Vulnerability Summary for the Week of March 26, 2007

Released
Apr 02, 2007
Document ID
SB07-092

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".
unknown
2007-03-26
8.0CVE-2007-1701
OTHER-REF
BID
Active Trade -- Active TradeSQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2007-03-26
7.0CVE-2007-1705
MILW0RM
SECUNIA
Active Web Softwares -- Active NewsletterSQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
unknown
2007-03-26
7.0CVE-2007-1696
MILW0RM
BID
Active Web Softwares -- Active Auction HouseSQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2007-03-27
7.0CVE-2007-1712
MILW0RM
FRSIRT
SECUNIA
Advanced Website Creator -- Advanced Website CreatorMultiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.
unknown
2007-03-29
7.0CVE-2007-1779
OTHER-REF
Ay System Solutions -- Web Content SystemPHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.
unknown
2007-03-29
8.0CVE-2007-1771
MILW0RM
BID
SECUNIA
CcCounter -- CcCounterCross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.
unknown
2007-03-27
7.0CVE-2007-1714
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
CipherTrust -- IronMailMultiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.
unknown
2007-03-27
7.0CVE-2007-1723
BUGTRAQ
OTHER-REF
ClassWeb -- ClassWebMultiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.
unknown
2007-03-23
10.0CVE-2007-1640
MILW0RM
BID
FRSIRT
XF
Corel -- WordPerfect Office X3Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
unknown
2007-03-28
8.0CVE-2007-1735
BUGTRAQ
OTHER-REF
BID
MILW0RM
FRSIRT
SECUNIA
XF
DataRescue -- IDA ProThe processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.
unknown
2007-03-24
7.0CVE-2007-1666
IDEFENSE
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Eve-Nuke -- Eve-Nuke ForumPHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-03-29
10.0CVE-2007-1778
MILW0RM
FRSIRT
eWebQuiz -- eWebQuizSQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.
unknown
2007-03-26
7.0CVE-2007-1706
MILW0RM
SECUNIA
Free PHP Scripts -- Free Image HostingPHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the forgot_pass.php vector is already covered by CVE-2006-5670, and the login.php vector overlaps CVE-2006-5763.
unknown
2007-03-27
7.0CVE-2007-1715
MILW0RM
XF
FutureSoft -- TFTP Server 2000Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
unknown
2007-03-23
10.0CVE-2007-1645
MILW0RM
XF
Giorgio Ciranni -- Splatt ForumDirectory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
unknown
2007-03-23
7.0CVE-2007-1633
MILW0RM
BID
FRSIRT
Hpaftpd -- HpaftpdMultiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.
unknown
2007-03-28
10.0CVE-2007-1731
OTHER-REF
BID
IceBB -- IceBBSQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.
unknown
2007-03-28
8.0CVE-2007-1725
MILW0RM
MILW0RM
FRSIRT
SECUNIA
InterVations -- NaviCOPA Web ServerBuffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.
unknown
2007-03-28
10.0CVE-2007-1733
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Ipswitch -- IMail Plus
Ipswitch -- Ipswitch Collaboration Suite
Ipswitch -- IMail Premium
Ipswitch -- IMail
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
unknown
2007-03-23
8.0CVE-2007-1637
IDEFENSE
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Jason W. Bacon -- mcwejectBuffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, and possibly other versions, allows local users to execute arbitrary code via a long command line argument, possibly involving the device name.
unknown
2007-03-27
7.0CVE-2007-1719
MILW0RM
Joomla! -- RWCards ComponentSQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
unknown
2007-03-26
7.0CVE-2007-1703
MILW0RM
Joomla! -- Car ManagerSQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-03-26
7.0CVE-2007-1704
MILW0RM
Linux -- KernelThe DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.
unknown
2007-03-28
7.0CVE-2007-1734
BUGTRAQ
SECTRACK
LMS -- LAN Management SystemMultiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.
unknown
2007-03-23
10.0CVE-2007-1643
MILW0RM
BID
BID
FRSIRT
SECUNIA
XF
Mambo -- SWmenu Component
Joomla! -- SWmenu Component
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
unknown
2007-03-26
10.0CVE-2007-1699
MILW0RM
BID
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows Vista
Microsoft -- Windows XP
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
unknown
2007-03-30
8.0CVE-2007-0038
FULLDISC
OTHER-REF
CERT
CERT-VN
SECUNIA
Microsoft -- WindowsThe dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
unknown
2007-03-23
10.0CVE-2007-1644
MILW0RM
Microsoft -- Small Business Server
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
unknown
2007-03-26
7.0CVE-2007-1692
MLIST
OTHER-REF
MSKB
OTHER-REF
OTHER-REF
FRSIRT
XF
MNews -- MNewsPHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
unknown
2007-03-30
10.0CVE-2006-7182
BUGTRAQ
Morcego CMS -- Morcego CMSMultiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php.
unknown
2007-03-30
10.0CVE-2006-7181
BUGTRAQ
Mozilla -- FirefoxMozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
unknown
2007-03-28
7.0CVE-2007-1736
BUGTRAQ
Net Portal Dynamic System -- Net Portal Dynamic SystemVariable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.
