Vulnerability Summary for the Week of January 29, 2007

Released
Feb 05, 2007
Document ID
SB07-036

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
212cafe -- 212cafeboardCross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-01-29
7.0CVE-2007-0549
BUGTRAQ
XF
212cafe -- 212cafeBoardCross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.
unknown
2007-01-29
7.0CVE-2007-0550
BUGTRAQ
XF
ACGVclick -- ACGVclickPHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-01-30
7.0CVE-2007-0577
OTHER-REF
BID
FRSIRT
SECUNIA
Alientrap -- NexuizUnspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.
unknown
2007-02-01
7.0CVE-2007-0657
OTHER-REF
FRSIRT
SECUNIA
Apple -- Mac OS X
Apple -- Apple Installer
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
unknown
2007-01-30
8.0CVE-2007-0465
OTHER-REF
BID
Apple -- Mac OS X
Apple -- Quicktime
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
unknown
2007-01-30
10.0CVE-2007-0588
OTHER-REF
BID
ASP EDGE -- ASP EDGESQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2007-01-30
7.0CVE-2007-0560
OTHER-REF
ASP EDGE -- ASP EDGESQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.
unknown
2007-01-31
7.0CVE-2007-0632
FRSIRT
ASP NEWS -- ASP NEWSSQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-30
7.0CVE-2007-0566
OTHER-REF
Aztek Forum -- Aztek ForumSQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.
unknown
2007-01-30
7.0CVE-2007-0598
BUGTRAQ
BUGTRAQ
OTHER-REF
Aztek Forum -- Aztek ForumVariable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.
unknown
2007-01-30
7.0CVE-2007-0599
BUGTRAQ
BUGTRAQ
OTHER-REF
Aztek Forum -- Aztek Forumcommon/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.
unknown
2007-01-30
7.0CVE-2007-0601
BUGTRAQ
BUGTRAQ
OTHER-REF
CGI-RESCUE -- Shopping Basket ProfessionalCGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via in unspecified vectors.
unknown
2007-01-30
7.0CVE-2007-0565
OTHER-REF
SECUNIA
ChernobiLe -- ChernobiLeSQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.
unknown
2007-01-30
7.0CVE-2007-0582
Milw0rm
BID
chmlib -- chmlibchmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
unknown
2007-01-31
10.0CVE-2007-0619
IDEFENSE
OTHER-REF
SECTRACK
SECUNIA
CMSimple -- CMSimpleMultiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.
unknown
2007-01-29
7.0CVE-2007-0551
BUGTRAQ
XF
CMSimple -- CMSimpleCross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-30
7.0CVE-2007-0610
SECUNIA
Docebo -- DoceboMultiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php. NOTE: this issue may overlap CVE-2006-2577.
unknown
2007-01-29
7.0CVE-2006-6963
BUGTRAQ
OTHER-REF
OSVDB
OSVDB
XF
DotNetNuke -- DotNetNuke IFrameCross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."
unknown
2007-02-01
7.0CVE-2007-0660
OTHER-REF
FRSIRT
Drunken:Golem -- Gaming PortalPHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-01-30
7.0CVE-2007-0572
OTHER-REF
FRSIRT
Eclectic Designs -- CascadianFAQSQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2007-01-31
7.0CVE-2007-0631
Milw0rm
BID
Eclectic Designs -- CascadianFAQSQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-01
7.0CVE-2007-0663
FRSIRT
EclipseBB -- EclipseBBPHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-01-30
7.0CVE-2007-0581
OTHER-REF
BID
EncapsCMS -- EncapsCMSMultiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.
unknown
2007-01-31
7.0CVE-2007-0635
BUGTRAQ
BID
XF
Forum Livre -- Forum LivreSQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.
unknown
2007-01-30
7.0CVE-2007-0589
OTHER-REF
Forum Livre -- Forum LivreCross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.
unknown
2007-01-30
7.0CVE-2007-0590
OTHER-REF
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net PortalMultiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.
