Vulnerability Summary for the Week of October 15, 2007

Released
Oct 22, 2007
Document ID
SB07-295

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- OfficeConnect Wireless 11g Cable_DSL RouterThe 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
unknown
2007-10-12
10.0CVE-2007-5419
BUGTRAQ
BID
Adobe -- Flash Player
Opera Software -- Opera		Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
unknown
2007-10-17
10.0CVE-2007-5476
OTHER-REF
Apple -- SafariUnspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
unknown
2007-10-14
9.3CVE-2007-5450
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
Artmedic Webdesign -- Artmedic CMSDirectory traversal vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.
unknown
2007-10-17
7.5CVE-2007-5489
MILW0RM
BID
Asterisk -- Asterisk-AddonsMultiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers when inserting a record.
unknown
2007-10-17
7.5CVE-2007-5488
OTHER-REF
BID
SECUNIA
Avaya -- VoIP HandsetUnspecified vulnerability in the Avaya VoIP Handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.8CVE-2007-5556
OTHER-REF
CA -- Server Protection Suite
CA -- Business Protection Suite
CA -- BrightStor Enterprise Backup
CA -- BrightStor ARCserve Backup		Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-10-12
10.0CVE-2007-5326
OTHER-REF
OTHER-REF
CA -- Server Protection Suite
CA -- Business Protection Suite
CA -- BrightStor Enterprise Backup
CA -- BrightStor ARCserve Backup		Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.
unknown
2007-10-12
10.0CVE-2007-5329
OTHER-REF
CA -- Server Protection Suite
CA -- Business Protection Suite
CA -- BrightStor Enterprise Backup
CA -- BrightStor ARCserve Backup		Multiple unspecified vulnerabilities in (1) lqserver and (2) media server in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.
unknown
2007-10-12
10.0CVE-2007-5331
OTHER-REF
CARE2X -- 2GMultiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458.
unknown
2007-10-12
7.5CVE-2007-5418
BUGTRAQ
OTHER-REF
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager		Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(2), and Unified CallManager 5.0, allow remote attackers to cause a denial of service (kernel panic) via a flood of SIP INVITE messages to UDP port 5060, which triggers resource exhaustion, aka CSCsi75822.
unknown
2007-10-17
7.8CVE-2007-5537
CISCO
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager		Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
unknown
2007-10-17
10.0CVE-2007-5538
CISCO
Cisco -- Unified Intelligent Contact Management Enterprise
Cisco -- Unified Contact Center Hosted
Cisco -- Unified Contact Center Enterprise
Cisco -- Cisco Unified ICM Hosted
Cisco -- Cisco System Unified Contact Center Enterprise		Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allow remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
unknown
2007-10-17
9.0CVE-2007-5539
CISCO
Cisco -- IOSOff-by-one error in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
9.3CVE-2007-5551
OTHER-REF
Cisco -- IOSInteger overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
9.3CVE-2007-5552
OTHER-REF
Cisco -- FWSM
Cisco -- PIX_ASA		Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco Firewall Services Module (FWSM) 3.1(5) and earlier, allow remote attackers to cause a denial of service (device reload) via a crafted MGCP packet, aka CSCsi90468 (appliance) and CSCsi00694 (FWSM).
unknown
2007-10-18
7.1CVE-2007-5568
CISCO
CISCO
BID
Cisco -- PIX_ASACisco PIX and ASA appliances with 7.1 and 7.2 software, when configured for TLS sessions to the device, allow remote attackers to cause a denial of service (device reload) via a crafted TLS packet, aka CSCsg43276 and CSCsh97120.
unknown
2007-10-18
7.1CVE-2007-5569
CISCO
BID
Cisco -- FWSMCisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, allows remote attackers to cause a denial of service (device reload) via a crafted HTTPS request, aka CSCsi77844.
unknown
2007-10-18
7.8CVE-2007-5570
CISCO
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup		Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-10-12
10.0CVE-2007-5325
OTHER-REF
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup		Stack-based buffer overflow in the RPC interface for the Message Engine (mediasvr.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a long argument in the 0x10d opnum.
