Vulnerability Summary for the Week of August 20, 2007

Released
Aug 27, 2007
Document ID
SB07-239

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Checkpoint -- ZoneAlarmvsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations.
unknown
2007-08-21
7.2CVE-2007-4216
IDEFENSE
Cisco -- VoIP Phone CP-7940The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.
unknown
2007-08-21
7.1CVE-2007-4459
FULLDISC
FULLDISC
BID
FRSIRT
SECUNIA
EMC Corporation -- Legato NetworkerStack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
unknown
2007-08-21
9.3CVE-2007-3618
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
eZ Systems -- eZ publisheZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
unknown
2007-08-22
7.8CVE-2007-4493
OTHER-REF
OTHER-REF
OTHER-REF
Firesoft -- FiresoftPHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-21
7.5CVE-2007-4458
BID
Grandstream -- SIP PhoneThe Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
unknown
2007-08-23
7.8CVE-2007-4498
FULLDISC
BID
XF
Gurer Haber -- Gurer HaberSQL injection vulnerability in uyeler2.php in Gurer haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-22
7.5CVE-2007-4491
BUGTRAQ
BID
id3lib -- id3libThe RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
unknown
2007-08-21
7.2CVE-2007-4460
OTHER-REF
OTHER-REF
BID
SECUNIA
Joomla -- BibTexSQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
unknown
2007-08-23
7.5CVE-2007-4502
MILW0RM
Joomla -- Nice Talk
vtest -- ptest
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
unknown
2007-08-23
7.5CVE-2007-4503
MILW0RM
Joomla -- NeoRecruitSQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
unknown
2007-08-23
7.5CVE-2007-4506
MILW0RM
Joomla -- EventListSQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
unknown
2007-08-23
7.5CVE-2007-4509
MILW0RM
Lighthouse Development -- SquirrelcartPHP remote file inclusion vulnerability in popup_window.php in Squirrelcart 1.x.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_isp_root parameter, probably related to cart.php.
unknown
2007-08-20
7.5CVE-2007-4439
MILW0RM
Linkliste -- LinklisteMultiple PHP remote file inclusion vulnerabilities in index.php in Linkliste 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) styl[top], (2) url_eintrag, or (3) styl[themen] parameter.
unknown
2007-08-22
7.5CVE-2007-4486
BUGTRAQ
OTHER-REF
OTHER-REF
MamboServer -- Mambo
Mambo -- RemoSitory
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
unknown
2007-08-23
7.5CVE-2007-4505
MILW0RM
Mercury -- Mail Transport SystemStack-based buffer overflow in the SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.
unknown
2007-08-20
7.5CVE-2007-4440
FULLDISC
MILW0RM
BID
FRSIRT
SECUNIA
My_REFERER -- My_REFERERPHP remote file inclusion vulnerability in login.php in My_REFERER 1.08 allows remote attackers to execute arbitrary PHP code via a URL in the value parameter.
unknown
2007-08-22
7.5CVE-2007-4484
BUGTRAQ
OTHER-REF
OTHER-REF
Olate -- OlateDownloadAdmin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose an authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.
unknown
2007-08-18
9.3CVE-2007-4419
BUGTRAQ
OTHER-REF
BID
Olate -- OlateDownloadSQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.
unknown
2007-08-18
9.3CVE-2007-4421
BUGTRAQ
OTHER-REF
Palm -- Palm OSPalm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote attackers to cause a denial of service (device reset or hang) via a flood of large ICMP echo requests. NOTE: this is probably a different vulnerability than CVE-2003-0293.
unknown
2007-08-21
7.1CVE-2007-4213
BUGTRAQ
OTHER-REF
BID
Parkview Consultants -- SimpleFAQ
Mambo -- Mambo
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter.
unknown
2007-08-21
7.5CVE-2007-4456
BUGTRAQ
MILW0RM
BID
rFactor -- rFactorMultiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID (1) 0x80 or (2) 0x88 to UDP port 34297, related to the buffer containing the server version number.
unknown
2007-08-20
7.5CVE-2007-4444
BUGTRAQ
OTHER-REF
BID
SECUNIA
rFactor -- rFactorImage Space rFactor 1.250 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) an ID 0x30 packet, (2) an ID 0x38 packet, and an invalid 13-bit integer in (3) an ID 0x60 packet and (4) an ID 0x68 packet; and a denial of service (UDP port block) via (5) an ID 0x20 packet and (6) an ID 0x28 packet.
unknown
2007-08-20
7.5CVE-2007-4445
BUGTRAQ
OTHER-REF
BID
SECUNIA
Sun -- JDK
Sun -- JRE
Sun -- SDK
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
unknown
2007-08-17
9.3CVE-2007-4381
SUNALERT
Symantec -- Enterprise FirewallThe login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
unknown
2007-08-18
9.3CVE-2007-4422
OTHER-REF
BID
Toribash -- ToribashFormat string vulnerability in the server in Toribash 2.71 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the NICK command (client nickname) when entering a game.
