Vulnerability Summary for the Week of October 29, 2007

Released
Nov 05, 2007
Document ID
SB07-309

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AGTC Websolutions -- PHP-AGTC Membership Systemadduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin (userlevel 4) privileges.
unknown
2007-10-31
7.5CVE-2007-5752
BUGTRAQ
SECUNIA
amxmodx -- AMX Mod X
Valve Software -- Half-Life Dedicated Server		Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for Half-Life Server might allow attackers to execute arbitrary code or cause a denial of service via unspecified input related to geolocation, which triggers an error message from the (1) geoip_code2 or (2) geoip_code3 function, leading to a buffer overflow.
unknown
2007-10-30
7.5CVE-2007-5713
OTHER-REF
OTHER-REF
BID
SECUNIA
BitDefender -- AntiVirus
BitDefender -- Internet Security
BitDefender -- Total Security		Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-11-01
10.0CVE-2007-5775
OTHER-REF
BID
CodeWidgets -- Online Event Registration TemplateMultiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.
unknown
2007-10-29
7.5CVE-2007-5704
BUGTRAQ
BID
SECUNIA
emagic-cms -- emagiC CMS.NetSQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
unknown
2007-11-01
7.5CVE-2007-5783
MILW0RM
Flatnuke3 -- Flatnuke3Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain administrative access via a myforum%00 cookie.
unknown
2007-11-01
7.5CVE-2007-5771
BUGTRAQ
MILW0RM
BID
XF
ghlab -- Korean GHBoardUnrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.
unknown
2007-10-30
7.5CVE-2007-5737
BUGTRAQ
BID
GlobalLink -- GlobalLinkHeap-based buffer overflow in a certain ActiveX control in GLChat.ocx in GlobalLink 2.7.0.8 allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, as exploited in the wild. NOTE: some of these details are obtained from third party information.
unknown
2007-10-30
7.5CVE-2007-5722
BID
GOM Player -- GOM PlayerBuffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
unknown
2007-11-01
7.5CVE-2007-5779
MILW0RM
Grandstream -- HT488Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message.
unknown
2007-11-01
7.1CVE-2007-5788
OTHER-REF
SECUNIA
XF
Grandstream -- HT488The Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a flood of fragmented packets to port 5060.
unknown
2007-11-01
7.8CVE-2007-5789
OTHER-REF
SECUNIA
XF
HP -- OpenView Configuration Management
HP -- OpenView Client Configuraton Manager		Unspecified vulnerability in httpd.tkd in HP OpenView Configuration Management (CM) Infrastructure (Radia) 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to obtain sensitive information via unspecified vectors.
unknown
2007-10-29
7.8CVE-2007-5413
HP
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- Lotus DominoBuffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
unknown
2007-10-29
7.1CVE-2007-3510
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- Lotus NotesBuffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email.
unknown
2007-10-29
9.3CVE-2007-4222
IDEFENSE
OTHER-REF
BID
SECTRACK
XF
Invision Power Services -- Invision Power Board
sebflipper -- Multi-Forums module
phpBB -- phpBB		Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
unknown
2007-10-29
7.5CVE-2007-5688
OTHER-REF
BID
SECUNIA
Ipswitch -- IMail Client
Ipswitch -- IMail Server		Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.
unknown
2007-10-31
7.5CVE-2007-4345
OTHER-REF
SECUNIA
Japanese PHP Gallery Hosting -- Japanese PHP Gallery HostingUnrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information.
unknown
2007-10-30
7.5CVE-2007-5733
BUGTRAQ
BID
jeeblestechnology -- Jeebles DirectoryAbsolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.
unknown
2007-10-29
9.3CVE-2007-5706
BUGTRAQ
BID
SECUNIA
XF
jobsiteprofessional -- JobSite ProfessionalSQL injection vulnerability in file.php in JobSite Professional 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-01
7.5CVE-2007-5785
MILW0RM
Light FMan PHP -- Light FMan PHPUnspecified vulnerability in Light FMan PHP (lfman or lightfman) before 2.0rc1 has unknown impact and attack vectors related to "actions."
unknown
2007-10-31
7.5CVE-2007-5753
OTHER-REF
OTHER-REF
FRSIRT
McAfee -- e-Business ServerInteger overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
unknown
2007-10-31
9.3CVE-2007-2957
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
MiniBB -- MiniBBSQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.