unknown
2007-10-12
10.0CVE-2007-5327
BUGTRAQ
OTHER-REF
OTHER-REF
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup		CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows attackers to execute arbitrary code via a "Privileged function exposure."
unknown
2007-10-12
10.0CVE-2007-5328
OTHER-REF
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup		The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to (1) execute arbitrary code via stack-based buffer overflows in unspecified RPC procedures, and (2) trigger memory corruption related to the use of "handle" RPC arguments as pointers.
unknown
2007-10-12
10.0CVE-2007-5330
OTHER-REF
OTHER-REF
Computer Associates -- BrightStor ARCServe Backup
Computer Associates -- BrightStor Enterprise Backup		Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, have unknown impact and attack vectors related to memory corruption.
unknown
2007-10-12
10.0CVE-2007-5332
OTHER-REF
COWON America -- jetAudioStack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
unknown
2007-10-16
9.3CVE-2007-5487
MILW0RM
BID
FRSIRT
SECUNIA
CRS Manager -- CRS Manager** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker.
unknown
2007-10-14
7.5CVE-2007-5440
BUGTRAQ
OTHER-REF
eXtremail -- eXtremailMultiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; or (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp).
unknown
2007-10-15
10.0CVE-2007-5466
MILW0RM
MILW0RM
MILW0RM
eXtremail -- eXtremailUnspecified vulnerability in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), involving the memmove function, possibly similar to CVE-2001-1078 but with later affected versions.
unknown
2007-10-15
10.0CVE-2007-5467
MILW0RM
galmeta -- galmeta postPHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter.
unknown
2007-10-18
7.5CVE-2007-5567
OTHER-REF
VIM
gdata -- antivirusBuffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL in G DATA Antivirus 2007 might allow remote attackers to execute arbitrary code via unspecified parameters to the SelectPath function. NOTE: this issue might not cross privilege boundaries in most environments, since it is not marked as safe for scripting.
unknown
2007-10-12
7.6CVE-2007-5436
BUGTRAQ
OTHER-REF
BID
HP -- Linux Imaging and Printing Projecthpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail.
unknown
2007-10-12
7.6CVE-2007-5208
OTHER-REF
OTHER-REF
REDHAT
UBUNTU
IBM -- WebSphere Application ServerUnspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.
unknown
2007-10-16
10.0CVE-2007-5483
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- ThinkVantage TPMHeap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
10.0CVE-2007-5559
OTHER-REF
JavaAtWork -- MyFTPUploader Module
scottmanktelow -- Stride		include/imageupload.js in the MyFTPUploader module in Stride 1.0 contains sensitive information including FTP login credentials, which might allow remote attackers to gain unauthorized access to the FTP server being used by the module by viewing the source code.
unknown
2007-10-12
7.8CVE-2007-5431
BUGTRAQ
OTHER-REF
Juniper -- HTTP ServiceHeap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
10.0CVE-2007-5560
OTHER-REF
KwsPHP -- kwsphpSQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
unknown
2007-10-16
7.5CVE-2007-5485
MILW0RM
FRSIRT
LG Electronics -- LG mobile handsetInteger overflow in the LG Mobile handset allows remote attackers to cause a denial of service (reboot) via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.8CVE-2007-5558
OTHER-REF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331.
unknown
2007-10-14
7.5CVE-2007-5456
BUGTRAQ
Microsoft -- ActiveSyncMicrosoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak encryption (XOR obfuscation with a fixed key) when sending the user's PIN/Password over the USB connection from the host to the device, which might allow attackers to (1) sniff the PIN/Password or (2) spoof the docking process to trick the user into providing the PIN/Password.
unknown
2007-10-15
7.1CVE-2007-5460
BUGTRAQ
BID
mydoop -- doop CMSDirectory traversal vulnerability in doop CMS 1.3.7 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter to an unspecified component.
