows remote attackers to inject arbitrary web script or HTML via the idkey parameter. |
| 4.3 | CVE-2007-5183 OTHER-REF | ||
| Microsoft -- Windows Live Messenger | Buffer overflow in the GDI engine in Windows Live Messenger, as used for Windows MSN Live 8.1, allows user-assisted remote attackers to cause a denial of service (application crash or system crash) and possibly execute arbitrary code by placing a malformed file in a new folder under the Sharing Folders path, and triggering a synchronize operation through the Windows MSN Live online service, possibly related to extended file attributes and possibly related to an incomplete fix for MS07-046, as demonstrated by a (1) .jpg, (2) .gif, (3) .wmf, (4) .doc, or (5) .ico file. |
| 4.3 | CVE-2007-5144 OTHER-REF BID | ||
| Microsoft -- windows-nt | Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service (application crash) via long strings in the (1) author, (2) title, (3) subject, and (4) comment Properties fields of a file, possibly involving improper handling of extended file attributes by the (a) NtQueryInformationFile, (b) NtQueryDirectoryFile, (c) NtSetInformationFile, (d) FileAllInformation, (e) FileNameInformation, and other FILE_INFORMATION_CLASS functions in ntdll.dll and the (f) GetFileAttributesExW and (g) GetFileAttributesW functions in kernel32.dll, a related issue to CVE-2007-1347. |
| 4.3 | CVE-2007-5145 OTHER-REF | ||
| Microsoft -- Internet Explorer | The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511. |
| 4.3 | CVE-2007-5158 OTHER-REF BID SECUNIA | ||
| mxBB -- MX Glance | contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter. |
| 6.8 | CVE-2007-5178 MILW0RM VIM VIM BID | ||
| myIpacNG-stats -- myIpacNG-stats | ** DISPUTED ** PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use. |
| 6.8 | CVE-2007-5165 OTHER-REF | ||
| Nagios -- Plugins | Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects). |
| 6.8 | CVE-2007-5198 OTHER-REF OTHER-REF | ||
| Netkamp -- Netkamp Emlak Scripti | Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5182 SECUNIA | ||
| Nexty -- Nexty | ** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request. |
| 6.8 | CVE-2007-5163 OTHER-REF | ||
| North Country Public Radio -- Public Media Manager | PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter. |
| 6.8 | CVE-2007-5149 OTHER-REF | ||
| OpenID -- OpenID phpBB -- phpBB | PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. |
| 6.8 | CVE-2007-5173 MILW0RM BID | ||
| PHP Fidonet Tosser -- PHP Fidonet Tosser phpFidoNode -- phpFidoNode | PHP remote file inclusion vulnerability in phfito-post.php in Alex Kocharin PHP Fidonet Tosser (PhFiTo) 1.3.0 in phpFidoNode allows remote attackers to execute arbitrary PHP code via a URL in the SRC_PATH parameter to phfito-post. |
| 6.8 | CVE-2007-5157 MILW0RM BID | ||
| phpLister -- phpLister | PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter. |
| 6.8 | CVE-2007-5167 OTHER-REF | ||
| phpwcms-xt -- phpwcms-xt | Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/. |
| 6.8 | CVE-2007-5185 MILW0RM | ||
| Pidgin -- Pidgin | libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location." |
| 4.3 | CVE-2007-4996 OTHER-REF SECUNIA | ||
| Puzzle Apps CMS -- Puzzle Apps CMS | Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php. |
| 6.8 | CVE-2007-5147 OTHER-REF | ||
| Quicksilver Forums -- Quicksilver Forums | Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors. |
| 5.0 | CVE-2007-5171 OTHER-REF SECUNIA | ||
| Quicksilver Forums -- Quicksilver Forums | Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message. |
| 5.0 | CVE-2007-5172 OTHER-REF SECUNIA | ||
| Restaurant Management System -- Restaurant Management System | Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche Restaurant Management System (ReMaSys) 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the DIR_ROOT parameter to (a) global.php, or the (2) DIR_PAGE parameter to (b) template/fr/page.php or (c) page/fr/boxConnection.php. |
| 6.8 | CVE-2007-5160 OTHER-REF | ||
| rPath -- rmake | The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same device numbers as /dev/port, which might allow local users to gain root privileges. |
| 6.9 | CVE-2007-5194 OTHER-REF BID | ||
| ruby-lang -- Ruby | The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| 4.3 | CVE-2007-5162 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID | ||
| Segue CMS -- Segue CMS | PHP remote file inclusion vulnerability in index.php in Segue CMS 1.8.4 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter, a different vector than CVE-2006-5497. |
| 6.8 | CVE-2007-5186 MILW0RM VIM VIM | ||
| SiteSys -- SiteSys | Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php. |
| 6.8 | CVE-2007-5166 OTHER-REF | ||
| sitex -- sitex CMS | SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| 6.8 | CVE-2007-5141 BUGTRAQ OTHER-REF | ||
| Solidweb -- Novus | Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5142 BID | ||
| Sun -- Java System Application Server Sun -- Java System Access Manager | Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. |
| 6.8 | CVE-2007-5153 SUNALERT | ||
| Sun -- Embedded Lights Out Manager | Unspecified vulnerability in the embedded service processor (SP) before 3.09 in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) allows remote attackers to send arbitrary network traffic and act as a spam proxy. |
| 5.0 | CVE-2007-5170 SUNALERT BID SECUNIA | ||
| Sun -- Solaris | Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via unknown vectors, possibly involving the pipe function. |
| 4.9 | CVE-2007-5225 SUNALERT | ||
| TWiki -- TWiki | The default configuration for twiki 4.1.2 on Debian GNU/Linux, and possibly other operating systems, specifies the work area directory (cfg{RCS}{WorkAreaDir}) under the web document root, which might allow remote attackers to obtain sensitive information when .htaccess restrictions are not applied. |
| 5.0 | CVE-2007-5193 OTHER-REF | ||
| UniversiBO -- UniversiBO | ** DISPUTED ** PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request. |
| 6.8 | CVE-2007-5164 OTHER-REF | ||
| Y&K Iletisim Formu -- Y&K Iletisim Formu | Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-5179 SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Debian -- Duplicity | The FTP backend for Duplicity sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments. |
| 2.1 | CVE-2007-5201 OTHER-REF OTHER-REF | ||
| Debian -- guilt | guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file. |
| 3.3 | CVE-2007-5207 OTHER-REF | ||
| F-Secure -- F-Secure Anti-Virus | F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows local users to bypass virus scanning by using the system32 directory to store a crafted (1) archive or (2) packed executable. NOTE: in many environments, this does not cross privilege boundaries because any process able to write to system32 could also shut off F-Secure Anti-Virus. |
| 1.9 | CVE-2007-5143 OTHER-REF SECUNIA | ||
| Linux -- Kernel | The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors. |
| 1.9 | CVE-2007-4133 OTHER-REF OTHER-REF DEBIAN BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.