unknown
2007-10-30
7.5CVE-2007-5719
MILW0RM
OpenLDAP -- OpenLDAPOpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double-free, but the reports are inconsistent.
unknown
2007-10-30
7.1CVE-2007-5707
OTHER-REF
OTHER-REF
MLIST
BID
FRSIRT
SECUNIA
OpenLDAP -- OpenLDAPslapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initiialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
unknown
2007-10-30
7.1CVE-2007-5708
OTHER-REF
OTHER-REF
MLIST
BID
FRSIRT
SECUNIA
RealNetworks -- RealPlayer Enterprise
RealNetworks -- RealPlayer
RealNetworks -- RealOne Player		Heap-based buffer overflow in RealNetworks RealPlayer 10.0 and 10.1, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted SWF (flash) file.
unknown
2007-10-31
9.3CVE-2007-2263
OTHER-REF
VIM
BID
FRSIRT
SECTRACK
SECUNIA
XF
RealNetworks -- RealPlayer Enterprise
RealNetworks -- RealPlayer
RealNetworks -- RealOne Player		Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, and 10.1; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RAM file.
unknown
2007-10-31
9.3CVE-2007-2264
OTHER-REF
VIM
BID
FRSIRT
SECTRACK
SECUNIA
XF
RealNetworks -- RealPlayer
RealNetworks -- RealOne Player		Stack-based buffer overflow in RealNetworks RealPlayer 10, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted PLS file.
unknown
2007-10-31
9.3CVE-2007-4599
OTHER-REF
VIM
BID
FRSIRT
SECTRACK
SECUNIA
XF
RealNetworks -- RealPlayer Enterprise
RealNetworks -- RealPlayer
RealNetworks -- RealOne Player		Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
unknown
2007-10-31
9.3CVE-2007-5080
OTHER-REF
OTHER-REF
VIM
BID
FRSIRT
SECTRACK
SECUNIA
XF
RealNetworks -- RealPlayer Enterprise
RealNetworks -- RealPlayer
RealNetworks -- RealOne Player		Heap-based buffer overflow in RealNetworks RealPlayer 8, 10 and 10.1; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
unknown
2007-10-31
9.3CVE-2007-5081
OTHER-REF
VIM
BID
FRSIRT
SECTRACK
SECUNIA
XF
Sony -- SonicStage CONNECT PlayerStack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-30
10.0CVE-2007-5709
SECUNIA
Stonesoft -- StoneGate IPSStonesoft StoneGate IPS before 4.0 does not properly decode Fullwidth/Halfwidth Unicode encoded data, which makes it easier for remote attackers to scan or penetrate systems and avoid detection.
unknown
2007-11-01
9.3CVE-2007-5793
OTHER-REF
CERT-VN
FRSIRT
Sun -- JRE
Sun -- SDK
Sun -- JDK		The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
unknown
2007-10-29
10.0CVE-2007-5689
SUNALERT
FRSIRT
SECUNIA
Sun -- SolarisUnspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors, probably related to a UDP packet.
unknown
2007-10-30
7.8CVE-2007-5716
SUNALERT
Sun -- Embedded Lights Out ManagerUnspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170.
unknown
2007-10-30
10.0CVE-2007-5717
SUNALERT
vergenet -- Perdition Mail Retrieval ProxyThe format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
unknown
2007-10-31
7.5CVE-2007-5740
FULLDISC
Vonage -- Motorola Phone Adapter VT2142-VDThe Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
unknown
2007-11-01
10.0CVE-2007-5791
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
Vonage -- Motorola Phone Adapter VT2142-VDThe Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
unknown
2007-11-01
7.1CVE-2007-5792
OTHER-REF
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3proxy -- 3proxyDouble-free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.
unknown
2007-10-29
5.0CVE-2007-5622
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
a-enterprise -- GoSambaMultiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php.
unknown
2007-11-01
6.8CVE-2007-5786
MILW0RM
Asterisk -- ZaptelBuffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field.
unknown
2007-10-29
4.6CVE-2007-5690
BUGTRAQ
OTHER-REF
BID
XF
Blue-Collar Productions -- i-GalleryDirectory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.
unknown
2007-11-01
5.0CVE-2007-5776
BUGTRAQ
Blue-Collar Productions -- i-GalleryBlue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.