unknown
2007-10-15
7.5CVE-2007-5465
MILW0RM
NEC -- Mobile HandsetUnspecified vulnerability in the NEC mobile handset allows remote attackers to cause a denial of service (reboot) via crafted packets. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.8CVE-2007-5557
OTHER-REF
okulumunsitesi -- PortalSQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-10-17
7.5CVE-2007-5490
MILW0RM
OpenSSL Project -- OpenSSLOff-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-10-12
9.3CVE-2007-4995
OTHER-REF
SECUNIA
Opera Software -- OperaUnspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
unknown
2007-10-17
7.5CVE-2007-5540
OTHER-REF
BID
FRSIRT
SECUNIA
Opera Software -- OperaUnspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
unknown
2007-10-17
9.3CVE-2007-5541
OTHER-REF
BID
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25).
unknown
2007-10-17
9.0CVE-2007-5504
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to (1) the Export component (DB02), (2) Oracle Text (DB04), (3) Oracle Text (DB05), (4) Spatial component (DB07), and (5) Advanced Security Option (DB19).
unknown
2007-10-17
7.5CVE-2007-5505
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseThe Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (CPU consumption) via a crafted type 6 Data packet, aka DB20.
unknown
2007-10-17
7.8CVE-2007-5506
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8 and 9.2.0.8DV has unknown impact and remote attack vectors, aka DB06.
unknown
2007-10-17
9.0CVE-2007-5509
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle10g Database Server Release 1
Oracle -- Oracle10g Database Server Release 2
Oracle -- Oracle 9i Database Release 2		Multiple unspecified vulnerabilities in the Workspace Manager component in Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 have unknown impact and remote attack vectors, aka (1) DB08, (2) DB09, (3) DB10, (4) DB11, (5) DB12, (6) DB13, (7) DB14, (8) DB15, (9) DB16, (10) DB17, and (11) DB18. NOTE: one of these issues is probably CVE-2007-5511, but there are insufficient details to be certain.
unknown
2007-10-17
9.0CVE-2007-5510
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV and 10.2.0.3 has unknown impact and remote attack vectors, aka DB21.
unknown
2007-10-17
10.0CVE-2007-5512
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to (1) Database Vault component (DB24) and (2) SQL Execution component (DB26).
unknown
2007-10-17
9.0CVE-2007-5514
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in the Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB27.
unknown
2007-10-17
9.0CVE-2007-5515
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in the Oracle Process Mgmt & Notification component in Oracle Application Server 10.1.3.3 has unknown impact and remote attack vectors, aka AS01.
unknown
2007-10-17
10.0CVE-2007-5516
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.
unknown
2007-10-17
10.0CVE-2007-5517
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 10.1.3.2 has unknown impact and remote attack vectors, aka AS03.
unknown
2007-10-17
10.0CVE-2007-5518
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS04.
unknown
2007-10-17
10.0CVE-2007-5519
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Application Server
Oracle -- Oracle Database		Unspecified vulnerability in the Oracle Internet Directory component in Oracle Database 9.2.0.8 and 9.2.0.8DV, and Oracle Application Server 9.0.4.3, 10.1.3.0.0 up to 10.1.3.3.0, and 10.1.2.0.1 up to 10.1.2.2.0, has unknown impact and remote attack vectors, aka AS05.
unknown
2007-10-17
10.0CVE-2007-5520
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06.
unknown
2007-10-17
10.0CVE-2007-5521
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.4.1 has unknown impact and remote attack vectors, aka AS07.
unknown
2007-10-17
10.0CVE-2007-5522
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS08.
unknown
2007-10-17
10.0CVE-2007-5523
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS09 or AS9.
unknown
2007-10-17
10.0CVE-2007-5524
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.4.0.1; Collaboration Suite 10.1.2; and Enterprise Manager 10.1.2 has unknown impact and remote attack vectors, aka AS10.
unknown
2007-10-17
10.0CVE-2007-5525
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server		Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.
