Vulnerability Summary for the Week of May 21, 2007
Released
May 29, 2007
Document ID
SB07-149
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AlstraSoft -- Live Support | AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. |
| 10.0 | CVE-2007-2775 MILW0RM | ||
| AlstraSoft -- Template Seller | AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. |
| 10.0 | CVE-2007-2776 MILW0RM | ||
| AlstraSoft -- Template Seller | Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. |
| 7.0 | CVE-2007-2777 MILW0RM | ||
| AlstraSoft -- E-Friends | SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. |
| 10.0 | CVE-2007-2824 MILW0RM BID | ||
| com_yanc -- com_yanc | SQL injection vulnerability in index.php in the com_yanc 1.4 beta Add-on for Mambo allows remote attackers to execute arbitrary SQL commands via the listid parameter. |
| 7.0 | CVE-2007-2792 MILW0RM BID | ||
| eSyndicat -- eSyndiCat Pro | manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. |
| 10.0 | CVE-2007-2785 BUGTRAQ | ||
| file -- file | Integer overflow in the "file" program 4.20, when running on 32-bit systems, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536. |
| 8.0 | CVE-2007-2799 OTHER-REF | ||
| Gazi Download Portal -- Gazi Download Portal | SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 10.0 | CVE-2007-2810 BID SECUNIA | ||
| Geeklog -- Geeklog | PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter. |
| 7.0 | CVE-2007-2793 MILW0RM BID | ||
| HP -- Tru64 UNIX | Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout. |
| 10.0 | CVE-2007-2791 HP BID FRSIRT SECTRACK SECUNIA | ||
| Jetbox -- Jetbox CMS | Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. |
| 7.0 | CVE-2007-2685 FULLDISC OTHER-REF OSVDB | ||
| KSign -- KSignSWAT | Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions. |
| 7.0 | CVE-2007-2820 FULLDISC FRSIRT SECUNIA | ||
| LEAD Technologies -- LeadTools JPEG 2000 | Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. |
| 8.0 | CVE-2007-2771 OTHER-REF OTHER-REF CERT-VN SECUNIA | ||
| LEAD Technologies -- LeadTools Raster Thumbnail Object Library | Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. |
| 7.0 | CVE-2007-2787 MILW0RM MILW0RM OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
| LEAD Technologies -- LeadTools ISIS ActiveX Control | Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName propery. |
| 8.0 | CVE-2007-2827 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Libstats -- Libstats | PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. |
| 7.0 | CVE-2007-2779 MILW0RM BID | ||
| Madirish Webmail -- Madirish Webmail | PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2826 BID | ||
| MADWifi -- MADWifi | Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. |
| 10.0 | CVE-2007-2831 OTHER-REF OTHER-REF | ||
| Microsoft -- IIS | The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Server (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. |
| 10.0 | CVE-2007-2815 BUGTRAQ MSKB | ||
| MicroWorld Technologies -- eScan | Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. |
| 10.0 | CVE-2007-2687 OTHER-REF FRSIRT SECUNIA | ||
| Ol' Bookmarks -- Ol' Bookmarks | Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (6) test1.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/. |
| 7.0 | CVE-2007-2816 MILW0RM VIM BID FRSIRT | ||
| Ol' Bookmarks -- Ol' Bookmarks | SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-2817 MILW0RM BID | ||
| OPeNDAP -- Hyrax OPeNDAP -- BES | BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. |
| 7.0 | CVE-2007-2769 OTHER-REF CERT-VN BID | ||
| Opera Software -- Opera Web Browser | Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274. |
| 8.0 | CVE-2007-2809 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Packeteer -- PacketShaper | Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption. |
| 7.0 | CVE-2007-2782 BUGTRAQ BID | ||
| Pegasus -- ImagN' ActiveX Control | Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. |
| 7.0 | CVE-2007-2814 OTHER-REF BID FRSIRT SECUNIA | ||
| Qualcomm -- Eudora | Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue. |
| 8.0 | CVE-2007-2770 MILW0RM SECUNIA XF | ||
| Rational Software -- Hidden Administrator | Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE. |
| 10.0 | CVE-2007-2783 BUGTRAQ BID | ||
| Sun -- JDK | Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. |
| 8.0 | CVE-2007-2788 OTHER-REF BID FRSIRT SECUNIA XF | ||
| SunLight CMS -- SunLight CMS | Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. |
| 7.0 | CVE-2007-2774 MILW0RM BID | ||
| Vizayn Urun -- Tanitim Sitesi | SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-2803 SECUNIA | ||
| VP-ASP -- VP-ASP Shopping Cart | Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. |
| 7.0 | CVE-2007-2790 BUGTRAQ | ||
| Wavelink Media -- TutorialCMS | TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php. |
| 8.0 | CVE-2007-2822 MILW0RM OTHER-REF FRSIRT SECUNIA | ||
| WikyBlog -- WikyBlog | Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. |
