Vulnerability Summary for the Week of December 24, 2007
Released
Jan 02, 2008
Document ID
SB07-365
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 1024 CMS -- 1024 CMS | SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter. |
| 7.5 | CVE-2007-6583 MILW0RM | ||
| AdultScript -- AdultScript | Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php. |
| 7.5 | CVE-2007-6576 MILW0RM OTHER-REF | ||
| Agares Media -- Arcadem | PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. |
| 7.5 | CVE-2007-6542 MILW0RM | ||
| Blakord -- Blakord Portal | Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. |
| 7.5 | CVE-2007-6565 BUGTRAQ MILW0RM OTHER-REF BID | ||
| Brand039 -- mmsLamp | SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action. |
| 7.5 | CVE-2007-6575 MILW0RM XF | ||
| Eagle Software -- AERIES Browser Interface | SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information. |
| 7.5 | CVE-2007-6517 OTHER-REF BID SECUNIA | ||
| eSyndicat -- eSyndicat Link Exchange | SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6543 MILW0RM | ||
| George Lewe -- TeamCal Pro | Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php. |
| 7.5 | CVE-2007-6554 MILW0RM BID | ||
| HP -- HP-UX | Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
| 7.8 | CVE-2007-6419 HP BID SECUNIA | ||
| HP -- LoadRunner Groove -- Virtual Office Persits Software -- XUpload | Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function. |
| 9.3 | CVE-2007-6530 FULLDISC BID FRSIRT SECUNIA SECUNIA SECUNIA | ||
| IBM -- Domino Web Access IBM -- Lotus Domino Web Access | Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1. |
| 9.3 | CVE-2007-4474 FULLDISC CERT-VN BID FRSIRT SECUNIA XF | ||
| IBM -- DB2 Content Manager Toolkit | Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting." |
| 10.0 | CVE-2007-6525 AIXAPAR AIXAPAR BID FRSIRT SECUNIA XF | ||
| Inmatrix -- Zoom Player | Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message. |
| 7.5 | CVE-2007-6533 BUGTRAQ BID | ||
| IP_Reg -- IP_Reg | Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. |
| 7.5 | CVE-2007-6579 MILW0RM BID | ||
| Logaholic -- Logaholic | Multiple SQL injection vulnerabilities in Logaholic allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. |
| 7.5 | CVE-2007-6559 BUGTRAQ BID | ||
| Mail Machine -- MailMachine_PRO | SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6551 MILW0RM OTHER-REF | ||
| Meeting Room Booking Software -- MRBS | SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6538 BUGTRAQ BID XF | ||
| MeGaCheatZ -- MeGaCheatZ | Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors. |
| 7.5 | CVE-2007-6557 MILW0RM OTHER-REF BID | ||
| Neuron -- News | SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. |
| 7.5 | CVE-2007-6540 BUGTRAQ | ||
| nicLor -- nicLor | SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php. |
| 7.5 | CVE-2007-6586 MILW0RM BID | ||
| Opera Software -- Opera | Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates. |
| 10.0 | CVE-2007-6521 OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| Opera Software -- Opera | Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks. |
| 7.8 | CVE-2007-6523 BUGTRAQ BID FRSIRT | ||
| Opera Software -- Opera | Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file. |
| 7.8 | CVE-2007-6524 OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| Phil Taylor -- mosDirectory | PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. |
| 9.3 | CVE-2007-6555 MILW0RM BID | ||
| Plogger -- Plogger | SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6587 OTHER-REF OTHER-REF BID | ||
| PMOS Helpdesk -- PMOS Helpdesk | form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. |
| 7.5 | CVE-2007-6550 MILW0RM | ||
| QKSoft -- QK SMTP Server 3 | QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551. |
| 7.8 | CVE-2007-6573 BUGTRAQ | ||
| RunCMS -- RunCMS | Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. |
| 7.5 | CVE-2007-6544 BUGTRAQ MILW0RM MILW0RM OTHER-REF BID | ||
| RunCMS -- RunCMS | Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenanc! e.php in modules/. |
| 7.5 | CVE-2007-6548 BUGTRAQ MILW0RM OTHER-REF BID | ||
| RunCMS -- RunCMS | Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." |
| 7.5 | CVE-2007-6549 OTHER-REF | ||
| TikiWiki -- Tikiwiki | Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php. |
| 10.0 | CVE-2007-6529 OTHER-REF SECUNIA | ||
| Wallpaper -- Wallpaper Complete Website | Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php. |
| 7.5 | CVE-2007-6580 MILW0RM BID | ||
| Websihirbazi -- websihirbazi | Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. |
| 7.5 | CVE-2007-6556 MILW0RM | ||
| WinAce -- WinAce | Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive. |
| 10.0 | CVE-2007-6563 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| WoltLab -- Burning Board Lite | Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. |
| 7.5 | CVE-2007-6518 BUGTRAQ BID SECUNIA | ||
| XZero Scripts -- XZero Community Classifieds | SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. |
| 7.5 | CVE-2007-6566 MILW0RM BID | ||
| XZero Scripts -- XZero Community Classifieds | PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. |
| 7.5 | CVE-2007-6568 MILW0RM BID | ||
| Zeak.net -- PHP_ZLink | SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-6578 MILW0RM XF | ||
| zSuite -- zBlog | Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action. |
| 7.5 | CVE-2007-6577 MILW0RM BID XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 1024 CMS -- 1024 CMS | Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. |