unknown
2007-10-17
10.0CVE-2007-5526
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationsMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Integration (APP02), (3) Applications Manager (APP04), (4) Marketing component (APP05), and (5) Exchange component (APP07).
unknown
2007-10-17
10.0CVE-2007-5527
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationsMultiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).
unknown
2007-10-17
10.0CVE-2007-5528
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationsUnspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08.
unknown
2007-10-17
9.0CVE-2007-5529
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.
unknown
2007-10-17
10.0CVE-2007-5530
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle Enterprise Manager
Oracle -- Oracle Application Server
Oracle -- Oracle Database		Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.
unknown
2007-10-17
10.0CVE-2007-5531
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.17, 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE01.
unknown
2007-10-17
10.0CVE-2007-5532
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in the People Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.14, 8.48.13, 8.49.05 has unknown impact and remote attack vectors, aka PSE02.
unknown
2007-10-17
9.0CVE-2007-5533
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- PeopleSoft EnterpriseUnspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.
unknown
2007-10-17
9.0CVE-2007-5534
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- OracleOracle allows remote attackers to obtain server memory contents via crafted packets, aka Oracle reference number 7892711. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.1CVE-2007-5554
OTHER-REF
Oracle -- OPMN daemon
Oracle -- Enterprise Grid Console Server		Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.
unknown
2007-10-18
10.0CVE-2007-5561
OTHER-REF
OTHER-REF
OTHER-REF
PHP -- PHPThe disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
unknown
2007-10-12
7.5CVE-2007-5424
BUGTRAQ
OTHER-REF
OTHER-REF
PHP File Sharing System -- PHP File Sharing SystemDirectory traversal vulnerability in index.php in PHP File Sharing System 1.5.1 allows remote attackers to list or create arbitrary directories, or delete arbitrary files, as demonstrated by listing directories via a .. (dot dot) in the cam parameter.
unknown
2007-10-14
7.5CVE-2007-5454
FULLDISC
BID
PHP-Stats -- PHP-StatsMultiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
unknown
2007-10-14
10.0CVE-2007-5452
MILW0RM
BID
PHP-Stats -- PHP-StatsMultiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
unknown
2007-10-14
8.5CVE-2007-5453
MILW0RM
BID
PHPBlog -- PHPBlog** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request.
unknown
2007-10-18
7.5CVE-2007-5566
OTHER-REF
phpSCMS -- phpSCMS** DISPUTED ** PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request.
unknown
2007-10-18
7.5CVE-2007-5565
OTHER-REF
RunCMS -- RunCMSUnspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.
unknown
2007-10-17
10.0CVE-2007-5535
OTHER-REF
SECUNIA
scottmanktelow -- Stride CMSMultiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
unknown
2007-10-12
7.5CVE-2007-5430
BUGTRAQ
OTHER-REF
scottmanktelow -- Stride CMSStride 1.0 has a default administrator username of "scott" with the password "running", which allows remote attackers to obtain administrative access through login.php.
unknown
2007-10-12
7.5CVE-2007-5432
BUGTRAQ
OTHER-REF
secureideas -- Basic Analysis and Security EngineBasic Analysis and Security Engine (BASE) before 1.3.8 sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication via (1) base_main.php, (2) base_qry_alert.php, and possibly other vectors.
unknown
2007-10-18
7.5CVE-2007-5578
FULLDISC
FULLDISC
OTHER-REF
BID
OSVDB
SECUNIA
XF
SiteBar -- SiteBarDirectory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
unknown
2007-10-17
9.0CVE-2007-5491
OTHER-REF
SoftBiz -- Recipes Portal ScriptSQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
unknown
2007-10-14
7.5CVE-2007-5449
MILW0RM
Sun -- SolarisUnspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.
unknown
2007-10-15
7.8CVE-2007-5462
SUNALERT
SuSE -- SuSE Linux Enterprise DesktopUnspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5195.
unknown
2007-10-14
7.5CVE-2007-5196
SUSE
SuSE -- SuSE Linux Enterprise Serverlibgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects other daemons that attempt to initialize this library within a chroot configuration or other invalid configuration.