| 7.0 | CVE-2007-2781 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
| WordPress -- WordPress | SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. |
| 8.0 | CVE-2007-2821 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Zomplog -- Zomplog | SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. |
| 7.0 | CVE-2007-2773 MILW0RM |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Eggheads -- Eggdrop IRC bot | Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. |
| 5.6 | CVE-2007-2807 OTHER-REF SECUNIA | ||
| HT Editor -- HT Editor | Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information. |
| 5.6 | CVE-2007-2823 OTHER-REF BID SECUNIA | ||
| PHP Group -- PEAR | Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. |
| 5.6 | CVE-2007-2519 OTHER-REF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| @Mail -- @Mail Webmail | Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. |
| 2.3 | CVE-2007-2825 OTHER-REF XF | ||
| Apache Software Foundation -- Tomcat | Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. |
| 1.9 | CVE-2007-1355 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID | ||
| CactuSoft -- Parodia | Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. |
| 2.3 | CVE-2007-2818 OTHER-REF BID XF | ||
| CandyPress -- CandyPress Store | Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. |
| 1.9 | CVE-2007-2804 OTHER-REF FRSIRT SECUNIA | ||
| Cisco -- IOS Transmission Control Protocol | Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. |
| 3.3 | CVE-2007-2813 CISCO | ||
| Cisco -- Call Manager | Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. |
| 1.9 | CVE-2007-2832 FULLDISC OTHER-REF CISCO FRSIRT SECUNIA | ||
| Clientexec -- Clientexec | Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters. |
| 1.9 | CVE-2007-2805 OTHER-REF BID XF | ||
| Computer Associates -- BrightStor ARCserve Backup | (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. |
| 3.3 | CVE-2007-2772 BUGTRAQ MILW0RM MILW0RM OTHER-REF FRSIRT SECTRACK SECUNIA XF XF | ||
| GaliX -- GaliX | Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters. |
| 3.7 | CVE-2007-2806 OTHER-REF BID SECUNIA | ||
| Globus -- Globus Toolkit | Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications. |
| 3.3 | CVE-2007-2784 MLIST OTHER-REF OTHER-REF BID SECUNIA | ||
| HLstats -- HLstats | Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. |
| 2.3 | CVE-2007-2812 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA | ||
| ircd-ratbox -- ircd-ratbox | Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. |
| 2.3 | CVE-2007-2786 MLIST OPENPKG BID SECUNIA XF | ||
| Jetbox -- Jetbox CMS | Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. |
| 2.3 | CVE-2007-2684 FULLDISC OTHER-REF OSVDB | ||
| Jetbox -- Jetbox CMS | Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. |
| 1.9 | CVE-2007-2686 FULLDISC OTHER-REF OSVDB | ||
| JohnTP -- AdSense-Deluxe | Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. |
| 3.4 | CVE-2007-2828 OTHER-REF SECUNIA | ||
| MADWifi -- MADWifi | The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. |
| 2.3 | CVE-2007-2829 OTHER-REF OTHER-REF | ||
| MADWifi -- MADWifi | The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. |
| 2.3 | CVE-2007-2830 OTHER-REF OTHER-REF | ||
| MolyX -- MolyX Board | Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts. |
| 3.3 | CVE-2007-2778 MILW0RM BID | ||
| OpenBSD -- OpenSSH | OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. |
| 1.9 | CVE-2007-2768 FULLDISC OSVDB | ||
| OPeNDAP -- Hyrax OPeNDAP -- BES | Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. |
| 3.3 | CVE-2007-2767 OTHER-REF CERT-VN BID | ||
| OSK -- Advance-Flow | Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 2.3 | CVE-2007-2811 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| PHP -- PHP | The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. |
| 1.6 | CVE-2006-7204 OTHER-REF OTHER-REF OSVDB SECUNIA | ||
| PHP Group -- PHP | The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. |
| 2.3 | CVE-2006-7205 OTHER-REF OSVDB SECTRACK | ||
| PsychoStats -- PsychoStats | PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. |
| 3.3 | CVE-2007-2780 FULLDISC FULLDISC BID | ||
| RM -- RM EasyMail Plus | Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter. |
| 1.9 | CVE-2007-2802 OTHER-REF SECUNIA | ||
| RSA -- BSAFE Cert-C RSA -- BSAFE Crypto-C | The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects. |
| 2.3 | CVE-2006-3894 OTHER-REF CISCO CERT-VN | ||
| Sun -- JDK | The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. |
| 2.7 | CVE-2007-2789 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Track+ -- Track+ | Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. |
| 2.3 | CVE-2007-2819 OTHER-REF BID XF | ||
| Yngve Svendsen -- Gnatsweb GNU -- GNATS | Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. |
| 1.9 | CVE-2007-2808 OTHER-REF FRSIRT SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.