unknown
2007-01-30
7.0CVE-2007-0611
OTHER-REF
FRSIRT
g-neric -- PHP Generic Library and FrameworkPHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2007-01-30
7.0CVE-2007-0584
OTHER-REF
BID
FRSIRT
Galeria Zdjec -- Galeria ZdjecDirectory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
unknown
2007-01-31
7.0CVE-2007-0637
OTHER-REF
BID
XF
Guo Xu Guos Posting System -- Guo Xu Guos Posting SystemSQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-29
7.0CVE-2007-0554
BUGTRAQ
GuppY -- GuppYMultiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].
unknown
2007-01-31
7.0CVE-2007-0639
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
XF
hailBoards -- hailBoardsPHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-01
7.0CVE-2007-0662
OTHER-REF
BID
IBM -- AIXUnspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
unknown
2007-01-31
7.0CVE-2007-0618
AIXAPAR
OTHER-REF
BID
FRSIRT
SECUNIA
Inter7 -- vHostAdminPHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.
unknown
2007-01-30
7.0CVE-2007-0558
OTHER-REF
FRSIRT
Interactive-Scripts.Com -- PHP Membership ManagerCross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.
unknown
2007-01-30
7.0CVE-2007-0567
BUGTRAQ
BID
Johannes Gijsbers -- Ad Fundum Integratable News ScriptPHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.
unknown
2007-01-30
7.0CVE-2007-0570
OTHER-REF
BID
FRSIRT
XF
Joomla! -- RS Gallery2PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.
unknown
2007-01-29
7.0CVE-2006-6962
OTHER-REF
BID
FRSIRT
XF
Makit -- Newsposter Script
Martyn Kilbryde -- Newsposter Script
SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.
unknown
2007-01-30
7.0CVE-2007-0600
BUGTRAQ
OTHER-REF
BID
XF
MAXdev -- MDProSQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.
unknown
2007-01-31
7.0CVE-2007-0623
BUGTRAQ
BID
SECUNIA
Microsoft -- WordUnspecified vulnerability in Microsoft Word 2003 has unknown impact and user-assisted attack vectors, as detected as Trojan.Mdropper.X in targeted zero-day attacks, but possibly different from CVE-2007-0515, CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. NOTE: this identifier has been assigned for tracking purposes. Due to lack of details, it cannot be conclusively determined whether it is different from the other CVEs.
unknown
2007-01-31
8.0CVE-2007-0621
OTHER-REF
OTHER-REF
BID
MODxCMS -- FileDownloaddownload.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.
unknown
2007-02-01
7.0CVE-2007-0659
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
MyBB -- MyBB
MyBulletinBoard -- MyBulletinBoard
Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-31
8.0CVE-2007-0622
SECUNIA
MyPHPCommander -- MyPHPCommanderPHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.
unknown
2007-01-30
7.0CVE-2007-0568
OTHER-REF
BID
FRSIRT
SECUNIA
nsGalPHP -- nsGalPHPPHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.
unknown
2007-01-30
7.0CVE-2007-0573
OTHER-REF
MLIST
BID
FRSIRT
SECUNIA
Oh no! Not another CMS -- Oh no! Not another CMSCross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.
unknown
2007-01-29
7.0CVE-2007-0552
OTHER-REF
OTHER-REF
FRSIRT
phpBB2-MODificat -- phpBB2-MODificatPHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-01
7.0CVE-2007-0656
OTHER-REF
BID
FRSIRT
phpMyReports -- phpMyReportsPHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.
unknown
2007-01-30
7.0CVE-2007-0571
OTHER-REF
FRSIRT
PHProxy -- PHProxyMultiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604. NOTE: some of these details are obtained from third party information.
unknown
2007-01-29
7.0CVE-2007-0553
OTHER-REF
FRSIRT
RBL -- tForumSQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
unknown
2007-01-31
7.0CVE-2007-0642
BUGTRAQ
BUGTRAQ
OTHER-REF
VIM
XF
Red Hat -- Red Hat Enterprise Linux AS
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Enterprise Linux WS
Linux -- Linux kernel
Red Hat -- Red Hat Desktop
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
unknown
2007-01-30
7.0CVE-2006-5753
REDHAT
rMake -- rMakerMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
unknown
2007-01-29
7.0CVE-2007-0557
OTHER-REF
RP World -- RP WorldPHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.
