Vulnerability Summary for the Week of August 27, 2007
Released
Sep 04, 2007
Document ID
SB07-246
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 2532Gigs -- 2532Gigs | Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. |
| 8.5 | CVE-2007-4585 MILW0RM BID FRSIRT SECUNIA | ||
| ACTi -- Network Video Recorder | Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method. |
| 7.5 | CVE-2007-4582 MILW0RM | ||
| ACTi -- Network Video Recorder | Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method. |
| 7.8 | CVE-2007-4583 MILW0RM MILW0RM | ||
| Agares Media -- Arcadem | PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter. |
| 7.5 | CVE-2007-4551 OTHER-REF OTHER-REF BID SECUNIA | ||
| Agares Media -- Arcadem | SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not. |
| 7.5 | CVE-2007-4552 OTHER-REF OTHER-REF BID SECUNIA | ||
| Algera -- ABC eStore | SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| 7.5 | CVE-2007-4627 MILW0RM BID XF | ||
| Alpha Centauri Software -- SIDVault LDAP Server | Multiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind. |
| 9.3 | CVE-2007-4566 FULLDISC FRSIRT SECUNIA | ||
| AlterCoder -- ACG News | Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action. |
| 7.5 | CVE-2007-4603 MILW0RM OTHER-REF BID XF | ||
| Apache Software Foundation -- Geronimo | The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module. |
| 10.0 | CVE-2007-4548 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| BEA Systems -- WebLogic Server | BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426. |
| 7.5 | CVE-2007-4614 BEA BID | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors. |
| 7.8 | CVE-2007-4617 BEA FRSIRT SECUNIA | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers. |
| 7.8 | CVE-2007-4618 BEA BID FRSIRT SECUNIA | ||
| BitchX -- BitchX | Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable. |
| 10.0 | CVE-2007-4584 MILW0RM SECUNIA | ||
| Clam Anti-Virus -- ClamAV | clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." |
| 10.0 | CVE-2007-4560 BUGTRAQ OTHER-REF BID | ||
| Dale Mooney -- Calendar Events | SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-4611 BUGTRAQ BID XF | ||
| DinkumSoft.com -- DL PayCart | SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. |
| 7.5 | CVE-2007-4604 MILW0RM | ||
| InterWorx -- InterWorx-CP | Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php. |
| 7.5 | CVE-2007-4588 BUGTRAQ BID | ||
| InterWorx -- InterWorx-CP | Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php. |
| 7.5 | CVE-2007-4589 BUGTRAQ BID | ||
| Microsoft -- MSN Messenger Service Microsoft -- Windows Live Messenger | Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions. |
| 9.3 | CVE-2007-4579 OTHER-REF FRSIRT SECUNIA | ||
| Motorola -- Timbuktu | Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services. |
| 7.8 | CVE-2007-4220 IDEFENSE OTHER-REF BID SECUNIA | ||
| Motorola -- Timbuktu | Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name. |
| 9.3 | CVE-2007-4221 IDEFENSE OTHER-REF BID SECUNIA | ||
| Olate -- OlateDownload | Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. |
| 7.5 | CVE-2007-4540 BUGTRAQ OTHER-REF BID XF | ||
| Oracle -- JInitiator | Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier allow remote attackers to execute arbitrary code via unspecified "initialization parameters." |
| 9.3 | CVE-2007-4467 CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
| PHP -- PHP | Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions. |
| 7.5 | CVE-2007-4586 MILW0RM XF | ||
| PHP -- PHP | The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. |
| 7.5 | CVE-2007-4596 MILW0RM | ||
| phpns -- phpns | SQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-4628 MILW0RM OTHER-REF BID XF | ||
| PHPNuke-Clan -- PHPNuke-Clan | PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself. |
| 7.5 | CVE-2007-4606 MILW0RM | ||
| Quicksoft -- EasyMail Objects Gate Comm Software -- Postcast Server Pro | Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. |
| 7.5 | CVE-2007-4607 MILW0RM BID | ||
| RealNetworks -- Helix DNA Server | Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. |
| 7.5 | CVE-2007-4561 FULLDISC OTHER-REF BID SECTRACK | ||
| Sophos -- Anti-Virus Sophos -- Scanning Engine Sophos -- Small Business Suite | Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable. |
| 7.1 | CVE-2007-4578 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Trustware -- BufferZone | Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by sending a small buffer size value to the FsSetVolumeInformation IOCTL handler code with a FsSetDirectoryInformation subcode containing a large buffer. |
