Vulnerability Summary for the Week of July 2, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AMX -- NetLinx VNC ActiveX Control | Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. |
| 7.6 | CVE-2007-3536 MILW0RM FRSIRT SECUNIA | ||
Apple -- Safari | Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. |
| 8.5 | CVE-2007-3514 OTHER-REF | ||
ArcadeBuilder -- Game Portal Manager | SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie. |
| 7.5 | CVE-2007-3521 MILW0RM | ||
AV Scripts -- AV Arcade | SQL injection vulnerability in index.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page task, possibly related to includes/view_page.php. |
| 7.5 | CVE-2007-3563 MILW0RM FRSIRT | ||
B1G -- b1gBB | Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. |
| 7.5 | CVE-2007-3589 MILW0RM BID XF | ||
bbs100 -- bbs100 | Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. NOTE: some details were obtained from third party information. |
| 7.8 | CVE-2007-3552 OTHER-REF BID SECUNIA | ||
Coppermine -- Coppermine Photo Gallery | SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. |
| 7.5 | CVE-2007-3558 OTHER-REF BID SECUNIA | ||
Daniel Toma -- WebChat | SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. |
| 7.5 | CVE-2007-3534 MILW0RM | ||
Debian -- gfax | gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. |
| 7.2 | CVE-2007-2839 DEBIAN | ||
Easybe -- 1-2-3 Music Store | SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
| 7.5 | CVE-2007-3520 MILW0RM | ||
Esqlanelapse -- Esqlanelapse | Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. |
| 7.5 | CVE-2007-3560 OTHER-REF SECUNIA | ||
flac123 -- flac123 | Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length. |
| 9.3 | CVE-2007-3507 BUGTRAQ OTHER-REF OTHER-REF | ||
FreeDomain.co.nr -- Clone | SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. |
| 7.5 | CVE-2007-3575 BUGTRAQ BID | ||
FreeType -- FreeType | The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." |
| 7.8 | CVE-2007-3506 OTHER-REF OTHER-REF OTHER-REF SECUNIA | ||
Fujitsu -- ServerView | The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. |
| 9.3 | CVE-2007-3011 BUGTRAQ OTHER-REF BID SECUNIA | ||
Gentoo -- glibc | Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 allows local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. |
| 7.2 | CVE-2007-3508 OTHER-REF OTHER-REF FRSIRT | ||
Girlserv -- Girlserv ads | SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. |
| 7.5 | CVE-2007-3583 MILW0RM BID FRSIRT SECUNIA | ||
GSAMBAD -- GSAMBAD | The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. |
| 7.2 | CVE-2007-2838 DEBIAN BID SECUNIA SECUNIA | ||
HispaH -- YouTube Clone Script | SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3518 MILW0RM SECUNIA | ||
HP -- Instant Support | Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. |
| 7.6 | CVE-2007-3554 OTHER-REF HP BID FRSIRT SECUNIA XF | ||
IBM -- OS_400 | IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. |
| 7.8 | CVE-2007-3537 AIXAPAR SECUNIA | ||
Inforest Communications -- SuperCali | SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. |
| 7.5 | CVE-2007-3582 MILW0RM BID | ||
Intel -- Core 2 Duo E6000 Intel -- Core 2 Duo E4000 Intel -- Core 2 Extreme X6800 | The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. |
| 7.8 | CVE-2006-7215 FULLDISC MLIST OTHER-REF OTHER-REF OTHER-REF BID | ||
Microsoft -- Internet Explorer | Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing". |
| 7.8 | CVE-2007-3550 BUGTRAQ OTHER-REF BID | ||
MyCMS -- MyCMS | PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. |
| 7.5 | CVE-2007-3585 MILW0RM BID | ||
MyCMS -- MyCMS | Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: the calling program could include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. |
| 7.5 | CVE-2007-3586 MILW0RM BID | ||
MyCMS -- MyCMS | MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php. |
| 7.5 | CVE-2007-3587 MILW0RM BID | ||
MysqlDumper -- MysqlDumper | MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. |
| 7.5 | CVE-2007-3567 BUGTRAQ BID | ||
Novell -- Access Manager | The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. |
| 7.5 | CVE-2007-3570 OTHER-REF FRSIRT | ||
PHP Director -- PHP Director | SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3562 MILW0RM FRSIRT | ||
