Vulnerability Summary for the Week of July 2, 2007

Released
Jul 09, 2007
Document ID
SB07-190

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AMX -- NetLinx VNC ActiveX ControlMultiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.
unknown
2007-07-03
7.6CVE-2007-3536
MILW0RM
FRSIRT
SECUNIA
Apple -- SafariCross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.
unknown
2007-07-03
8.5CVE-2007-3514
OTHER-REF
ArcadeBuilder -- Game Portal ManagerSQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
unknown
2007-07-03
7.5CVE-2007-3521
MILW0RM
AV Scripts -- AV ArcadeSQL injection vulnerability in index.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page task, possibly related to includes/view_page.php.
unknown
2007-07-04
7.5CVE-2007-3563
MILW0RM
FRSIRT
B1G -- b1gBBMultiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
unknown
2007-07-05
7.5CVE-2007-3589
MILW0RM
BID
XF
bbs100 -- bbs100Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information.
unknown
2007-07-03
7.8CVE-2007-3552
OTHER-REF
BID
SECUNIA
Coppermine -- Coppermine Photo GallerySQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
unknown
2007-07-04
7.5CVE-2007-3558
OTHER-REF
BID
SECUNIA
Daniel Toma -- WebChatSQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
unknown
2007-07-03
7.5CVE-2007-3534
MILW0RM
Debian -- gfaxgfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.
unknown
2007-07-05
7.2CVE-2007-2839
DEBIAN
Easybe -- 1-2-3 Music StoreSQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
unknown
2007-07-03
7.5CVE-2007-3520
MILW0RM
Esqlanelapse -- EsqlanelapseMultiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.
unknown
2007-07-04
7.5CVE-2007-3560
OTHER-REF
SECUNIA
flac123 -- flac123Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
unknown
2007-07-02
9.3CVE-2007-3507
BUGTRAQ
OTHER-REF
OTHER-REF
FreeDomain.co.nr -- CloneSQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
unknown
2007-07-05
7.5CVE-2007-3575
BUGTRAQ
BID
FreeType -- FreeTypeThe ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."
unknown
2007-07-02
7.8CVE-2007-3506
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Fujitsu -- ServerViewThe DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.
unknown
2007-07-05
9.3CVE-2007-3011
BUGTRAQ
OTHER-REF
BID
SECUNIA
Gentoo -- glibcInteger overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 allows local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value.
unknown
2007-07-03
7.2CVE-2007-3508
OTHER-REF
OTHER-REF
FRSIRT
Girlserv -- Girlserv adsSQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
unknown
2007-07-05
7.5CVE-2007-3583
MILW0RM
BID
FRSIRT
SECUNIA
GSAMBAD -- GSAMBADThe populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.
unknown
2007-07-02
7.2CVE-2007-2838
DEBIAN
BID
SECUNIA
SECUNIA
HispaH -- YouTube Clone ScriptSQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-03
7.5CVE-2007-3518
MILW0RM
SECUNIA
HP -- Instant SupportStack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.
unknown
2007-07-04
7.6CVE-2007-3554
OTHER-REF
HP
BID
FRSIRT
SECUNIA
XF
IBM -- OS_400IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
unknown
2007-07-03
7.8CVE-2007-3537
AIXAPAR
SECUNIA
Inforest Communications -- SuperCaliSQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
unknown
2007-07-05
7.5CVE-2007-3582
MILW0RM
BID
Intel -- Core 2 Duo E6000
Intel -- Core 2 Duo E4000
Intel -- Core 2 Extreme X6800
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.
unknown
2007-07-03
7.8CVE-2006-7215
FULLDISC
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
BID
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing".
unknown
2007-07-03
7.8CVE-2007-3550
BUGTRAQ
OTHER-REF
BID
MyCMS -- MyCMSPHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
unknown
2007-07-05
7.5CVE-2007-3585
MILW0RM
BID
MyCMS -- MyCMSMultiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: the calling program could include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
unknown
2007-07-05
7.5CVE-2007-3586
MILW0RM
BID
MyCMS -- MyCMSMyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
unknown
2007-07-05
7.5CVE-2007-3587
MILW0RM
BID
MysqlDumper -- MysqlDumperMySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.
unknown
2007-07-05
7.5CVE-2007-3567
BUGTRAQ
BID
Novell -- Access ManagerThe Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.
