Vulnerability Summary for the Week of January 29, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
212cafe -- 212cafeboard | Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| 7.0 | CVE-2007-0549 BUGTRAQ XF | ||
212cafe -- 212cafeBoard | Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter. |
| 7.0 | CVE-2007-0550 BUGTRAQ XF | ||
ACGVclick -- ACGVclick | PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 7.0 | CVE-2007-0577 OTHER-REF BID FRSIRT SECUNIA | ||
Alientrap -- Nexuiz | Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command. |
| 7.0 | CVE-2007-0657 OTHER-REF FRSIRT SECUNIA | ||
Apple -- Mac OS X Apple -- Apple Installer | Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename. |
| 8.0 | CVE-2007-0465 OTHER-REF BID | ||
Apple -- Mac OS X Apple -- Quicktime | The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. |
| 10.0 | CVE-2007-0588 OTHER-REF BID | ||
ASP EDGE -- ASP EDGE | SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| 7.0 | CVE-2007-0560 OTHER-REF | ||
ASP EDGE -- ASP EDGE | SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560. |
| 7.0 | CVE-2007-0632 FRSIRT | ||
ASP NEWS -- ASP NEWS | SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0566 OTHER-REF | ||
Aztek Forum -- Aztek Forum | SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. |
| 7.0 | CVE-2007-0598 BUGTRAQ BUGTRAQ OTHER-REF | ||
Aztek Forum -- Aztek Forum | Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays. |
| 7.0 | CVE-2007-0599 BUGTRAQ BUGTRAQ OTHER-REF | ||
Aztek Forum -- Aztek Forum | common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays. |
| 7.0 | CVE-2007-0601 BUGTRAQ BUGTRAQ OTHER-REF | ||
CGI-RESCUE -- Shopping Basket Professional | CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via in unspecified vectors. |
| 7.0 | CVE-2007-0565 OTHER-REF SECUNIA | ||
ChernobiLe -- ChernobiLe | SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. |
| 7.0 | CVE-2007-0582 Milw0rm BID | ||
chmlib -- chmlib | chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption. |
| 10.0 | CVE-2007-0619 IDEFENSE OTHER-REF SECTRACK SECUNIA | ||
CMSimple -- CMSimple | Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters. |
| 7.0 | CVE-2007-0551 BUGTRAQ XF | ||
CMSimple -- CMSimple | Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0610 SECUNIA | ||
Docebo -- Docebo | Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577. |
| 7.0 | CVE-2006-6963 BUGTRAQ OTHER-REF OSVDB OSVDB XF | ||
DotNetNuke -- DotNetNuke IFrame | Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values." |
| 7.0 | CVE-2007-0660 OTHER-REF FRSIRT | ||
Drunken:Golem -- Gaming Portal | PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0572 OTHER-REF FRSIRT | ||
Eclectic Designs -- CascadianFAQ | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-0631 Milw0rm BID | ||
Eclectic Designs -- CascadianFAQ | SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0663 FRSIRT | ||
EclipseBB -- EclipseBB | PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0581 OTHER-REF BID | ||
EncapsCMS -- EncapsCMS | Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php. |
| 7.0 | CVE-2007-0635 BUGTRAQ BID XF | ||
Forum Livre -- Forum Livre | SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp. |
| 7.0 | CVE-2007-0589 OTHER-REF | ||
Forum Livre -- Forum Livre | Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter. |
| 7.0 | CVE-2007-0590 OTHER-REF | ||
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net Portal | Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php. |
| 7.0 | CVE-2007-0611 OTHER-REF FRSIRT | ||
g-neric -- PHP Generic Library and Framework | PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. |
| 7.0 | CVE-2007-0584 OTHER-REF BID FRSIRT | ||
Galeria Zdjec -- Galeria Zdjec | Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php. |
| 7.0 | CVE-2007-0637 OTHER-REF BID XF | ||
Guo Xu Guos Posting System -- Guo Xu Guos Posting System | SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0554 BUGTRAQ | ||
GuppY -- GuppY | Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0]. |
| 7.0 | CVE-2007-0639 OTHER-REF OTHER-REF SECTRACK SECUNIA XF | ||
hailBoards -- hailBoards | PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0662 OTHER-REF BID | ||
IBM -- AIX | Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." |
| 7.0 | CVE-2007-0618 AIXAPAR OTHER-REF BID FRSIRT SECUNIA | ||
Inter7 -- vHostAdmin | PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter. |
| 7.0 | CVE-2007-0558 OTHER-REF FRSIRT | ||
Interactive-Scripts.Com -- PHP Membership Manager | Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter. |
| 7.0 | CVE-2007-0567 BUGTRAQ BID | ||
Johannes Gijsbers -- Ad Fundum Integratable News Script | PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter. |