unknown
2007-10-15
7.8CVE-2007-5471
OTHER-REF
BID
SECUNIA
Tibco -- Smart PGM FXFormat string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.5CVE-2007-5545
BUGTRAQ
OTHER-REF
BID
Tibco -- Smart PGM FXMultiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
9.3CVE-2007-5546
BUGTRAQ
OTHER-REF
BID
Tibco -- RendezvousUnspecified vulnerability in rvd in TIBCO Rendezvous allows remote attackers to cause a denial of service (daemon network outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
7.8CVE-2007-5553
OTHER-REF
VirtueMart -- VirtuemartUnspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
unknown
2007-10-18
7.5CVE-2007-5563
OTHER-REF
BID
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alorys-Hebergement -- newsletter module
Alorys-Hebergement -- KwsPHP		SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
unknown
2007-10-14
6.8CVE-2007-5458
MILW0RM
BEA Systems -- Tuxedo
BEA Systems -- WebLogic Enterprise
BEA Systems -- WebLogic Express
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Integration
BEA Systems -- WebLogic Portal
BEA Systems -- WebLogic Workshop		BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the (1) cnsbind, (2) cnsunbind, or (3) cnsls commands.
unknown
2007-10-18
4.3CVE-2007-5576
BEA
FRSIRT
XF
BoastMachine -- BoastMachineDirectory traversal vulnerability in index.php in bMachine 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
unknown
2007-10-12
5.0CVE-2007-5417
BUGTRAQ
OTHER-REF
OTHER-REF
Cisco -- Call ManagerCisco CallManager 5.1.1.3000-5 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").
unknown
2007-10-15
5.0CVE-2007-5468
FULLDISC
FULLDISC
FULLDISC
BID
Cisco -- IOSCross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
4.3CVE-2007-5547
OTHER-REF
Cisco -- IOSMultiple stack-based buffer overflows in Command EXEC in Cisco IOS allow local users to gain privileges via unspecified vectors, aka (1) PSIRT-0474975756 and (2) PSIRT-0388256465. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
6.9CVE-2007-5548
OTHER-REF
Cisco -- IOSUnspecified vulnerability in Command EXEC in Cisco IOS allows local users to bypass command restrictions and obtain sensitive information via an unspecified "variation of an IOS command" involving "two different methods", aka CSCsk16129. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
4.9CVE-2007-5549
OTHER-REF
Cisco -- IOSUnspecified vulnerability in Cisco IOS allows remote attackers to obtain the IOS version via unspecified vectors involving a "common network service", aka PSIRT-1255024833. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-10-18
5.0CVE-2007-5550
OTHER-REF
Cisco -- FWSMCisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, does not properly enforce edited ACLs, which might allow remote attackers to bypass intended restrictions on network traffic, aka CSCsj52536.
unknown
2007-10-18
6.8CVE-2007-5571
CISCO
CMS Made Simple -- CMS Made SimpleCMS Made Simple 1.1.3.1 does not check the permissions assigned to users in some situations, which allows remote authenticated users to perform some administrative actions, as demonstrated by (1) adding a user via a direct request to admin/adduser.php and (2) reading the admin log via an "admin/adminlog.php?page=1" request.
unknown
2007-10-14
6.5CVE-2007-5441
BUGTRAQ
OTHER-REF
CMS Made Simple -- CMS Made SimpleMultiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
unknown
2007-10-14
4.3CVE-2007-5443
BUGTRAQ
OTHER-REF
CMS Made Simple -- CMS Made SimpleCMS Made Simple 1.1.3.1 allows remote attackers to obtain the full path via a direct request for unspecified files.
unknown
2007-10-14
5.0CVE-2007-5444
BUGTRAQ
Computer Associates -- ERwin Process ModelerUnspecified vulnerability in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.2 might allow user-assisted remote attackers to cause a denial of service via a crafted Data Standards File (Datatype Standards File).