unknown
2007-11-01
5.0CVE-2007-5777
BUGTRAQ
Caupo.net -- CaupoShop ProPHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
unknown
2007-11-01
6.8CVE-2007-5784
MILW0RM
creapark -- GOLD KOY PORTALICross-site scripting (XSS) vulnerability in default.asp in CREApark GOLD KOY PORTALI allows remote attackers to inject arbitrary web script or HTML via the aranan parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-29
4.3CVE-2007-5698
SECUNIA
cups -- CUPSOff-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
unknown
2007-10-31
6.8CVE-2007-4351
OTHER-REF
SECUNIA
DenyHosts -- DenyHostsDenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as demonstrated by the root username, a different vulnerability than CVE-2007-4323.
unknown
2007-10-30
4.3CVE-2007-5715
OTHER-REF
OTHER-REF
efileman -- efilemanUnrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows remote attackers to upload arbitrary files, with "uploads/upload_file." destination filenames, via unspecified vectors to upload.cgi, accessed from upload.html.
unknown
2007-10-30
6.4CVE-2007-5734
BUGTRAQ
BID
efileman -- efilemaneFileMan 7.1.0.87-88 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain unspecified user information via a direct request for cgi-bin/efileman/efileman_config.pm.
unknown
2007-10-30
5.0CVE-2007-5735
BUGTRAQ
BID
eIQnetworks -- Enterprise Security AnalyzerStack-based buffer overflow in eIQNetworks Enterprise Security Analyzer (ESA) 2.5 allows remote attackers to execute arbitrary code via certain data on TCP port 10616 that results in a long argument to the SEARCHREPORT command, a different vector than CVE-2007-2059.
unknown
2007-10-29
6.8CVE-2007-5699
MILW0RM
BID
elouai -- Force DownloadDirectory traversal vulnerability in downloadfile.php in eLouai's Force Download of media files script, as available on 20071030 and earlier, allows remote attackers to read arbitrary files via the file parameter. NOTE: this issue only occurs in environments where the system administrator has not followed the vendor recommendations that this product should only be used internally.
unknown
2007-10-30
5.0CVE-2007-5732
BUGTRAQ
OTHER-REF
Fabrice Bellard -- QEMUInteger signedness error in the NE2000 emulator in QEMU 0.8.2 allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
unknown
2007-10-30
6.6CVE-2007-1321
OTHER-REF
DEBIAN
REDHAT
Fabrice Bellard -- QEMUThe NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.
unknown
2007-10-30
6.6CVE-2007-5729
OTHER-REF
DEBIAN
Fabrice Bellard -- QEMUHeap-based buffer overflow in QEMU 0.8.2 allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
unknown
2007-10-30
6.6CVE-2007-5730
OTHER-REF
DEBIAN
FireConfig -- FireConfigDirectory traversal vulnerability in dl.php in FireConfig 0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-11-01
5.0CVE-2007-5782
MILW0RM
Flatnuke3 -- Flatnuke3Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
unknown
2007-11-01
6.0CVE-2007-5772
BUGTRAQ
MILW0RM
Flatnuke3 -- Flatnuke3Cross-site request forgery (CSRF) vulnerability in index.php in the File Manager module in Flatnuke 3 allows remote attackers to perform certain actions as administrators via requests containing the pathname in the dir parameter and the filename in the ffile parameter.
unknown
2007-11-01
4.3CVE-2007-5773
MILW0RM
XF
Flatnuke3 -- Flatnuke3index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
unknown
2007-11-01
5.0CVE-2007-5774
MILW0RM
XF
Gentoo -- MLDonkey ebuildThe Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
unknown
2007-10-30
6.8CVE-2007-5714
GENTOO
SECUNIA
ghlab -- Korean GHBoardThe FlashUpload component in Korean GHBoard uses a client-side protection mechanism to prevent uploading of dangerous file extensions, which allows remote attackers to bypass restrictions and upload arbitrary files via a modified copy of component/flashupload/upload.html.
unknown
2007-10-30
6.8CVE-2007-5738
BUGTRAQ
BID
ghlab -- Korean GHBoardDirectory traversal vulnerability in component/flashupload/download.jsp in the FlashUpload component in Korean GHBoard allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.
unknown
2007-10-30
5.0CVE-2007-5739
BUGTRAQ
BID
Globe7 -- Globe7The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.