| 7.0 | CVE-2007-0570 OTHER-REF BID FRSIRT XF | ||
Joomla! -- RS Gallery2 | PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. |
| 7.0 | CVE-2006-6962 OTHER-REF BID FRSIRT XF | ||
Makit -- Newsposter Script Martyn Kilbryde -- Newsposter Script | SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. |
| 7.0 | CVE-2007-0600 BUGTRAQ OTHER-REF BID XF | ||
MAXdev -- MDPro | SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter. |
| 7.0 | CVE-2007-0623 BUGTRAQ BID SECUNIA | ||
Microsoft -- Word | Unspecified vulnerability in Microsoft Word 2003 has unknown impact and user-assisted attack vectors, as detected as Trojan.Mdropper.X in targeted zero-day attacks, but possibly different from CVE-2007-0515, CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. NOTE: this identifier has been assigned for tracking purposes. Due to lack of details, it cannot be conclusively determined whether it is different from the other CVEs. |
| 8.0 | CVE-2007-0621 OTHER-REF OTHER-REF BID | ||
MODxCMS -- FileDownload | download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials. |
| 7.0 | CVE-2007-0659 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
MyBB -- MyBB MyBulletinBoard -- MyBulletinBoard | Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 8.0 | CVE-2007-0622 SECUNIA | ||
MyPHPCommander -- MyPHPCommander | PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter. |
| 7.0 | CVE-2007-0568 OTHER-REF BID FRSIRT SECUNIA | ||
nsGalPHP -- nsGalPHP | PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter. |
| 7.0 | CVE-2007-0573 OTHER-REF MLIST BID FRSIRT SECUNIA | ||
Oh no! Not another CMS -- Oh no! Not another CMS | Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter. |
| 7.0 | CVE-2007-0552 OTHER-REF OTHER-REF FRSIRT | ||
phpBB2-MODificat -- phpBB2-MODificat | PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0656 OTHER-REF BID FRSIRT | ||
phpMyReports -- phpMyReports | PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter. |
| 7.0 | CVE-2007-0571 OTHER-REF FRSIRT | ||
PHProxy -- PHProxy | Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0553 OTHER-REF FRSIRT | ||
RBL -- tForum | SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp. |
| 7.0 | CVE-2007-0642 BUGTRAQ BUGTRAQ OTHER-REF VIM XF | ||
Red Hat -- Red Hat Enterprise Linux AS Red Hat -- Red Hat Enterprise Linux ES Red Hat -- Red Hat Enterprise Linux WS Linux -- Linux kernel Red Hat -- Red Hat Desktop | Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors. |
| 7.0 | CVE-2006-5753 REDHAT | ||
rMake -- rMake | rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. |
| 7.0 | CVE-2007-0557 OTHER-REF | ||
RP World -- RP World | PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter. |
| 7.0 | CVE-2007-0559 OTHER-REF FRSIRT | ||
Shaffer Solutions Corp -- dapcnfsd.dll | Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444. |
| 7.0 | CVE-2007-0641 OTHER-REF BID | ||
Six Apart Ltd -- Movable Type | Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231. |
| 7.0 | CVE-2007-0604 OTHER-REF | ||
SpoonLabs -- Vivvo Article Management CMS | SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0574 BID | ||
Stefan Holmberg -- AdMentor | Multiple SQL injection vulnerabilities in the administrative login page in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields. |
| 7.0 | CVE-2007-0575 BUGTRAQ OTHER-REF BID | ||
Sun -- Java System Access Manager | Cross-site scripting (XSS) vulnerability in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2007-0628 SUNALERT BID FRSIRT SECUNIA | ||
T-Systems Solutions for Research GmbH -- MyNews | PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter. |
| 7.0 | CVE-2007-0633 OTHER-REF BID | ||
Telestream -- Flip4Mac Windows Media Components for Quicktime | Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption. |
| 10.0 | CVE-2007-0466 OTHER-REF BID FRSIRT SECUNIA | ||
Vu Le An -- Virtual Path | PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0591 OTHER-REF | ||
Webfwlog -- Webfwlog | include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. |
| 8.0 | CVE-2007-0585 OTHER-REF FRSIRT | ||
X-dev -- xNews | SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action. |
| 7.0 | CVE-2007-0569 OTHER-REF BID SECUNIA | ||
X-dev -- xNews | Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0630 FRSIRT | ||
Xero Portal -- Xero Portal | Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/. |
| 7.0 | CVE-2007-0561 OTHER-REF | ||
Xt-Stats -- Xt-Stats | PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter. |
| 7.0 | CVE-2007-0576 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
ZABBIX -- ZABBIX | Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." |