unknown
2007-10-12
4.3CVE-2007-5435
BUGTRAQ
OTHER-REF
BID
Computer Associates -- eTrust Integrated Threat ManagementThe web console in CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 allows remote attackers to redirect users to arbitrary web sites via a crafted HTTP URL on port 6689.
unknown
2007-10-12
5.8CVE-2007-5437
BUGTRAQ
OTHER-REF
BID
Computer Associates -- eTrust Integrated Threat ManagementCA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors.
unknown
2007-10-12
5.0CVE-2007-5439
BUGTRAQ
OTHER-REF
BID
DB Software Laboratory -- VImpXBuffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX control in VImpX.ocx 4.7.3.0 allows remote attackers to execute arbitrary code via a long RejectedRecordsFile parameter, a different vector than CVE-2007-2667.
unknown
2007-10-14
6.8CVE-2007-5445
BUGTRAQ
Digium -- AsteriskMultiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.
unknown
2007-10-12
6.8CVE-2007-5358
OTHER-REF
Distributed Checksum ClearingHouse -- DCCDistributed Checksum Clearinghouse (DCC) 1.3.65 allows remote attackers to cause a denial of service (crash) via a "SOCKS flood."
unknown
2007-10-16
5.0CVE-2007-5481
OTHER-REF
SECUNIA
dotProject -- dotProjectdotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
unknown
2007-10-16
6.4CVE-2007-5486
OTHER-REF
OTHER-REF
SECUNIA
Drupal -- DrupalDrupal 5.2 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by invoking the drupal_eval function through a callback parameter to the default URI, as demonstrated by the _menu[callbacks][1][callback] parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Drupal.
unknown
2007-10-12
6.8CVE-2007-5416
BUGTRAQ
OTHER-REF
InnovaAge -- InnovaShopMultiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.
unknown
2007-10-16
4.3CVE-2007-5480
BUGTRAQ
BID
Interspire -- ActiveKBSQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131.
unknown
2007-10-12
6.4CVE-2007-5425
BUGTRAQ
OTHER-REF
IrfanView -- IrfanViewStack-based buffer overflow in IrfanView 3.99 and 4.00 allows user-assisted remote attackers to execute arbitrary code via a crafted palette (.pal) file.
unknown
2007-10-16
5.1CVE-2007-4343
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- Joomla
Joomla -- com_search component		Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
unknown
2007-10-12
4.3CVE-2007-5427
BUGTRAQ
OTHER-REF
OTHER-REF
Joomla -- Joomla
com_colorlab -- com_colorlab		PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
unknown
2007-10-14
6.8CVE-2007-5451
MILW0RM
BID
Joomla -- JoomlaMultiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.
unknown
2007-10-18
4.3CVE-2007-5577
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
LFS -- Live for speedBuffer overflow in Live for Speed 0.5X10 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long skin name.
unknown
2007-10-15
6.5CVE-2007-5464
BUGTRAQ
OTHER-REF
BID
SECUNIA
LimeSurvey -- LimeSurveyPHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
unknown
2007-10-18
6.8CVE-2007-5573
MILW0RM
MADWifi -- MADWifiMadwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_ap.c and net80211/ieee80211_scan_sta.c.
unknown
2007-10-14
4.3CVE-2007-5448
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Michael Dempfle -- Joomla Flash Uploader
Joomla -- Joomla		Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
unknown
2007-10-14
6.8CVE-2007-5457
MILW0RM
BID
Microsoft -- Windows MobileThe SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.
unknown
2007-10-17
4.3CVE-2007-5493
BUGTRAQ
OTHER-REF
BID
Mono -- MonoStaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when running on Windows, allows remote attackers to obtain source code of sensitive files via a request containing a trailing (1) space or (2) dot, which is not properly handled by XSP.
unknown
2007-10-18
5.0CVE-2007-5473
OTHER-REF
Mozilla -- FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414.