unknown
2007-10-31
5.0CVE-2007-5768
OTHER-REF
GNOME -- Screensaver
Compiz -- Compiz		GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
unknown
2007-10-29
6.2CVE-2007-3920
UBUNTU
BID
SECUNIA
IBM -- Tivoli Storage Manager ClientCross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
unknown
2007-10-30
4.3CVE-2007-4348
OTHER-REF
FRSIRT
SECUNIA
IBM -- Lotus Notes
IBM -- Lotus Domino		IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
unknown
2007-10-29
6.2CVE-2007-5544
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- Lotus DominoThe Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information.
unknown
2007-10-29
6.3CVE-2007-5700
OTHER-REF
BID
FRSIRT
SECUNIA
XF
jeeblestechnology -- Jeebles DirectoryUnspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-29
6.0CVE-2007-5705
SECUNIA
XF
Massive Entertainment -- World in ConflictMassive Entertainment World in Conflict 1.001 and earlier allows remote attackers to cause a denial of service (failed assertion and daemon crash) via a large packet to TCP or UDP port 48000.
unknown
2007-10-30
5.0CVE-2007-5711
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Mobile-Spy -- Mobile-SpyMobile Spy (1) stores login credentials in cleartext under the RetinaxStudios registry key, and (2) sends login credentials and log data over a cleartext HTTP connection, which allows attackers to obtain sensitive information by reading the registry or sniffing the network.
unknown
2007-11-01
6.4CVE-2007-5778
BUGTRAQ
OTHER-REF
OTHER-REF
Mozilla -- FirefoxParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."
unknown
2007-10-29
4.3CVE-2007-5691
BUGTRAQ
OTHER-REF
BID
XF
myspacepros -- MySpace Resource ScriptPHP remote file inclusion vulnerability in _theme/breadcrumb.php in MySpacePros MySpace Resource Script (MSRS) 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the rootBase parameter.
unknown
2007-10-30
6.8CVE-2007-5721
MILW0RM
BID
Novell -- OpenSUSE SWAMPCross-site scripting (XSS) vulnerability in swamp/action/LoginActions (aka the login box) in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-10-29
4.3CVE-2007-5702
BUGTRAQ
BID
SECUNIA
XF
NuFW -- NuFWHeap-based buffer overflow in the samp_send function in nuauth/sasl.c in NuFW before 2.2.7 allows remote attackers to cause a denial of service via unspecified input on which base64 encoding is performed. NOTE: some of these details are obtained from third party information.
unknown
2007-10-30
5.0CVE-2007-5723
OTHER-REF
SECUNIA
Omnistar Interactive -- Omnistar LiveMultiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to kb.php in (1) smartshop/users/ and (2) users/, and possibly (3) the Email Box field in profile.php.
unknown
2007-10-30
4.3CVE-2007-5724
BUGTRAQ
BID
OneOrZero -- OneOrZero HelpdeskIncomplete blacklist vulnerability in the stripScripts function in common.php in OneOrZero Helpdesk 1.6.5.4, 1.6.4.2, and possibly other versions, allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary web script or HTML via XSS sequences without SCRIPT tags in the description parameter to (1) tcreate.php or (2) tupdate.php, as demonstrated using an onmouseover event in a b tag.
unknown
2007-10-30
4.3CVE-2007-5727
BUGTRAQ
BID
SECUNIA
phpBasic -- phpBasicPHP remote file inclusion vulnerability in includes.php in phpBasic allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, possibly related to the Music module.
unknown
2007-10-29
6.8CVE-2007-5696
BUGTRAQ
phpFaber -- URLInnPHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter.
unknown
2007-10-31
6.8CVE-2007-5754
MILW0RM
phpimage -- PHP ImageMultiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the xarg parameter to (1) xarg_corner.php, (2) xarg_corner_bottom.php, and (3) xarg_corner_top.php.
unknown
2007-10-29
6.8CVE-2007-5697
MILW0RM
BID
phpPgAdmin -- phpPgAdminCross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
unknown
2007-10-30
4.3CVE-2007-5728
FULLDISC
BID
SECUNIA
XF
PHPToys -- Micro Login SystemMicro Login System 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a password via a direct request for userpwd.txt.
unknown
2007-11-01
5.0CVE-2007-5787
BUGTRAQ
Pidgin -- Pidginlibpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
unknown
2007-10-29
4.3CVE-2007-4999
OTHER-REF
FRSIRT
SECUNIA
profilecms -- ProfileCMSUnrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.