| 7.0 | CVE-2007-0640 OTHER-REF BID FRSIRT |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Andreas Gohr -- DokuWiki | CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks. |
| 5.6 | CVE-2006-6965 OTHER-REF SECUNIA | ||
Apple -- Mac OS X | crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/. |
| 4.2 | CVE-2007-0467 OTHER-REF | ||
Apple -- iPhoto | Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. |
| 5.6 | CVE-2007-0645 OTHER-REF | ||
Drupal -- Drupal | The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, allows remote attackers, with "post comments" privileges and access to multiple input filters, to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines." |
| 6.0 | CVE-2007-0626 OTHER-REF FRSIRT SECUNIA | ||
Earthlink -- Total Access | The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. |
| 5.6 | CVE-2007-0617 FULLDISC BID XF | ||
Horde -- Groupware Horde -- Groupware Webmail Edition | Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information. |
| 5.6 | CVE-2007-0579 MLIST MLIST BID FRSIRT XF | ||
IndexCOR -- EzDatabase | Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. |
| 5.6 | CVE-2007-0592 BUGTRAQ BID XF | ||
Intel -- Server Boards Intel -- Enterprise Southbridge BMC Intel -- Enterprise Southbridge 2 BMC | Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. |
| 5.6 | CVE-2007-0661 OTHER-REF FRSIRT SECUNIA | ||
Javier Suarez Sanz -- Foro Domus | PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter. |
| 5.6 | CVE-2007-0580 OTHER-REF BID SECUNIA | ||
KDE -- Konqueror | Konqueror 3.5.5 does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478. |
| 5.6 | CVE-2007-0537 BUGTRAQ | ||
Linux -- Linux kernel | The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable. |
| 6.7 | CVE-2006-6535 OTHER-REF | ||
makeindex -- makeindex | Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. |
| 5.6 | CVE-2007-0650 OTHER-REF | ||
MyBB -- MyBB | Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949. |
| 4.2 | CVE-2007-0544 BUGTRAQ | ||
PGP Corporation -- PGP Corporate Desktop | PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. |
| 4.8 | CVE-2007-0603 BUGTRAQ OTHER-REF SECUNIA | ||
Plain Black -- WebGUI | The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information. |
| 4.7 | CVE-2007-0629 OTHER-REF OTHER-REF BID SECUNIA | ||
Symantec -- Symantec Web Security | Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. |
| 4.2 | CVE-2007-0563 OTHER-REF FRSIRT SECUNIA | ||
Trend Micro -- VirusWall | Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533. |
| 5.6 | CVE-2007-0602 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
Webroot Software -- Spy Sweeper | WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys. |
| 4.9 | CVE-2006-6959 BUGTRAQ OTHER-REF OSVDB XF | ||
Webroot Software -- Spy Sweeper | The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression. |
| 5.6 | CVE-2006-6960 BUGTRAQ OTHER-REF OSVDB XF | ||
Webroot Software -- Spy Sweeper | WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name. |
| 5.6 | CVE-2006-6961 BUGTRAQ OTHER-REF OSVDB XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Acme Labs -- thttpd | thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files. |
| 2.3 | CVE-2007-0664 OTHER-REF GENTOO BID SECUNIA | ||
Apple -- Software Update | Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. |
| 2.3 | CVE-2007-0463 OTHER-REF FRSIRT | ||
Apple -- iChat Apple -- mDNSResponder Apple -- InstantMessage framework | The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. |
| 2.3 | CVE-2007-0613 OTHER-REF BID | ||
Apple -- iChat Apple -- Mac OS X Apple -- InstantMessage framework | The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key. |
| 3.3 | CVE-2007-0614 OTHER-REF BID | ||
Apple -- Safari | Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. |
| 2.7 | CVE-2007-0644 OTHER-REF | ||
Apple -- Help Viewer | Format string vulnerability in 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. |
| 2.7 | CVE-2007-0646 OTHER-REF | ||
Apple -- Help Viewer | Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. |
| 2.7 | CVE-2007-0647 OTHER-REF | ||
Aztek Forum -- Aztek Forum | PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. |
| 3.4 | CVE-2007-0596 BUGTRAQ BUGTRAQ OTHER-REF | ||
Aztek Forum -- Aztek Forum | Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. |
| 2.3 | CVE-2007-0597 BUGTRAQ BUGTRAQ OTHER-REF | ||
Bloodshed Software -- Dev-C++ | Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. |
| 1.9 | CVE-2007-0643 OTHER-REF BID | ||
CFNetwork -- CFNetwork | The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. |
| 2.3 | CVE-2007-0464 OTHER-REF | ||
CGI-RESCUE -- WebFORM | Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2007-0547 OTHER-REF SECUNIA | ||