PHPDirector -- PHPDirector | videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. |
| 7.8 | CVE-2007-3529 MILW0RM | ||
PHPDirector -- PHPDirector | PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. |
| 7.2 | CVE-2007-3530 MILW0RM | ||
PostNuke Software Foundation -- PNphpBB2 | SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| 7.5 | CVE-2007-3584 MILW0RM | ||
QT-Cute -- QuickTalk guestbook | SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3538 OTHER-REF | ||
QT-Cute -- QuickTicket QT-Cute -- QuickTalk Forum | Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. |
| 7.5 | CVE-2007-3539 OTHER-REF | ||
QT-Cute -- QuickTicket | Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the lang parameter. |
| 7.8 | CVE-2007-3547 MILW0RM BID | ||
Ripe Website Manager -- Ripe Website Manager | Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.8 | CVE-2007-3525 SECUNIA | ||
SweetPHP -- TotalCalendar | SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 10.0 | CVE-2007-3515 MILW0RM BID SECUNIA | ||
unicon-imc2 -- unicon-imc2 | Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. |
| 7.2 | CVE-2007-2835 OTHER-REF DEBIAN BID | ||
Vastal I-Tech -- Buddy Zone | Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. |
| 7.5 | CVE-2007-3526 MILW0RM | ||
Vastal I-Tech -- Buddy Zone | SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| 7.5 | CVE-2007-3549 MILW0RM BID | ||
VBzoom -- VBzoom | SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-3691.4. |
| 7.5 | CVE-2007-3588 BUGTRAQ | ||
W3Filer -- W3Filer | Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. |
| 7.1 | CVE-2007-3548 MILW0RM BID | ||
wakwak -- Lhaca File Archiver | Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. |
| 9.3 | CVE-2007-3512 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Warzone -- Warzone 2100 Resurrection | Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music. |
| 7.1 | CVE-2007-3545 OTHER-REF BID | ||
WesMo -- phpEventCalendar | SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.5 | CVE-2007-3519 MILW0RM |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
3Com -- IntelliJack Switch NJ220 | The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. |
| 5.0 | CVE-2007-3533 OTHER-REF FRSIRT SECUNIA | ||
akocomment -- akocomment | Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. |
| 6.8 | CVE-2007-3573 BUGTRAQ | ||
Apache -- Derby | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. |
| 4.0 | CVE-2006-7216 OTHER-REF OTHER-REF | ||
Apache -- Derby | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. |
| 4.0 | CVE-2006-7217 OTHER-REF OTHER-REF | ||
B1G -- b1gBB | Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. |
| 4.3 | CVE-2007-3590 MILW0RM BID | ||
bbs100 -- bbs100 | Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in. |
| 6.1 | CVE-2007-3551 OTHER-REF BID SECUNIA | ||
Claroline -- Claroline | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. |
| 4.3 | CVE-2007-3517 OTHER-REF SECUNIA | ||
DAR -- DAR | The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. |
| 5.0 | CVE-2007-3528 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Doubleflex -- Liesbeth base CMS | Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. |
| 5.0 | CVE-2007-3556 BUGTRAQ OTHER-REF | ||
Firebird -- Firebird | Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data. |
| 6.8 | CVE-2007-3527 OTHER-REF OTHER-REF | ||
Frank Karau -- GL-SH Deaf Forum | Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. |
| 6.4 | CVE-2007-3535 MILW0RM SECUNIA | ||
Fujitsu -- PRIMERGY BX300 | The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. |
| 5.0 | CVE-2007-3012 BUGTRAQ OTHER-REF BID SECUNIA | ||
Gorki Online -- Santrac Sitesi | Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3516 SECUNIA | ||
groupeclan.free.fr -- XCMS | Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter. |
| 6.4 | CVE-2007-3523 MILW0RM | ||
Hiki -- Hiki | Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. |
| 6.4 | CVE-2007-2836 OTHER-REF OTHER-REF OTHER-REF OTHER-REF DEBIAN BID FRSIRT SECUNIA SECUNIA XF | ||
imlib -- imlib | The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. |
| 5.0 | CVE-2007-3568 OTHER-REF BID SECTRACK | ||