| 6.4 | CVE-2007-6584 MILW0RM | ||
| Apache Software Foundation -- Tomcat | The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. |
| 6.4 | CVE-2007-5342 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID | ||
| Apple -- Safari | Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
| 4.3 | CVE-2007-6592 BUGTRAQ BUGTRAQ OTHER-REF | ||
| auraCMS -- AuraCMS | Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request. |
| 6.0 | CVE-2007-6552 MILW0RM OTHER-REF | ||
| C97net -- mBlog | Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action. |
| 6.4 | CVE-2007-6582 MILW0RM BID SECUNIA XF | ||
| Dokeos -- Open Source Learning and Knowledge Management Tool Dokeos -- Open Source Learning and Knowledge Management | Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. |
| 4.3 | CVE-2007-6574 BUGTRAQ BID | ||
| George Lewe -- TeamCal Pro | Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845. |
| 6.8 | CVE-2007-6553 MILW0RM BID | ||
| Google -- Google Toolbar | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. |
| 6.8 | CVE-2007-6536 BUGTRAQ OTHER-REF SECUNIA XF | ||
| HP -- Tru64-UNIX | Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors. |
| 4.9 | CVE-2007-6519 HP BID SECUNIA | ||
| iDevspot -- iSupport | PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. |
| 6.8 | CVE-2007-6539 BUGTRAQ BID XF | ||
| KDE -- Konqueror | KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
| 4.3 | CVE-2007-6591 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF | ||
| Limbo CMS -- Limbo CMS | Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter. |
| 4.3 | CVE-2007-6564 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Logaholic -- Logaholic | Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php. |
| 4.3 | CVE-2007-6560 BUGTRAQ BID | ||
| Microsoft -- Publisher | Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart. |
| 6.8 | CVE-2007-6534 BUGTRAQ BID | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. |
| 4.3 | CVE-2007-6589 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| Mozilla -- SeaMonkey Mozilla -- Firefox Netscape -- Netscape Mozilla -- Mozilla | Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
| 4.3 | CVE-2007-6590 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF SECTRACK | ||
| Neuron News -- Neuron News | Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/. |
| 4.3 | CVE-2007-6541 BUGTRAQ | ||
| NmnNewsletter -- NmnNewsletter | PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. |
| 6.8 | CVE-2007-6585 MILW0RM BID FRSIRT SECUNIA XF | ||
| Opera Software -- Opera | Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. |
| 4.3 | CVE-2007-6520 OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| Opera Software -- Opera | The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. |
| 4.3 | CVE-2007-6522 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| PDFLib -- PDFLib | Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors. |
| 5.7 | CVE-2007-6561 BUGTRAQ BID SECUNIA | ||
| PHPCredo -- PHCDownload | Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-6588 BID XF | ||
| Rickard Andersson -- PunBB | uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type. |
| 5.8 | CVE-2007-6527 OTHER-REF SECUNIA XF | ||
| RunCMS -- RunCMS | Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php. |
| 4.3 | CVE-2007-6545 BUGTRAQ MILW0RM OTHER-REF OTHER-REF BID | ||
| RunCMS -- RunCMS | RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. |
| 6.4 | CVE-2007-6546 BUGTRAQ MILW0RM OTHER-REF BID | ||
| RunCMS -- RunCMS | RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. |
| 6.8 | CVE-2007-6547 BUGTRAQ MILW0RM OTHER-REF BID | ||
| Social Engine -- Social Engine | Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/. |
| 6.4 | CVE-2007-6581 MILW0RM OTHER-REF BID | ||
| Sun -- Java Web Proxy Server Sun -- Java System Web Server | Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. |
| 4.3 | CVE-2007-6569 OTHER-REF SUNALERT BID SECUNIA | ||
| Sun -- Java Web Proxy Server Sun -- Java System Web Server | Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. |
| 4.3 | CVE-2007-6570 OTHER-REF OTHER-REF SUNALERT BID SECUNIA | ||
| Sun -- Java Web Proxy Server Sun -- Java System Web Server | Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. |
| 4.3 | CVE-2007-6571 SUNALERT BID | ||
| Sun -- Java Web Proxy Server Sun -- Java System Web Server | Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. |
| 4.3 | CVE-2007-6572 SUNALERT BID | ||
| TCPreen -- TCPreen | Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp. |
| 5.0 | CVE-2007-6562 OTHER-REF BID FRSIRT SECUNIA | ||
| TikiWiki -- Tikiwiki | Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. |
| 4.3 | CVE-2007-6526 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
| TikiWiki -- Tikiwiki | Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter. |
| 5.0 | CVE-2007-6528 BUGTRAQ OTHER-REF BID SECUNIA | ||
| TotalPlayer -- TotalPlayer | TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file. |
| 4.3 | CVE-2007-6558 BUGTRAQ | ||
| WinUAE -- WinUAE | Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image. |
| 6.8 | CVE-2007-6537 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| XZero Scripts -- XZero Community Classifieds | Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action. |
| 6.4 | CVE-2007-6567 MILW0RM OTHER-REF BID | ||
| Yahoo -- Yahoo Toolbar | Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. |
| 6.8 | CVE-2007-6535 FULLDISC BID XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.