unknown
2007-10-12
4.3CVE-2007-5415
BUGTRAQ
Mozilla -- Firefox
Itirou Maruta -- MouseoverDictionary		Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-10-14
4.3CVE-2007-5459
OTHER-REF
OTHER-REF
SECUNIA
Nabh Information Systems -- Stringbeans PortalCross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.
unknown
2007-10-16
4.3CVE-2007-5478
BUGTRAQ
BID
NetGear -- SSL312Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.
unknown
2007-10-18
4.3CVE-2007-5562
FULLDISC
OTHER-REF
BID
SECTRACK
XF
Nucleus CMS -- Nucleus CMSCross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.
unknown
2007-10-12
4.3CVE-2007-5429
BUGTRAQ
OTHER-REF
OTHER-REF
OpenSER -- OpenSEROpenSER 1.2.2 does not verify the Digest authentication header URI against the Request URI in SIP messages, which allows remote attackers to use sniffed Digest authentication credentials to call arbitrary telephone numbers or spoof caller ID (aka "toll fraud and authentication forward attack").
unknown
2007-10-15
5.0CVE-2007-5469
FULLDISC
FULLDISC
FULLDISC
BID
SECUNIA
OpenSSH -- OpenSSHUnspecified vulnerability in the linux_audit_record_event function in OpenSSH 4.3p2, as used on Fedora Core 6 and possibly other systems, allows remote attackers to write arbitrary characters to an audit log via a crafted username. NOTE: some of these details are obtained from third party information.
unknown
2007-10-18
4.3CVE-2007-3102
OTHER-REF
FEDORA
SECUNIA
OpenSSL Project -- OpenSSLUnspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors.
unknown
2007-10-17
4.9CVE-2007-5536
HP
BID
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseThe GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.
unknown
2007-10-17
6.4CVE-2007-5507
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseMultiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
unknown
2007-10-17
5.5CVE-2007-5508
BUGTRAQ
OTHER-REF
BID
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle10g Database Server Release 1
Oracle -- Oracle10g Database Server Release 2
Oracle -- Oracle 9i Database Release 2		SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
unknown
2007-10-17
6.5CVE-2007-5511
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Oracle -- Oracle DatabaseThe XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
unknown
2007-10-17
5.0CVE-2007-5513
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Perfection Bytes -- PBEmailAbsolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
unknown
2007-10-14
6.4CVE-2007-5446
MILW0RM
BID
PHP -- PHP
ioncube -- PHP Encoder		ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
unknown
2007-10-14
4.3CVE-2007-5447
MILW0RM
BID
SECUNIA
PHPDJ -- PHPDJPHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-10-18
6.8CVE-2007-5574
MILW0RM
Pligg -- Pligg CMSlogin.php in Pligg CMS 9.5 uses a guessable confirmation code when resetting a forgotten password, which allows remote attackers with knowledge of a username to reset that user's password by calculating the confirmationcode parameter.
unknown
2007-10-18
6.8CVE-2007-5579
BUGTRAQ
BID
XF
pro.setun -- PRO-searchCross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
unknown
2007-10-12
4.3CVE-2007-5434
BUGTRAQ
OTHER-REF
OTHER-REF
PTC -- MathcadThe "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element.
unknown
2007-10-18
4.6CVE-2007-4600
BUGTRAQ
SiteBar -- SiteBarStatic code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.
unknown
2007-10-17
4.6CVE-2007-5492
OTHER-REF
OTHER-REF
siteup -- siteupMultiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.
unknown
2007-10-12
4.3CVE-2007-5433
BUGTRAQ
OTHER-REF
OTHER-REF
SPHPBlog -- sphpBlogMultiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Blog (SPHPBlog) 0.4.9 allow remote attackers to perform delete actions as administrators via (1) the block_id parameter to add_block.php or (2) the link_id parameter to add_link.php.
unknown
2007-10-18
4.3CVE-2007-5572
BUGTRAQ
OTHER-REF
Sun -- SolarisUnspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.
unknown
2007-10-12
4.9CVE-2007-5422
SUNALERT
SECTRACK
SECUNIA
Sun -- StorEdge
Sun -- StorageTek		Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors.