Jedox -- Palo | The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. |
| 5.0 | CVE-2007-3581 OTHER-REF | ||
Kurinton -- sHTTPd | Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-3541 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Linksys -- WAG54GS | Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the c4_trap_ip_ parameter and other unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3574 OTHER-REF BID | ||
Linux -- Kernel | The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). |
| 4.9 | CVE-2007-3513 OTHER-REF FRSIRT | ||
Microsoft -- Internet Explorer | ** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes. NOTE: other researchers dispute the significance of this issue, stating "this only works when typed in the address bar." |
| 4.3 | CVE-2007-3576 OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Moodle -- Moodle | Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. |
| 4.3 | CVE-2007-3555 BUGTRAQ OTHER-REF OTHER-REF XF | ||
Mozilla -- Firefox | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field. |
| 4.3 | CVE-2007-3511 FULLDISC OTHER-REF SECUNIA | ||
Nessus -- Nessus | Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | CVE-2007-3546 OTHER-REF SECUNIA | ||
Novell -- Groupwise | The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. |
| 5.0 | CVE-2007-3571 OTHER-REF FRSIRT | ||
Oracle -- Applications Oracle -- Rapid Install Web Server | Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3553 BID SECTRACK | ||
PHPIDS -- PHPIDS | PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script. |
| 5.0 | CVE-2007-3577 OTHER-REF OTHER-REF | ||
PHPIDS -- PHPIDS | PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. |
| 5.0 | CVE-2007-3578 OTHER-REF OTHER-REF | ||
PHPIDS -- PHPIDS | PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. |
| 5.0 | CVE-2007-3579 OTHER-REF OTHER-REF | ||
PHPIDS -- PHPIDS | PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. |
| 4.3 | CVE-2007-3580 OTHER-REF OTHER-REF | ||
Pluxml -- Pluxml | Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 4.3 | CVE-2007-3542 MILW0RM XF | ||
QT-Cute -- QuickTalk Forum | Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) sequence in the lang parameter to (1) qtf_checkname.php, (2) qtf_j_birth.php, or (3) qtf_j_exists.php. |
| 6.4 | CVE-2007-3505 MILW0RM BID FRSIRT SECUNIA XF | ||
RainWorx -- rwAuction Pro | Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060. |
| 4.3 | CVE-2007-3540 OTHER-REF | ||
Ripe Website Manager -- Ripe Website Manager | Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. |
| 6.8 | CVE-2007-3524 MILW0RM SECUNIA | ||
SAP -- SAP Basis component 640 SAP -- SAP Basis component 700 | Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page. |
| 4.3 | CVE-2007-3495 BUGTRAQ OTHER-REF | ||
Softlink Europe -- Oliver Library Management System | Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. |
| 6.8 | CVE-2007-3569 BUGTRAQ BID FRSIRT SECUNIA | ||
sPHPell -- sPHPell | Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. |
| 6.8 | CVE-2007-3522 MILW0RM | ||
The GIMP Team -- GIMP | Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. |
| 6.8 | CVE-2007-2949 OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
webixir -- Efendy Blog | Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 4.3 | CVE-2007-3561 SECUNIA | ||
Wheatblog -- Wheatblog | SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. |
| 6.8 | CVE-2007-3557 BUGTRAQ BID SECUNIA | ||
WordPress -- WordPress MU WordPress -- WordPress | Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. |
| 6.0 | CVE-2007-3543 OTHER-REF OTHER-REF BID SECUNIA | ||
WordPress -- WordPress MU WordPress -- WordPress | Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. |
| 6.5 | CVE-2007-3544 OTHER-REF | ||
Yoggie -- Pico Yoggie -- Pico Pro | Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). |
| 6.8 | CVE-2007-3572 FULLDISC BID FRSIRT SECUNIA XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
FireFlier -- FireFlier | The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. |
| 3.6 | CVE-2007-2837 OTHER-REF DEBIAN SECUNIA SECUNIA | ||
PHP-Fusion -- PHP-Fusion | Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. |
| 3.5 | CVE-2007-3559 OTHER-REF SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.