unknown
2007-07-05
7.5CVE-2007-3570
OTHER-REF
FRSIRT
PHP Director -- PHP DirectorSQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-04
7.5CVE-2007-3562
MILW0RM
FRSIRT
PHPDirector -- PHPDirectorvideos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.
unknown
2007-07-03
7.8CVE-2007-3529
MILW0RM
PHPDirector -- PHPDirectorPHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.
unknown
2007-07-03
7.2CVE-2007-3530
MILW0RM
PostNuke Software Foundation -- PNphpBB2SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
unknown
2007-07-05
7.5CVE-2007-3584
MILW0RM
QT-Cute -- QuickTalk guestbookSQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-03
7.5CVE-2007-3538
OTHER-REF
QT-Cute -- QuickTicket
QT-Cute -- QuickTalk Forum
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php.
unknown
2007-07-03
7.5CVE-2007-3539
OTHER-REF
QT-Cute -- QuickTicketDirectory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter.
unknown
2007-07-03
7.8CVE-2007-3547
MILW0RM
BID
Ripe Website Manager -- Ripe Website ManagerRipe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-03
7.8CVE-2007-3525
SECUNIA
SweetPHP -- TotalCalendarSQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-03
10.0CVE-2007-3515
MILW0RM
BID
SECUNIA
unicon-imc2 -- unicon-imc2Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.
unknown
2007-07-02
7.2CVE-2007-2835
OTHER-REF
DEBIAN
BID
Vastal I-Tech -- Buddy ZoneMultiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
unknown
2007-07-03
7.5CVE-2007-3526
MILW0RM
Vastal I-Tech -- Buddy ZoneSQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
unknown
2007-07-03
7.5CVE-2007-3549
MILW0RM
BID
VBzoom -- VBzoomSQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4.
unknown
2007-07-05
7.5CVE-2007-3588
BUGTRAQ
W3Filer -- W3FilerStack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
unknown
2007-07-03
7.1CVE-2007-3548
MILW0RM
BID
wakwak -- Lhaca File ArchiverStack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.
unknown
2007-07-03
9.3CVE-2007-3512
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Warzone -- Warzone 2100 ResurrectionBuffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music.
unknown
2007-07-03
7.1CVE-2007-3545
OTHER-REF
BID
WesMo -- phpEventCalendarSQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-03
7.5CVE-2007-3519
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- IntelliJack Switch NJ220The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.
unknown
2007-07-03
5.0CVE-2007-3533
OTHER-REF
FRSIRT
SECUNIA
akocomment -- akocommentMultiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
unknown
2007-07-05
6.8CVE-2007-3573
BUGTRAQ
Apache -- DerbyApache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
unknown
2007-07-05
4.0CVE-2006-7216
OTHER-REF
OTHER-REF
Apache -- DerbyApache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
unknown
2007-07-05
4.0CVE-2006-7217
OTHER-REF
OTHER-REF
B1G -- b1gBBCross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-07-05
4.3CVE-2007-3590
MILW0RM
BID
bbs100 -- bbs100Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in.
unknown
2007-07-03
6.1CVE-2007-3551
OTHER-REF
BID
SECUNIA
Claroline -- ClarolineMultiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.
unknown
2007-07-03
4.3CVE-2007-3517
OTHER-REF
SECUNIA
DAR -- DARThe blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.
unknown
2007-07-03
5.0CVE-2007-3528
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Doubleflex -- Liesbeth base CMSLiesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.
unknown
2007-07-04
5.0CVE-2007-3556
BUGTRAQ
OTHER-REF
Firebird -- FirebirdInteger overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
unknown
2007-07-03
6.8CVE-2007-3527
OTHER-REF
OTHER-REF
Frank Karau -- GL-SH Deaf ForumMultiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php.
unknown
2007-07-03
6.4CVE-2007-3535
MILW0RM
SECUNIA
Fujitsu -- PRIMERGY BX300The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.
unknown
2007-07-05
5.0CVE-2007-3012
BUGTRAQ
OTHER-REF
BID
SECUNIA
Gorki Online -- Santrac SitesiMultiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-03
4.3CVE-2007-3516
SECUNIA
groupeclan.free.fr -- XCMSMultiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
unknown
2007-07-03
6.4CVE-2007-3523
MILW0RM
Hiki -- HikiDirectory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.