unknown
2007-01-30
7.0CVE-2007-0559
OTHER-REF
FRSIRT
Shaffer Solutions Corp -- dapcnfsd.dllBuffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
unknown
2007-01-31
7.0CVE-2007-0641
OTHER-REF
BID
Six Apart Ltd -- Movable TypeCross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.
unknown
2007-01-30
7.0CVE-2007-0604
OTHER-REF
SpoonLabs -- Vivvo Article Management CMSSQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-30
7.0CVE-2007-0574
BID
Stefan Holmberg -- AdMentorMultiple SQL injection vulnerabilities in the administrative login page in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.
unknown
2007-01-30
7.0CVE-2007-0575
BUGTRAQ
OTHER-REF
BID
Sun -- Java System Access ManagerCross-site scripting (XSS) vulnerability in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-31
7.0CVE-2007-0628
SUNALERT
BID
FRSIRT
SECUNIA
T-Systems Solutions for Research GmbH -- MyNewsPHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.
unknown
2007-01-31
7.0CVE-2007-0633
OTHER-REF
BID
Telestream -- Flip4Mac Windows Media Components for QuicktimeTelestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
unknown
2007-01-30
10.0CVE-2007-0466
OTHER-REF
BID
FRSIRT
SECUNIA
Vu Le An -- Virtual PathPHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-01-30
7.0CVE-2007-0591
OTHER-REF
Webfwlog -- Webfwloginclude/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
unknown
2007-01-30
8.0CVE-2007-0585
OTHER-REF
FRSIRT
X-dev -- xNewsSQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.
unknown
2007-01-30
7.0CVE-2007-0569
OTHER-REF
BID
SECUNIA
X-dev -- xNewsMultiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-31
7.0CVE-2007-0630
FRSIRT
Xero Portal -- Xero PortalMultiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.
unknown
2007-01-30
7.0CVE-2007-0561
OTHER-REF
Xt-Stats -- Xt-StatsPHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.
unknown
2007-01-30
7.0CVE-2007-0576
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
ZABBIX -- ZABBIXBuffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
unknown
2007-01-31
7.0CVE-2007-0640
OTHER-REF
BID
FRSIRT

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Andreas Gohr -- DokuWikiCRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.
unknown
2007-01-29
5.6CVE-2006-6965
OTHER-REF
SECUNIA
Apple -- Mac OS Xcrashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
unknown
2007-01-30
4.2CVE-2007-0467
OTHER-REF
Apple -- iPhotoFormat string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.
unknown
2007-01-31
5.6CVE-2007-0645
OTHER-REF
Drupal -- DrupalThe comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, allows remote attackers, with "post comments" privileges and access to multiple input filters, to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
unknown
2007-01-31
6.0CVE-2007-0626
OTHER-REF
FRSIRT
SECUNIA
Earthlink -- Total AccessThe SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
unknown
2007-01-31
5.6CVE-2007-0617
FULLDISC
BID
XF
Horde -- Groupware
Horde -- Groupware Webmail Edition
Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-01-30
5.6CVE-2007-0579
MLIST
MLIST
BID
FRSIRT
XF
IndexCOR -- EzDatabaseCross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.
unknown
2007-01-30
5.6CVE-2007-0592
BUGTRAQ
BID
XF
Intel -- Server Boards
Intel -- Enterprise Southbridge BMC
Intel -- Enterprise Southbridge 2 BMC
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.
unknown
2007-02-01
5.6CVE-2007-0661
OTHER-REF
FRSIRT
SECUNIA
Javier Suarez Sanz -- Foro DomusPHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.
