Vulnerability Summary for the Week of February 5, 2007
Released
Feb 12, 2007
Document ID
SB07-043
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Advanced Poll -- Advanced Poll | admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. |
| 7.0 | CVE-2007-0845 OTHER-REF BID | ||
| AgerMenu -- AgerMenu | PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. |
| 7.0 | CVE-2007-0837 OTHER-REF VIM VIM FRSIRT | ||
| Alibaba -- Alipay ActiveX control | Heap-based buffer overflow in the Alibaba Alipay ActiveX control allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument. |
| 7.0 | CVE-2007-0827 OTHER-REF | ||
| Atsphp -- Atsphp | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php. |
| 7.0 | CVE-2007-0831 BUGTRAQ BUGTRAQ | ||
| Barron McCann -- Install Barron McCann -- X-Kryptor Driver Barron McCann -- X-Kryptor Secure Client Barron McCann -- Xgntr | Unspecified vulnerability in Barron McCann X-Kryptor Driver BMS1446HRR, Xgntr BMS1351, and Install BMS1472 in X-Kryptor Secure Client allows local users to gain privileges via unknown vectors. |
| 7.0 | CVE-2007-0436 OTHER-REF OTHER-REF | ||
| Blue Coat Systems -- WinProxy | Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. |
| 7.0 | CVE-2007-0796 IDEFENSE FRSIRT | ||
| Bluevirus-design -- SMA-DB | PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. |
| 7.0 | CVE-2007-0797 OTHER-REF BID | ||
| BtitTracker -- BtitTracker | SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable. |
| 7.0 | CVE-2006-6972 OTHER-REF VIM BID FRSIRT SECUNIA | ||
| Cedric -- CLAIRE PortailPhp | Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0820 BID | ||
| CentiPaid -- CentiPaid | PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. |
| 7.0 | CVE-2006-6976 OTHER-REF VIM XF | ||
| Comodo -- Comodo Firewall Pro | cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. |
| 7.0 | CVE-2007-0708 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
| Comodo -- Comodo Firewall Pro | cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. |
| 7.0 | CVE-2007-0709 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
| Darrens $5 Script Archive -- FlashChat | Cross-site scripting (XSS) vulnerability in index.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. |
| 7.0 | CVE-2007-0807 BUGTRAQ | ||
| Darrens $5 Script Archive -- FlashChat | Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0834 SECUNIA | ||
| dB Masters Multimedia -- Curium CMS | SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter. |
| 7.0 | CVE-2007-0765 OTHER-REF BID XF | ||
| Epistemon -- Epistemon | PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. |
| 7.0 | CVE-2007-0701 Milw0rm VIM BID FRSIRT | ||
| EQdkp -- EQdkp | EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. |
| 10.0 | CVE-2007-0760 OTHER-REF BID | ||
| F3Site -- F3Site | Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. |
| 7.0 | CVE-2007-0763 OTHER-REF BID | ||
| FCKeditor -- FCKeditor | Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. |
| 7.0 | CVE-2006-6978 BUGTRAQ OTHER-REF XF | ||
| Fenrir -- Darksky RSS bar | Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0706 OTHER-REF OTHER-REF OTHER-REF FRSIRT | ||
| Fenrir & Co -- Portable Sleipnir Fenrir & Co -- Sleipnir | Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2007-0705 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Flipsource -- Flip | PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. |
| 7.0 | CVE-2007-0785 OTHER-REF BID FRSIRT | ||
| Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net Portal | Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protections chemes, not the vulnerable functions. |
| 7.0 | CVE-2007-0695 OTHER-REF VIM FRSIRT XF | ||
| Geeklog -- Geeklog | PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog. |
| 7.0 | CVE-2007-0810 OTHER-REF | ||
| GGCMS -- GGCMS | Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. |
| 7.0 | CVE-2007-0804 OTHER-REF BID FRSIRT XF | ||
| GlobalMegaCorp -- Dvddb | PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. |
| 7.0 | CVE-2007-0793 BUGTRAQ | ||
| GlobalMegaCorp -- Dvddb | SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| 7.0 | CVE-2007-0794 BUGTRAQ | ||
| Headstart Solutions -- DeskPRO | Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. |
| 7.0 | CVE-2006-6973 OTHER-REF | ||
| Headstart Solutions -- DeskPRO | Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. |
| 7.0 | CVE-2006-6974 OTHER-REF | ||
| HP -- Network Node Manager Remote Console | HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service. |
| 7.0 | CVE-2007-0819 FULLDISC OTHER-REF | ||
| Hunkaray Duyuru -- Scripti | SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0688 OTHER-REF | ||
| Kisisel Site 2007 -- Kisisel Site forum.asp | SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| 7.0 | CVE-2007-0826 OTHER-REF | ||