unknown
2007-07-02
6.4CVE-2007-2836
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
XF
imlib -- imlibThe _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
unknown
2007-07-05
5.0CVE-2007-3568
OTHER-REF
BID
SECTRACK
Jedox -- PaloThe Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.
unknown
2007-07-05
5.0CVE-2007-3581
OTHER-REF
Kurinton -- sHTTPdCross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-07-03
4.3CVE-2007-3541
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Linksys -- WAG54GSMultiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the c4_trap_ip_ parameter and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-05
4.3CVE-2007-3574
OTHER-REF
BID
Linux -- KernelThe lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).
unknown
2007-07-03
4.9CVE-2007-3513
OTHER-REF
FRSIRT
Microsoft -- Internet Explorer** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar."
unknown
2007-07-05
4.3CVE-2007-3576
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Moodle -- MoodleCross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
unknown
2007-07-04
4.3CVE-2007-3555
BUGTRAQ
OTHER-REF
OTHER-REF
XF
Mozilla -- FirefoxThe focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field.
unknown
2007-07-03
4.3CVE-2007-3511
FULLDISC
OTHER-REF
SECUNIA
Nessus -- NessusCross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-07-03
4.3CVE-2007-3546
OTHER-REF
SECUNIA
Novell -- GroupwiseThe Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
unknown
2007-07-05
5.0CVE-2007-3571
OTHER-REF
FRSIRT
Oracle -- Applications
Oracle -- Rapid Install Web Server
Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-03
4.3CVE-2007-3553
BID
SECTRACK
PHPIDS -- PHPIDSPHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
unknown
2007-07-05
5.0CVE-2007-3577
OTHER-REF
OTHER-REF
PHPIDS -- PHPIDSPHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
unknown
2007-07-05
5.0CVE-2007-3578
OTHER-REF
OTHER-REF
PHPIDS -- PHPIDSPHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.
unknown
2007-07-05
5.0CVE-2007-3579
OTHER-REF
OTHER-REF
PHPIDS -- PHPIDSPHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.
unknown
2007-07-05
4.3CVE-2007-3580
OTHER-REF
OTHER-REF
Pluxml -- PluxmlCross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-07-03
4.3CVE-2007-3542
MILW0RM
XF
QT-Cute -- QuickTalk ForumMultiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php.
unknown
2007-07-02
6.4CVE-2007-3505
MILW0RM
BID
FRSIRT
SECUNIA
XF
RainWorx -- rwAuction ProMultiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060.
unknown
2007-07-03
4.3CVE-2007-3540
OTHER-REF
Ripe Website Manager -- Ripe Website ManagerMultiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.
unknown
2007-07-03
6.8CVE-2007-3524
MILW0RM
SECUNIA
SAP -- SAP Basis component 640
SAP -- SAP Basis component 700
Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.
unknown
2007-06-29
4.3CVE-2007-3495
BUGTRAQ
OTHER-REF
Softlink Europe -- Oliver Library Management SystemMultiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on.
unknown
2007-07-05
6.8CVE-2007-3569
BUGTRAQ
BID
FRSIRT
SECUNIA
sPHPell -- sPHPellMultiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
unknown
2007-07-03
6.8CVE-2007-3522
MILW0RM
The GIMP Team -- GIMPInteger overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.
unknown
2007-07-04
6.8CVE-2007-2949
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
webixir -- Efendy BlogCross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-04
4.3CVE-2007-3561
SECUNIA
Wheatblog -- WheatblogSQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
unknown
2007-07-04
6.8CVE-2007-3557
BUGTRAQ
BID
SECUNIA
WordPress -- WordPress MU
WordPress -- WordPress
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
unknown
2007-07-03
6.0CVE-2007-3543
OTHER-REF
OTHER-REF
BID
SECUNIA
WordPress -- WordPress MU
WordPress -- WordPress
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
unknown
2007-07-03
6.5CVE-2007-3544
OTHER-REF
Yoggie -- Pico
Yoggie -- Pico Pro
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).
unknown
2007-07-05
6.8CVE-2007-3572
FULLDISC
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
FireFlier -- FireFlierThe (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
unknown
2007-07-03
3.6CVE-2007-2837
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
PHP-Fusion -- PHP-FusionCross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
unknown
2007-07-04
3.5CVE-2007-3559
OTHER-REF
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.