unknown
2007-01-30
5.6CVE-2007-0580
OTHER-REF
BID
SECUNIA
KDE -- KonquerorKonqueror 3.5.5 does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
unknown
2007-01-29
5.6CVE-2007-0537
BUGTRAQ
Linux -- Linux kernelThe dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
unknown
2007-01-30
6.7CVE-2006-6535
OTHER-REF
makeindex -- makeindexBuffer overflow in the open_sty function in mkind.c for makeindex 2.14 might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.
unknown
2007-02-01
5.6CVE-2007-0650
OTHER-REF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.
unknown
2007-01-29
4.2CVE-2007-0544
BUGTRAQ
PGP Corporation -- PGP Corporate DesktopPGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
unknown
2007-01-30
4.8CVE-2007-0603
BUGTRAQ
OTHER-REF
SECUNIA
Plain Black -- WebGUIThe www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.
unknown
2007-01-31
4.7CVE-2007-0629
OTHER-REF
OTHER-REF
BID
SECUNIA
Symantec -- Symantec Web SecurityMultiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.
unknown
2007-01-30
4.2CVE-2007-0563
OTHER-REF
FRSIRT
SECUNIA
Trend Micro -- VirusWallBuffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.
unknown
2007-01-30
5.6CVE-2007-0602
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Webroot Software -- Spy SweeperWebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.
unknown
2007-01-29
4.9CVE-2006-6959
BUGTRAQ
OTHER-REF
OSVDB
XF
Webroot Software -- Spy SweeperThe Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.
unknown
2007-01-29
5.6CVE-2006-6960
BUGTRAQ
OTHER-REF
OSVDB
XF
Webroot Software -- Spy SweeperWebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name.
unknown
2007-01-29
5.6CVE-2006-6961
BUGTRAQ
OTHER-REF
OSVDB
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acme Labs -- thttpdthttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.
unknown
2007-02-02
2.3CVE-2007-0664
OTHER-REF
GENTOO
BID
SECUNIA
Apple -- Software UpdateFormat string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.
unknown
2007-01-29
2.3CVE-2007-0463
OTHER-REF
FRSIRT
Apple -- iChat
Apple -- mDNSResponder
Apple -- InstantMessage framework
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.
unknown
2007-01-31
2.3CVE-2007-0613
OTHER-REF
BID
Apple -- iChat
Apple -- Mac OS X
Apple -- InstantMessage framework
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
unknown
2007-01-31
3.3CVE-2007-0614
OTHER-REF
BID
Apple -- SafariFormat string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.
unknown
2007-01-31
2.7CVE-2007-0644
OTHER-REF
Apple -- Help ViewerFormat string vulnerability in 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
unknown
2007-01-31
2.7CVE-2007-0646
OTHER-REF
Apple -- Help ViewerFormat string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
unknown
2007-01-31
2.7CVE-2007-0647
OTHER-REF
Aztek Forum -- Aztek ForumPHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.
unknown
2007-01-30
3.4CVE-2007-0596
BUGTRAQ
BUGTRAQ
OTHER-REF
Aztek Forum -- Aztek ForumAztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.
unknown
2007-01-30
2.3CVE-2007-0597
BUGTRAQ
BUGTRAQ
OTHER-REF
Bloodshed Software -- Dev-C++Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
unknown
2007-01-31
1.9CVE-2007-0643
OTHER-REF
BID
CFNetwork -- CFNetworkThe _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.
unknown
2007-01-30
2.3CVE-2007-0464
OTHER-REF
CGI-RESCUE -- WebFORMCross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-29
2.3CVE-2007-0547
OTHER-REF
SECUNIA
Cisco -- IOSCisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.
unknown
2007-01-31
3.3CVE-2007-0648
OTHER-REF
CISCO
CERT-VN
BID
FRSIRT
SECUNIA
XF
CVSTrac -- CVSTracThe is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.
unknown
2007-01-29
1.9CVE-2007-0347
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OPENPKG
FRSIRT
Designmind -- High5 Review ScriptCross-site scripting (XSS) vulnerability in high5 Review script allows remote attackers to inject arbitrary web script or HTML via the search box.