| Les News -- Les News | Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. |
| 7.0 | CVE-2007-0806 BUGTRAQ OTHER-REF | ||
| LightRO -- Light RO CMS | PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter. |
| 7.0 | CVE-2007-0824 OTHER-REF BID | ||
| Maian Recipe -- Maian Recipe | PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. |
| 7.0 | CVE-2007-0848 OTHER-REF VIM SECUNIA | ||
| Mambo -- Mambo | SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via the unspecified vectors in cancel edit functions, possibly related to the id parameter. |
| 7.0 | CVE-2007-0789 OTHER-REF FRSIRT SECUNIA | ||
| Miguel Nunes -- Call of Duty 2 DreamStats System | PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. |
| 7.0 | CVE-2007-0757 OTHER-REF VIM BID | ||
| Mina Ajans -- Mina Ajans Script | PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script. |
| 7.0 | CVE-2007-0808 BUGTRAQ | ||
| Mozilla -- Bugzilla | The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. |
| 7.0 | CVE-2007-0792 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK | ||
| MySQLNewsEngine -- MySQLNewsEngine | PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. |
| 7.0 | CVE-2007-0828 BUGTRAQ BID | ||
| Noname Media -- Photo Galerie Standard | SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-0786 OTHER-REF BID FRSIRT | ||
| Omegaboard -- Omegaboard | PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0683 Milw0rm OTHER-REF OTHER-REF | ||
| Open Tibia Server CMS -- Open Tibia Server CMS | SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. |
| 7.0 | CVE-2007-0847 OTHER-REF BID | ||
| Phorum -- Phorum | Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2007-0767 OTHER-REF FRSIRT | ||
| Phorum -- Phorum | ** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly." |
| 7.0 | CVE-2007-0769 BUGTRAQ BUGTRAQ OTHER-REF BID FRSIRT | ||
| phpBB -- ezBoard Converter | PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. |
| 7.0 | CVE-2007-0761 OTHER-REF OTHER-REF VIM XF | ||
| phpBB++ -- phpBB++ | PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0762 OTHER-REF VIM | ||
| phpEventMan -- phpEventMan | Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php. |
| 7.0 | CVE-2007-0702 OTHER-REF VIM BID FRSIRT SECUNIA | ||
| phpGraphy -- phpGraphy | phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy. |
| 7.0 | CVE-2006-6966 OTHER-REF OTHER-REF OTHER-REF SECTRACK | ||
| PHPProbid -- PHPProbid | PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0758 BID | ||
| Portail Web Php -- Portail Web Php | PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. |
| 7.0 | CVE-2007-0699 BUGTRAQ VIM BID FRSIRT | ||
| Ptirhiikmods -- mod-CH | PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2007-0809 OTHER-REF | ||
| RBL -- tPassword | SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. |
| 7.0 | CVE-2007-0784 BUGTRAQ BUGTRAQ OTHER-REF VIM | ||
| Remotesoft -- .NET Explorer | Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. |
| 8.0 | CVE-2007-0766 OTHER-REF BID | ||
| SmartFTP -- SmartFTP | Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0790 SECUNIA | ||
| Somery -- Somery | PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation. |
| 7.0 | CVE-2007-0704 OTHER-REF VIM | ||
| SysCP Team -- SysCP | scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. |
| 7.0 | CVE-2007-0850 BUGTRAQ BID | ||
| TechExcel Inc. -- DevTrack | Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0852 SECUNIA | ||
| TechExcel Inc. -- DevTrack | SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-0853 SECUNIA | ||
| Uapplication -- Ublog | SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2007-0799 BUGTRAQ OTHER-REF BID | ||
| Umberto Caldera -- EasyMoblog | Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. |
| 7.0 | CVE-2007-0759 OTHER-REF OTHER-REF BID SECUNIA | ||
| Valarsoft -- WebMatic | Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. |
| 7.0 | CVE-2007-0839 OTHER-REF VIM BID | ||
| vbDrupal -- vbDrupal | Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers. |
| 7.0 | CVE-2007-0841 OTHER-REF FRSIRT SECUNIA | ||
| Wap -- Wap Portal Server | Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. |
| 7.0 | CVE-2007-0795 BUGTRAQ | ||
| WebBuilder -- WebBuilder | PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter. |
| 7.0 | CVE-2007-0703 OTHER-REF VIM FRSIRT | ||
| Woltlab -- Burning Board Lite | SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. |
| 7.0 | CVE-2007-0812 OTHER-REF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Amarok -- Amarok | The ruby handlers in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. |
| 5.6 | CVE-2006-6979 OTHER-REF SUSE SECUNIA | ||