| 7.2 | CVE-2007-4580 BUGTRAQ SECUNIA XF | ||
| Turnkey Web Tools -- SunShop Shopping Cart | SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549. |
| 7.5 | CVE-2007-4597 MILW0RM | ||
| University of Minnesota -- Mapserver | Buffer overflow in the processLine funtion in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| 7.5 | CVE-2007-4629 OTHER-REF OTHER-REF FRSIRT | ||
| VWar -- Virtual War | PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. |
| 7.5 | CVE-2007-4605 MILW0RM | ||
| WBB2-Addon -- Acrotxt | SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter. |
| 7.5 | CVE-2007-4581 MILW0RM | ||
| Winterburns.co.uk -- ePersonnel | PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter. |
| 7.5 | CVE-2007-4608 BUGTRAQ XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AbleDesign -- Dynamic Picture Frame | Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information. |
| 4.3 | CVE-2007-4624 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| ALTools -- ALPass | Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value. |
| 6.8 | CVE-2007-4549 OTHER-REF BID XF | ||
| ALTools -- ALPass | Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. |
| 5.1 | CVE-2007-4550 OTHER-REF BID | ||
| Asterisk -- Asterisk | Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. |
| 5.0 | CVE-2007-4521 BUGTRAQ OTHER-REF DEBIAN BID SECTRACK SECUNIA SECUNIA | ||
| BEA Systems -- WebLogic Server | SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461. |
| 6.8 | CVE-2007-4613 BEA BID | ||
| BEA Systems -- WebLogic Server | The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications. |
| 6.4 | CVE-2007-4615 BEA FRSIRT SECTRACK SECUNIA | ||
| BEA Systems -- WebLogic Server BEA Systems -- WebLogic Express | The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications. |
| 6.4 | CVE-2007-4616 BEA FRSIRT SECTRACK SECUNIA | ||
| Dale Mooney -- Moon Gallery | Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php. |
| 6.8 | CVE-2007-4610 BUGTRAQ BID SECUNIA XF | ||
| Dale Mooney -- Contact Form | CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers. |
| 4.3 | CVE-2007-4612 BUGTRAQ BID XF | ||
| Entrust -- Entelligence Security Provider | Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.4 | CVE-2007-4594 BID SECUNIA | ||
| Eric Raymond -- Fetchmail | fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| 5.0 | CVE-2007-4565 OTHER-REF | ||
| eyeOS Project -- eyeOS | eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values. |
| 6.4 | CVE-2007-4609 BUGTRAQ | ||
| GNU -- tar | Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. |
| 6.8 | CVE-2007-4131 OTHER-REF REDHAT BID | ||
| guliverkli -- Media Player Classic | Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. |
| 6.8 | CVE-2006-7222 OTHER-REF BID SECUNIA XF | ||
| Hitachi -- Cosminexus DABroker Hitachi -- DABroker | Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port." |
| 4.3 | CVE-2007-4562 OTHER-REF BID SECUNIA XF | ||
| Hitachi -- Cosminexus Application Server Enterprise Hitachi -- uCosminexus Application Server Standard Hitachi -- uCosminexus Application Server Enterprise Hitachi -- Electronic Form Workflow - Standard Set Hitachi -- Electronic Form Workflow -Professional Library Set Hitachi -- Cosminexus Application Server Standard Hitachi -- uCosminexus Service Platform | Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges. |
| 4.4 | CVE-2007-4563 OTHER-REF BID SECUNIA XF | ||
| Hitachi -- Cosminexus Application Server Enterprise Hitachi -- uCosminexus Application Server Standard Hitachi -- uCosminexus Application Server Enterprise Hitachi -- Electronic Form Workflow - Standard Set Hitachi -- Electronic Form Workflow -Professional Library Set Hitachi -- Cosminexus Application Server Standard Hitachi -- uCosminexus Service Platform | Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges. |
| 4.6 | CVE-2007-4564 OTHER-REF BID SECUNIA XF | ||
| IBM -- SurePOS 500 series | IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. |
| 4.6 | CVE-2007-4598 OTHER-REF OTHER-REF OTHER-REF | ||
| Implied by Design -- Micro CMS | SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 6.8 | CVE-2007-4602 MILW0RM SECUNIA | ||
| Ipswitch -- WS_FTP | Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account. |
| 4.3 | CVE-2007-4555 FULLDISC SECUNIA XF | ||
| Mozilla -- Bugzilla | email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters. |
| 5.0 | CVE-2007-4538 OTHER-REF OTHER-REF BID SECUNIA | ||