Cisco -- IOS | Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. |
| 3.3 | CVE-2007-0648 OTHER-REF CISCO CERT-VN BID FRSIRT SECUNIA XF | ||
CVSTrac -- CVSTrac | The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries. |
| 1.9 | CVE-2007-0347 BUGTRAQ FULLDISC OTHER-REF OTHER-REF OPENPKG FRSIRT | ||
Designmind -- High5 Review Script | Cross-site scripting (XSS) vulnerability in high5 Review script allows remote attackers to inject arbitrary web script or HTML via the search box. |
| 1.9 | CVE-2007-0595 BUGTRAQ | ||
Drupal -- Textimage Drupal -- Drupal | The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION. |
| 2.3 | CVE-2007-0658 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA SECUNIA | ||
GD Graphics Library -- gdlib | Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. |
| 3.3 | CVE-2007-0455 OTHER-REF FRSIRT SECUNIA | ||
Hitachi -- JP1/HIBUN Advanced Edition Server Hitachi -- HIBUN Advanced Edition Server | Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data. |
| 3.3 | CVE-2007-0615 OTHER-REF BID FRSIRT SECUNIA XF | ||
HTTP Commander -- HTTP Commander | Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0583 SECUNIA | ||
Inotify -- Incron | Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files." |
| 1.6 | CVE-2007-0636 OTHER-REF BID FRSIRT | ||
KarjaSoft -- Sami HTTP Server | KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects. |
| 2.3 | CVE-2007-0548 OTHER-REF SECUNIA XF | ||
Linux -- Linux kernel | The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. |
| 1.9 | CVE-2006-5754 MANDRIVA | ||
MailEnable -- MailEnable Professional | MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source. |
| 1.4 | CVE-2006-6964 OTHER-REF SECTRACK | ||
MAXdev -- MDPro | user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation. |
| 3.3 | CVE-2007-0624 BUGTRAQ | ||
Maxtricity -- Tagger | Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb. |
| 3.3 | CVE-2007-0545 BUGTRAQ | ||
Michael Still -- gtalkbot | Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process. |
| 2.3 | CVE-2007-0627 OTHER-REF OTHER-REF FRSIRT | ||
Microsoft -- Windows Explorer | Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file. |
| 1.9 | CVE-2007-0562 OTHER-REF | ||
Microsoft -- Internet Explorer | Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference. |
| 3.3 | CVE-2007-0612 BUGTRAQ FULLDISC OTHER-REF BID XF | ||
mpg123 -- mpg123 | The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early. |
| 1.9 | CVE-2007-0578 OTHER-REF OTHER-REF BID FRSIRT | ||
NoMachine -- NX Server | nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service. |
| 2.3 | CVE-2007-0625 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
OpenEMR -- OpenEMR | Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. |
| 3.4 | CVE-2007-0649 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ VIM VIM | ||
Siteman -- Siteman | Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. |
| 2.3 | CVE-2007-0593 BUGTRAQ | ||
Siteman -- Siteman | Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. |
| 2.3 | CVE-2007-0594 BUGTRAQ | ||
Sun -- Solaris | Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets. |
| 2.3 | CVE-2007-0634 SUNALERT CERT-VN BID FRSIRT SECTRACK SECUNIA | ||
Symantec -- Symantec Web Security | The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. |
| 1.4 | CVE-2007-0564 OTHER-REF FRSIRT SECUNIA | ||
Telligent Systems -- Community Server Forums | Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data. |
| 2.3 | CVE-2007-0538 BUGTRAQ BUGTRAQ | ||
Toxiclab -- Shoutbox | Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb. |
| 3.3 | CVE-2007-0546 BUGTRAQ | ||
Vlad Alexa Mancini -- PHPFootball | show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter. |
| 2.3 | CVE-2007-0638 OTHER-REF BID XF | ||
Vlad Leont -- FD Script | download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php. |
| 3.3 | CVE-2007-0620 BUGTRAQ BID FRSIRT SECUNIA | ||
Wireshark -- Wireshark | Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| 1.9 | CVE-2007-0456 OTHER-REF BID FRSIRT SECUNIA | ||
Wireshark -- Wireshark | Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| 1.9 | CVE-2007-0457 OTHER-REF BID FRSIRT SECUNIA | ||
Wireshark -- Wireshark | Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468. |
| 1.9 | CVE-2007-0458 OTHER-REF BID FRSIRT SECUNIA | ||
Wireshark -- Wireshark | packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets. |
| 1.9 | CVE-2007-0459 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
Zenphoto -- zenphoto | Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php. |
| 3.3 | CVE-2007-0616 OTHER-REF OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.