| CentiPaid -- CentiPaid | ** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement. |
| 5.6 | CVE-2006-6975 BUGTRAQ BUGTRAQ BUGTRAQ OSVDB | ||
| Coppermine -- Coppermine Photo Gallery | admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.2 | CVE-2007-0835 BID SECUNIA XF | ||
| F3Site -- F3Site | Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. |
| 4.2 | CVE-2007-0764 OTHER-REF | ||
| Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net Portal | Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611. |
| 5.6 | CVE-2007-0696 OTHER-REF FRSIRT XF | ||
| FreeTextBox -- FreeTextBox | Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. |
| 5.6 | CVE-2006-6977 BUGTRAQ OTHER-REF XF | ||
| GOM Player -- GOM Player | Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-0707 OTHER-REF SECUNIA | ||
| HLstats -- HLstats | Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454. |
| 5.6 | CVE-2007-0840 OTHER-REF BID SECUNIA | ||
| Jelsoft -- VBulletin | ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040. |
| 4.2 | CVE-2007-0830 BUGTRAQ BUGTRAQ XF | ||
| Jetty -- Jetty HTTP Server | Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. |
| 5.6 | CVE-2006-6969 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
| MandrakeSoft -- Mandrake LinuxSoft Debian -- Debian Linux Samba -- Samba MandrakeSoft -- Mandrake Corporate Server | Format string vulnerability in the afsacl.so VFS module Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. |
| 4.9 | CVE-2007-0454 BUGTRAQ BID | ||
| Mentiss ACGV -- ACGVannu | index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information. |
| 4.7 | CVE-2007-0697 OTHER-REF BID FRSIRT XF | ||
| Mentiss ACGV -- ACGVannu | Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-0698 FRSIRT | ||
| Michelle -- L2J DropCalc | SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter. |
| 4.2 | CVE-2007-0687 OTHER-REF BID XF | ||
| Mozilla -- Firefox Opera Software -- Opera | Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. |
| 4.9 | CVE-2006-6970 BUGTRAQ OTHER-REF | ||
| Mozilla -- Firefox | Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. |
| 4.9 | CVE-2006-6971 OTHER-REF OTHER-REF | ||
| Mozilla -- Firefox Opera Software -- Opera | Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. |
| 4.9 | CVE-2007-0802 BUGTRAQ OTHER-REF OTHER-REF | ||
| Open Tibia Server CMS -- Open Tibia Server CMS | Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. |
| 5.6 | CVE-2007-0846 OTHER-REF BID | ||
| pam_ssh -- pam_ssh | The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. |
| 4.7 | CVE-2007-0844 OTHER-REF FRSIRT SECUNIA | ||
| PostgreSQL -- PostgreSQL | PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content. |
| 4.0 | CVE-2007-0555 OTHER-REF UBUNTU FRSIRT SECUNIA | ||
| Samba -- Samba | Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. |
| 4.9 | CVE-2007-0453 BUGTRAQ | ||
| Simple Invoices -- Simple Invoices | PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information. |
| 5.6 | CVE-2007-0787 OTHER-REF SECUNIA | ||
| STLport -- STLport | Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor." |
| 5.6 | CVE-2007-0803 OTHER-REF BID SECUNIA | ||
| Trend Micro -- Scan Engine | Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before virus pattern file 4.245.00, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. |
| 5.6 | CVE-2007-0851 IDEFENSE OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Yahoo! -- Messenger | Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information. |
| 5.6 | CVE-2007-0768 BUGTRAQ BUGTRAQ BUGTRAQ BID SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 3proxy -- 3proxy | 3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten. |
| 2.3 | CVE-2006-6981 OTHER-REF | ||
| 3proxy -- 3proxy | 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. |
| 2.3 | CVE-2006-6982 OTHER-REF | ||
| Adobe -- ColdFusion MX | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. |
| 1.9 | CVE-2007-0817 BUGTRAQ BID | ||
| Adrenalin Labs -- Adrenalin's ASP Chat | Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. |
| 1.9 | CVE-2007-0814 BUGTRAQ OTHER-REF BID | ||
| ALWIL -- Avast! Antivirus Server Edition | avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. |
| 3.9 | CVE-2007-0829 OTHER-REF BID FRSIRT SECUNIA | ||
| Cedric -- CLAIRE PortailPhp | Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-0821 BID | ||
| Check Point Software -- Firewall-1 | Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp). |
| 3.3 | CVE-2006-6967 OTHER-REF OSVDB | ||
| Chicken of the VNC -- Chicken of the VNC | Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference. |
| 3.3 | CVE-2007-0756 BUGTRAQ BID | ||
| Computer Associates -- BrightStor ARCServe Backup | CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup r11.5 SP2 allows remote attackers to cause a denial of service (crash) via a crafted TADDR2UADDR that triggers a null pointer dereference, possibly related to null credentials or verifier fields. |