unknown
2007-03-23
7.0CVE-2007-1634
BUGTRAQ
VIM
SECUNIA
Net-Side.net -- Net Side Content Management SystemPHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter.
unknown
2007-03-26
7.0CVE-2007-1707
MILW0RM
BID
Opera Software -- OperaOpera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
unknown
2007-03-28
7.0CVE-2007-1737
BUGTRAQ
Philex -- PhilexPHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.
unknown
2007-03-26
10.0CVE-2007-1697
MILW0RM
BID
FRSIRT
XF
PHP -- PHPThe session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
unknown
2007-03-26
10.0CVE-2007-1700
OTHER-REF
BID
PHP -- PHPInteger overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.
unknown
2007-03-29
7.0CVE-2007-1777
OTHER-REF
BID
phpBB Group -- phpBB** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly.
unknown
2007-03-26
10.0CVE-2007-1695
BUGTRAQ
BUGTRAQ
PortailPHP -- PortailPHPSQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
unknown
2007-03-23
7.0CVE-2007-1641
MILW0RM
BID
SECUNIA
XF
Realink -- C-AbreMultiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.
unknown
2007-03-27
10.0CVE-2007-1721
MILW0RM
OTHER-REF
BUGTRAQ
BID
FRSIRT
revolutionProducts -- FlexBBSQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.
unknown
2007-03-28
7.0CVE-2007-1729
BUGTRAQ
OTHER-REF
XF
RoseOnlineCMS -- RoseOnlineCMSDirectory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
unknown
2007-03-23
7.0CVE-2007-1636
MILW0RM
BID
FRSIRT
XF
SB-WebSoft -- AddressbookDirectory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
unknown
2007-03-27
7.0CVE-2007-1720
MILW0RM
XF
Sendmail -- SendmailThe version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
unknown
2007-03-27
7.0CVE-2006-7175
OTHER-REF
SignKorea -- SKCommAX ActiveX ControlBuffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument.
unknown
2007-03-27
10.0CVE-2007-1722
FULLDISC
FRSIRT
SECUNIA
ttCMS -- ttForumPHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
unknown
2007-03-26
7.0CVE-2007-1708
MILW0RM
BID
FRSIRT
XF
X.Org -- libX11Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
unknown
2007-03-24
8.0CVE-2007-1667
OTHER-REF
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines.
unknown
2007-03-27
4.9CVE-2007-1713
OTHER-REF
OTHER-REF
SECUNIA
 PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2007-03-29
4.9CVE-2007-1766
BUGTRAQ
CruiseWorks -- CruiseWorksCruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
unknown
2007-03-30
4.9CVE-2007-1782
OTHER-REF
OTHER-REF
SECUNIA
Design for Joomla -- D4J eZineSQL injection vulnerability in index.php in the D4JeZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.
unknown
2007-03-29
5.6CVE-2007-1776
MILW0RM
BID
HP -- OpenView Network Node ManagerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.
unknown
2007-03-28
4.2CVE-2007-1727
HP
FRSIRT
SECTRACK
BID
XF
IceBB -- IceBBUnrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.
unknown
2007-03-28
4.2CVE-2007-1726
MILW0RM
FRSIRT
SECUNIA
JBrowser -- JBrowserUnrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-29
5.6CVE-2007-1775
BID
Linux -- KernelInteger signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
unknown
2007-03-28
4.7CVE-2007-1730
BUGTRAQ
BID
SECTRACK
MADWifi -- MADWifiieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of sevice (disrupted authentication) and conduct spoofing attacks.
unknown
2007-03-29
5.6CVE-2006-7180
OTHER-REF
OTHER-REF
OSVDB
Mambo -- FlatmenuPHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-03-26
5.6CVE-2007-1702
MILW0RM
VIM
Microsoft -- Server 2003
Avaya -- IP600 Media Servers
Avaya -- S8100 Media Servers
Microsoft -- Windows XP
Microsoft -- Windows Vista
Microsoft -- Internet Explorer
Avaya -- S3400 Message Application Server
Microsoft -- Windows 2000
Avaya -- DefinityOne Media Servers
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
unknown
2007-03-29
5.6CVE-2007-1765
OTHER-REF
OTHER-REF
OTHER-REF
MICROSOFT
BID
FRSIRT
SECTRACK
Minna De Office -- Minna De OfficeMinna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.
unknown
2007-03-30
4.9CVE-2007-1781
OTHER-REF
OTHER-REF
SECUNIA
Net Portal Dynamic System -- Net Portal Dynamic SystemStatic code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
unknown
2007-03-23
6.0CVE-2007-1635
BUGTRAQ
SECUNIA
PHPProjekt -- PHPProjektMultiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.
unknown
2007-03-23
5.6CVE-2007-1638
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
XF
ReactOS -- ReactOSUnspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.