unknown
2007-10-16
6.4CVE-2007-5482
SUNALERT
FRSIRT
SECTRACK
SECUNIA
SuSE -- SuSE Linux Enterprise DesktopUnspecified vulnerability in the SSL implementation in Groupwise client system in the novell-groupwise-client package in SUSE Linux Enterprise Desktop 10 allows remote attackers to obtain credentials via a man-in-the-middle attack, a different vulnerability than CVE-2007-5196.
unknown
2007-10-14
6.8CVE-2007-5195
SUSE
Symantec -- Altiris Deployment SolutionSymantec Altiris Deployment Solution 6 allows local users to obtain authentication credentials and gain privileges by reading process memory.
unknown
2007-10-18
6.9CVE-2007-5555
OTHER-REF
TikiWiki -- TikiwikiEval injection vulnerability in tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter.
unknown
2007-10-12
6.8CVE-2007-5423
BUGTRAQ
OTHER-REF
BID
Treble Designs -- 1024 CMSCross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-18
4.3CVE-2007-5575
SECUNIA
umi-cms -- UMI CMSCross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.
unknown
2007-10-12
4.3CVE-2007-5428
BUGTRAQ
OTHER-REF
Valve Software -- Half-Life Dedicated Server
Valve Software -- WebMod plugin		Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.
unknown
2007-10-16
4.3CVE-2007-5477
OTHER-REF
VIM
SECUNIA
ViArt -- Shopideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta and earlier might allow remote attackers to obtain the pathname for certificate and key files via an "iDEAL transaction", possibly involving fopen error messages for nonexistent files, a different issue than CVE-2007-5364. NOTE: this can be leveraged for reading certificate or key files if an installation places these files under the web document root.
unknown
2007-10-15
5.0CVE-2007-5463
BUGTRAQ
OTHER-REF
SECUNIA
XF
WWWIsis -- WWWIsisCross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in WWWISIS 5.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter to the default URI for iah/, in a call to the iah/iah.xis IsisScript code. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-14
4.3CVE-2007-5455
BID
WWWIsis -- WWWIsisDirectory traversal vulnerability in wxis.exe/iah in WWWISIS 7.1 allows local users to read arbitrary files via a .. (dot dot) in the IsisScript parameter.
unknown
2007-10-16
5.0CVE-2007-5484
MILW0RM
BID
Xcomputer -- XcomputerCross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.
unknown
2007-10-16
4.3CVE-2007-5479
BUGTRAQ

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- OfficeConnect Wireless 11g Cable_DSL RouterThe 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.
unknown
2007-10-12
2.6CVE-2007-5420
BUGTRAQ
BID
Apache Software Foundation -- TomcatAbsolute path traversal vulnerability in Apache Tomcat, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
unknown
2007-10-15
3.5CVE-2007-5461
FULLDISC
MILW0RM
CMS Made Simple -- CMS Made SimpleCMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.
unknown
2007-10-14
3.5CVE-2007-5442
BUGTRAQ
EMC -- VMware PlayerUnspecified vulnerability in a certain ActiveX control in Reconfig.DLL in EMC VMware Player might allow local users to cause a denial of service to the Virtual Disk Mount Service (vmount2.exe), related to the ConnectPopulatedDiskEx function.
unknown
2007-10-12
1.9CVE-2007-5438
BUGTRAQ
OTHER-REF
BID
Microsoft -- Expression MediaMicrosoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file.
unknown
2007-10-15
2.1CVE-2007-5470
MSKB
SECUNIA
Mozilla -- FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415.
unknown
2007-10-12
2.6CVE-2007-5414
BUGTRAQ
Novell -- opensusehugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
unknown
2007-10-14
3.3CVE-2007-5200
SUSE
Simple PHP Forum -- Simple PHP ForumMultiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile.
unknown
2007-10-18
2.6CVE-2007-5564
BUGTRAQ
BID
XF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.