| 2.3 | CVE-2007-0816 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Coppermine -- Coppermine Photo Gallery | admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.4 | CVE-2007-0836 BID SECUNIA XF | ||
| FlashFXP -- FlashFXP | FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow. |
| 3.3 | CVE-2007-0825 OTHER-REF BID | ||
| FreeProxy -- FreeProxy | FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. |
| 2.3 | CVE-2007-0838 BUGTRAQ FULLDISC OTHER-REF FRSIRT | ||
| Home production -- MySearchEngine | Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 1.9 | CVE-2007-0813 BUGTRAQ OTHER-REF BID | ||
| HP -- Tru64 UNIX | The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. |
| 1.6 | CVE-2007-0805 BUGTRAQ BUGTRAQ FULLDISC OTHER-REF SECUNIA | ||
| HP -- HP-UX | Unspecified vulnerability in HP-UX B.11.23, when running IPFilter with PHNE_34474 applied, allows remote attackers to cause an unknown denial of service via unknown vectors. |
| 1.9 | CVE-2007-0818 HP | ||
| Intel -- 2200BG PROSet/Wireless | The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992. |
| 2.7 | CVE-2007-0686 OTHER-REF | ||
| Linux -- Linux kernel | The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows remote attackers to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." |
| 1.3 | CVE-2007-0006 OTHER-REF OTHER-REF | ||
| Linux -- Linux kernel | umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. |
| 1.3 | CVE-2007-0822 FULLDISC OTHER-REF | ||
| magnatune.com -- album browser | The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. |
| 1.9 | CVE-2006-6980 SUSE SECUNIA | ||
| MediaWiki -- MediaWiki | Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." |
| 1.9 | CVE-2007-0788 OTHER-REF SECUNIA | ||
| Microsoft -- Windows Mobile | Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow. |
| 1.9 | CVE-2007-0685 OTHER-REF BID FRSIRT XF | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById. |
| 1.9 | CVE-2007-0811 OTHER-REF OTHER-REF | ||
| Mozilla -- Bugzilla | Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2007-0791 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Mozilla -- Firefox | Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. |
| 1.9 | CVE-2007-0800 BUGTRAQ BUGTRAQ BID | ||
| Mozilla -- Firefox | The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. |
| 1.9 | CVE-2007-0801 BUGTRAQ BUGTRAQ BID | ||
| Phorum -- Phorum | Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 3.7 | CVE-2006-6968 OTHER-REF FRSIRT | ||
| phpBB Group -- phpBB | phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. |
| 2.3 | CVE-2006-2219 BUGTRAQ BUGTRAQ FULLDISC XF | ||
| phpBB Group -- phpBB | phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. |
| 2.3 | CVE-2006-2220 BUGTRAQ BUGTRAQ FULLDISC XF | ||
| Portail Web Php -- Portail Web Php | Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. |
| 2.3 | CVE-2007-0700 BUGTRAQ VIM VIM VIM BID | ||
| PostgreSQL -- PostgreSQL | The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. |
| 3.2 | CVE-2007-0556 OTHER-REF UBUNTU FRSIRT SECUNIA | ||
| Samba -- Samba | smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. |
| 2.0 | CVE-2007-0452 BUGTRAQ | ||
| SGI -- ProPack | SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information. |
| 1.3 | CVE-2006-1167 SGI OSVDB | ||
| Slackware -- Slackware Linux | xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. |
| 1.3 | CVE-2007-0823 FULLDISC OTHER-REF | ||
| Smb4k -- Smb4k | Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp. |
| 3.9 | CVE-2007-0472 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Smb4k -- Smb4k | The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file. |
| 1.3 | CVE-2007-0473 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Smb4k -- Smb4k | Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill." |
| 2.6 | CVE-2007-0474 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Smb4k -- Smb4k | Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration. |
| 3.9 | CVE-2007-0475 MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Uapplication -- Ublog Reload | Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. |
| 1.9 | CVE-2007-0798 BUGTRAQ OTHER-REF BID XF | ||
| Uapplication -- uPhotoGallery | Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023. |
| 1.9 | CVE-2007-0815 BUGTRAQ BID | ||
| VMWare -- VMWare Workstation | VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. |
| 1.3 | CVE-2007-0832 BUGTRAQ BID | ||
| VMWare -- VMWare Workstation | VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. |
| 1.3 | CVE-2007-0833 BUGTRAQ BID |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.