unknown
2007-03-27
4.9CVE-2007-1724
OTHER-REF
Red Hat -- Red Hat Enterprise Linuxpam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
unknown
2007-03-27
4.9CVE-2007-1716
OTHER-REF
TrueCrypt Foundation -- TrueCryptTrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.
unknown
2007-03-28
5.6CVE-2007-1738
BID
SECUNIA
BUGTRAQ
WordPress -- WordPress** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor.
unknown
2007-03-28
4.2CVE-2007-1732
FULLDISC
OTHER-REF
GENTOO
SECUNIA
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AOL -- AOL Client SoftwareUnspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.
unknown
2007-03-29
3.3CVE-2007-1767
BUGTRAQ
Apache Software Foundation -- mod_perlPerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
unknown
2007-03-29
3.3CVE-2007-1349
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ESRI -- ArcSDEESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three tiered configurations, allows remote attackers to cause a denial of service (giomgr crash) via a crafted connection string containing "extra characters."
unknown
2007-03-29
3.3CVE-2007-1770
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
FastStone -- Image ViewerStack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.
unknown
2007-03-29
3.4CVE-2007-1764
BUGTRAQ
Fizzle -- FizzleCross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.
unknown
2007-03-26
1.9CVE-2007-1678
BUGTRAQ
SECUNIA
BID
FRSIRT
OSVDB
XF
Horde -- Groupware** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php. NOTE: this issue has been disputed by the vendor, noting that the search.php issue was resolved in CVE-2006-4255, and attackers can only use rule.php to inject XSS into their own pages.
unknown
2007-03-26
1.9CVE-2007-1679
BUGTRAQ
BID
BUGTRAQ
XF
HP -- JetDirectThe FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.
unknown
2007-03-29
2.7CVE-2007-1772
FULLDISC
BID
IBM -- Lotus DominoCross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
unknown
2007-03-29
1.9CVE-2006-4843
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
XF
IBM -- Lotus DominoBuffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
unknown
2007-03-28
3.3CVE-2007-1675
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BID
SECTRACK
XF
IBM -- Lotus DominoHeap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
unknown
2007-03-28
3.3CVE-2007-1739
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
CERT-VN
BID
SECTRACK
XF
MADWifi -- MADWifiMadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
unknown
2007-03-29
3.3CVE-2006-7177
OTHER-REF
MADWifi -- MADWifiMadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
unknown
2007-03-29
3.3CVE-2006-7178
OTHER-REF
OTHER-REF
OSVDB
MADWifi -- MADWifiieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.
unknown
2007-03-29
3.3CVE-2006-7179
OTHER-REF
OTHER-REF
OTHER-REF
OSVDB
ManageEngine -- Firewall AnalyzerUnspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via unspecified vectors.
unknown
2007-03-23
1.4CVE-2007-1642
BUGTRAQ
BID
Mephisto -- Mephisto
Mephisto -- Mephisto Edge
Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.
unknown
2007-03-29
1.9CVE-2007-1768
BUGTRAQ
BID
XF
Mephisto -- MephistoCross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-29
1.9CVE-2007-1769
BID
Microsoft -- Windows VistaThe ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.
unknown
2007-03-29
2.7CVE-2007-1763
VULNWATCH
OTHER-REF
Mozilla -- FirefoxMozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.
unknown
2007-03-29
2.3CVE-2007-1762
BUGTRAQ
Navision Software -- Navision Financials Server
NetBSD -- NetBSD
Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.
unknown
2007-03-29
3.4CVE-2007-1677
NETBSD
BID
Overlay Weaver -- Overlay WeaverCross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms.
unknown
2007-03-30
1.9CVE-2007-1780
OTHER-REF
SECUNIA
Philex -- Philexdownload.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.
unknown
2007-03-26
2.3CVE-2007-1698
MILW0RM
BID
FRSIRT
XF
PHP -- PECL phpDOCBuffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
unknown
2007-03-26
2.9CVE-2007-1709
MILW0RM
BUGTRAQ
OTHER-REF
BID
XF
PHP -- PHPThe readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
unknown
2007-03-26
2.9CVE-2007-1710
MILW0RM
PHP -- PHPDouble free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).
unknown
2007-03-26
2.9CVE-2007-1711
OTHER-REF
BID
PHP -- PHPThe mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.
unknown
2007-03-27
3.3CVE-2007-1717
OTHER-REF
BID
PHP -- PHPCRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
unknown
2007-03-27
3.3CVE-2007-1718
OTHER-REF
BID
Sendmail -- SendmailThe version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.
unknown
2007-03-27
3.3CVE-2006-7176
OTHER-REF
Sony -- PSP
Sony -- PlayStation 3
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
unknown
2007-03-28
3.3CVE-2007-1728
BUGTRAQ
Sun -- Java System Directory Server
Sun -- ONE Directory Server
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
unknown
2007-03-26
3.3CVE-2006-4175
IDEFENSE
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
unverse.net -- aBitWhizzyMultiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-29
1.9CVE-2007-1773
OTHER-REF
BID
unverse.net -- aBitWhizzyMultiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-29
1.9CVE-2007-1774
OTHER-REF
BID

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.