| Mozilla -- Bugzilla | The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields. |
| 5.0 | CVE-2007-4539 OTHER-REF OTHER-REF BID SECUNIA | ||
| Mozilla -- Bugzilla | Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." |
| 4.3 | CVE-2007-4543 OTHER-REF OTHER-REF BID SECUNIA | ||
| Novell -- GroupWise WebAccess | Cross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2. |
| 4.3 | CVE-2007-4557 OTHER-REF | ||
| Olate -- OlateDownload | Multiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php. |
| 4.3 | CVE-2007-4541 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF XF | ||
| OpenSymphony -- XWork | Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character. |
| 6.8 | CVE-2007-4556 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| Polipo -- Polipo | Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request. |
| 4.3 | CVE-2007-4625 OTHER-REF FRSIRT SECUNIA XF | ||
| Polipo -- Polipo | Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. |
| 5.0 | CVE-2007-4626 OTHER-REF SECUNIA | ||
| Python Software Foundation -- Python | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
| 6.8 | CVE-2007-4559 MLIST MLIST | ||
| Red Hat -- Network Satelite Server | Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler." |
| 6.5 | CVE-2007-4132 REDHAT BID | ||
| Red Hat -- Fedora | Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. |
| 6.8 | CVE-2007-4134 FEDORA OTHER-REF OTHER-REF | ||
| Skulltag Team -- Skulltag | Heap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet. |
| 6.8 | CVE-2007-4537 OTHER-REF BID SECUNIA | ||
| Sophos -- Anti-Virus Sophos -- Scanning Engine Sophos -- Small Business Suite | Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb"). |
| 5.0 | CVE-2007-4577 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| star -- star | Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. |
| 5.0 | CVE-2007-4558 OTHER-REF OTHER-REF | ||
| Subversion -- Subversion TortoiseSVN -- TortoiseSVN | Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository. |
| 6.0 | CVE-2007-3846 MLIST OTHER-REF OTHER-REF SECUNIA SECUNIA | ||
| The Seasar Foundation -- escafeWeb | Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties. |
| 4.3 | CVE-2007-4587 OTHER-REF OTHER-REF BID SECUNIA XF | ||
| The Seasar Foundation -- Mayaa | Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data. |
| 4.3 | CVE-2007-4595 OTHER-REF OTHER-REF SECUNIA XF | ||
| Thomson -- ST 2030 SIP phone | The Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number. |
| 5.0 | CVE-2007-4553 FULLDISC XF | ||
| TikiWiki Project -- TikiWiki | Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7. |
| 4.3 | CVE-2007-4554 BUGTRAQ BID | ||
| Ubuntu -- Ubuntu Linux | A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 does not properly handle connections to services that use libwrap but do not specify server connection information, which might allow remote attackers to bypass intended access restrictions. |
| 5.0 | CVE-2007-4601 OTHER-REF OTHER-REF UBUNTU | ||
| University of Minnesota -- Mapserver | Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program. |
| 4.3 | CVE-2007-4542 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
| Vavoom -- Vavoom | Format string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function. |
| 6.8 | CVE-2007-4533 OTHER-REF SECUNIA | ||
| VMWare -- VMWare Workstation | vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode. |
| 6.9 | CVE-2007-4591 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| VMWare -- VMWare Workstation | Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 6.9 | CVE-2007-4593 SECUNIA | ||
| WordPress -- WordPress MU | Cross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field). |
| 4.3 | CVE-2007-4544 OTHER-REF | ||
| X-Diesel -- Unreal Commander | Multiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive. |
| 6.8 | CVE-2007-4545 BUGTRAQ BID | ||
| X-Diesel -- Unreal Commander | Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation. |
| 5.8 | CVE-2007-4546 BUGTRAQ BID | ||
| X-Diesel -- Unreal Commander | Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users. |
| 4.3 | CVE-2007-4547 BUGTRAQ BID | ||
| XIGLA -- Absolute Poll Manager XE | Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 4.3 | CVE-2007-4630 BUGTRAQ |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| HP -- Ignite-UX HP -- DynRootDisk HP -- HP-UX | The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors. |
| 3.3 | CVE-2007-4590 HP FRSIRT SECTRACK SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.