unknown
2007-01-30
1.9CVE-2007-0595
BUGTRAQ
Drupal -- Textimage
Drupal -- Drupal
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
unknown
2007-02-01
2.3CVE-2007-0658
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
GD Graphics Library -- gdlibBuffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.
unknown
2007-01-30
3.3CVE-2007-0455
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- JP1/HIBUN Advanced Edition Server
Hitachi -- HIBUN Advanced Edition Server
Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.
unknown
2007-01-31
3.3CVE-2007-0615
OTHER-REF
BID
FRSIRT
SECUNIA
XF
HTTP Commander -- HTTP CommanderMultiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-30
2.3CVE-2007-0583
SECUNIA
Inotify -- IncronUnspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."
unknown
2007-01-31
1.6CVE-2007-0636
OTHER-REF
BID
FRSIRT
KarjaSoft -- Sami HTTP ServerKarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
unknown
2007-01-29
2.3CVE-2007-0548
OTHER-REF
SECUNIA
XF
Linux -- Linux kernelThe aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.
unknown
2007-01-30
1.9CVE-2006-5754
MANDRIVA
MailEnable -- MailEnable ProfessionalMailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.
unknown
2007-01-29
1.4CVE-2006-6964
OTHER-REF
SECTRACK
MAXdev -- MDProuser.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.
unknown
2007-01-31
3.3CVE-2007-0624
BUGTRAQ
Maxtricity -- TaggerMaxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.
unknown
2007-01-29
3.3CVE-2007-0545
BUGTRAQ
Michael Still -- gtalkbotMichael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.
unknown
2007-01-31
2.3CVE-2007-0627
OTHER-REF
OTHER-REF
FRSIRT
Microsoft -- Windows ExplorerWindows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.
unknown
2007-01-30
1.9CVE-2007-0562
OTHER-REF
Microsoft -- Internet ExplorerMultiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
unknown
2007-01-31
3.3CVE-2007-0612
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
mpg123 -- mpg123The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
unknown
2007-01-30
1.9CVE-2007-0578
OTHER-REF
OTHER-REF
BID
FRSIRT
NoMachine -- NX Servernxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.
unknown
2007-01-31
2.3CVE-2007-0625
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
OpenEMR -- OpenEMRVariable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis.
unknown
2007-01-31
3.4CVE-2007-0649
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
VIM
VIM
Siteman -- SitemanSiteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.
unknown
2007-01-30
2.3CVE-2007-0593
BUGTRAQ
Siteman -- SitemanSiteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.
unknown
2007-01-30
2.3CVE-2007-0594
BUGTRAQ
Sun -- SolarisUnspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
unknown
2007-01-31
2.3CVE-2007-0634
SUNALERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Symantec -- Symantec Web SecurityThe license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.
unknown
2007-01-30
1.4CVE-2007-0564
OTHER-REF
FRSIRT
SECUNIA
Telligent Systems -- Community Server ForumsTelligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.
unknown
2007-01-29
2.3CVE-2007-0538
BUGTRAQ
BUGTRAQ
Toxiclab -- ShoutboxToxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.
unknown
2007-01-29
3.3CVE-2007-0546
BUGTRAQ
Vlad Alexa Mancini -- PHPFootballshow.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.
unknown
2007-01-31
2.3CVE-2007-0638
OTHER-REF
BID
XF
Vlad Leont -- FD Scriptdownload.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.
unknown
2007-01-31
3.3CVE-2007-0620
BUGTRAQ
BID
FRSIRT
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
unknown
2007-02-02
1.9CVE-2007-0456
OTHER-REF
BID
FRSIRT
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
unknown
2007-02-02
1.9CVE-2007-0457
OTHER-REF
BID
FRSIRT
SECUNIA
Wireshark -- WiresharkUnspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.
unknown
2007-02-02
1.9CVE-2007-0458
OTHER-REF
BID
FRSIRT
SECUNIA
Wireshark -- Wiresharkpacket-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.
unknown
2007-02-02
1.9CVE-2007-0459
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Zenphoto -- zenphotoDirectory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.
unknown
2007-01-31
3.3CVE-2007-0616
OTHER-REF
OTHER-REF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.