unknown
2007-10-30
6.8CVE-2007-5720
MILW0RM
BID
quirm -- SAXONSAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.
unknown
2007-10-30
5.0CVE-2007-4861
BUGTRAQ
OTHER-REF
OTHER-REF
quirm -- SAXONCross-site scripting (XSS) vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the config[news_url] parameter.
unknown
2007-10-30
4.3CVE-2007-4862
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
quirm -- SAXONSQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.
unknown
2007-10-30
6.8CVE-2007-4863
BUGTRAQ
OTHER-REF
OTHER-REF
BID
RSA -- KEON Registration Authority Web InterfaceMultiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-10-29
4.3CVE-2007-5703
BUGTRAQ
OTHER-REF
CERT-VN
BID
SECTRACK
SeeBlick -- SeeBlickUnrestricted file upload vulnerability in upload.php in SeeBlick 1.0 Beta allows remote attackers to upload arbitrary files via unspecified vectors. NOTE: these files are stored with .html extensions, so the scope of the attack might be limited to resource consumption and possibly XSS.
unknown
2007-10-30
6.4CVE-2007-5736
BUGTRAQ
Sige -- SigePHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
unknown
2007-11-01
6.8CVE-2007-5781
MILW0RM
SiteBar -- SiteBarMultiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to integrator.php; (2) the token parameter in a New Password action, (3) the nid_acl parameter in a Folder Properties action, or (4) the uid parameter in a Modify User action to command.php; or (5) the target parameter to index.php, different vectors than CVE-2006-3320.
unknown
2007-10-29
4.3CVE-2007-5692
BUGTRAQ
OTHER-REF
BID
SiteBar -- SiteBarEval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.
unknown
2007-10-29
6.0CVE-2007-5693
BUGTRAQ
OTHER-REF
BID
SiteBar -- SiteBarAbsolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.
unknown
2007-10-29
6.8CVE-2007-5694
BUGTRAQ
OTHER-REF
BID
SiteBar -- SiteBarcommand.php in SiteBar 3.3.8 allows remote attackers to redirect users to arbitrary web sites via the forward parameter in a Log In action.
unknown
2007-10-29
6.4CVE-2007-5695
BUGTRAQ
OTHER-REF
BID
smart-shop -- Smart-ShopMultiple cross-site scripting (XSS) vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via (1) the email parameter to index.php; or the command parameter to index.php in (2) the default action for the home page, (3) a currencies action, or (4) a basket action.
unknown
2007-10-30
4.3CVE-2007-5725
BUGTRAQ
BID
Sun -- SolarisUnspecified vulnerability in the Stream Control Transmission Protocol (sctp) functionality in Sun Solaris 10, when at least one SCTP socket is in the LISTEN state, allows remote attackers to cause a denial of service (panic) via unspecified vectors related to "INIT processing."
unknown
2007-10-30
6.8CVE-2007-5726
SUNALERT
Telematic Lab -- teatroPHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
unknown
2007-11-01
6.8CVE-2007-5780
MILW0RM
Trend Micro -- PC-Cillin Internet Security 2007
Trend Micro -- Scan Engine		The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403.
unknown
2007-10-30
6.2CVE-2007-4277
IDEFENSE
OTHER-REF
SECTRACK
vobcopy -- vobcopyvobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.
unknown
2007-10-30
4.9CVE-2007-5718
OTHER-REF
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Jakarta SlideAbsolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
unknown
2007-10-30
3.5CVE-2007-5731
MILW0RM
Django Project -- DjangoThe internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
unknown
2007-10-30
2.6CVE-2007-5712
OTHER-REF
SECUNIA
Globe7 -- Globe7The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.
unknown
2007-11-01
2.1CVE-2007-5790
OTHER-REF
BID
SECUNIA
XF
IBM -- Lotus DominoIncomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with physical access, to obtain sensitive information (passwords) when an administrator enters a "ca activate" or "ca unlock" command with any uppercase character, which bypasses a blacklist designed to suppress password logging, resulting in cleartext password disclosure in the console log and Admin panel.
unknown
2007-10-29
2.1CVE-2007-5701
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Liferea -- LifereaLiferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
unknown
2007-10-31
2.1CVE-2007-5751
OTHER-REF
SECUNIA
WordPress -- WordPressCross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.
unknown
2007-10-30
2.6CVE-2007-5710
OTHER-REF
OTHER-REF
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.