unknown
2007-08-20
7.5CVE-2007-4446
BUGTRAQ
OTHER-REF
BID
SECUNIA
Toribash -- ToribashMultiple buffer overflows in the client in Toribash 2.71 and earlier allow remote attackers to (1) execute arbitrary code via a long game command in a replay (.rpl) file and (2) cause a denial of service (application crash) via a long SAY command that omits a required LF character; and allow remote Toribash servers to execute arbitrary code via (3) a long game command and (4) a long SAY command that omits a required LF character.
unknown
2007-08-20
7.5CVE-2007-4447
BUGTRAQ
OTHER-REF
BID
SECUNIA
TorrentTrader -- TorrentTraderMultiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
unknown
2007-08-20
7.5CVE-2007-4435
OTHER-REF
SECUNIA
Trend Micro -- ServerProtectMultiple buffer overflows in the ServerProtect service (SpntSvc.exe) in Trend Micro ServerProtect for Windows before Security Patch 4 allow remote attackers to execute arbitrary code via certain RPC requests to certain TCP ports that are processed by the (1) RPCFN_ENG_NewManualScan, (2) RPCFN_ENG_TimedNewManualScan, and (3) RPCFN_SetComputerName functions in (a) StRpcSrv.dll; the (4) RPCFN_CMON_SetSvcImpersonateUser and (5) RPCFN_OldCMON_SetSvcImpersonateUser functions in (b) Stcommon.dll; the (6) RPCFN_ENG_TakeActionOnAFile and (7) RPCFN_ENG_AddTaskExportLogItem functions in (c) Eng50.dll; the (8) NTF_SetPagerNotifyConfig function in (d) Notification.dll; or the (9) RPCFN_CopyAUSrc function in the (e) ServerProtect Agent service.
unknown
2007-08-22
9.3CVE-2007-4218
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Trend Micro -- ServerProtectInteger overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as used by the ServerProtect service (SpntSvc.exe), in Trend Micro ServerProtect for Windows before Security Patch 4 allows remote attackers to execute arbitrary code via a certain integer field in a request packet to TCP port 5168, which triggers a heap-based buffer overflow.
unknown
2007-08-22
9.3CVE-2007-4219
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Trend Micro -- ServerProtectMultiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGISTER_INFO.
unknown
2007-08-22
10.0CVE-2007-4490
OTHER-REF
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
ALeadSoft.com -- Search Engine Builder ProfessionalCross-site scripting (XSS) vulnerability in search.html in Search Engine Builder allows remote attackers to inject arbitrary web script or HTML via the searWords parameter.
unknown
2007-08-22
4.3CVE-2007-4479
BUGTRAQ
OTHER-REF
OTHER-REF
American Financing -- eMail Image UploadUnrestricted file upload vulnerability in output.php in American Financing eMail Image Upload 4.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-23
6.8CVE-2007-4499
BID
Ampache -- AmpacheSQL injection vulnerability in albums.php in Ampache before 3.3.3.5 allows remote attackers to execute arbitrary SQL commands via the match parameter. NOTE: some details are obtained from third party information.
unknown
2007-08-20
6.8CVE-2007-4437
OTHER-REF
SECUNIA
Ampache -- AmpacheSession fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.
unknown
2007-08-20
6.8CVE-2007-4438
OTHER-REF
SECUNIA
Apache -- Apache HTTP ServerThe date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
unknown
2007-08-23
5.0CVE-2007-3847
MLIST
MLIST
MLIST
Apple -- SafariApple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
unknown
2007-08-18
4.3CVE-2007-4424
BUGTRAQ
BUGTRAQ
SECTRACK
Apple -- SafariCross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
unknown
2007-08-20
6.8CVE-2007-4431
OTHER-REF
OTHER-REF
OTHER-REF
BID
Aspindir -- Text File SearchCross-site scripting (XSS) vulnerability in textfilesearch.aspx in the Text File Search ASP.NET edition allows remote attackers to inject arbitrary web script or HTML via the search field.
unknown
2007-08-20
4.3CVE-2007-4433
OTHER-REF
BID
Aspindir -- Text File SearchCross-site scripting (XSS) vulnerability in textfilesearch.asp in the Text File Search ASP (Classic) edition allows remote attackers to inject arbitrary web script or HTML via the query parameter.
unknown
2007-08-20
4.3CVE-2007-4434
OTHER-REF
BID
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.
unknown
2007-08-21
5.0CVE-2007-4455
FULLDISC
OTHER-REF
Butterfly -- ButterflyPHP remote file inclusion vulnerability in visitor.php in Butterfly online visitors counter 1.08, when used with certain older versions of PHP with improper SERVER superglobal handling, allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Butterfly online visitors counter.
unknown
2007-08-22
6.8CVE-2007-4485
BUGTRAQ
OTHER-REF
OTHER-REF
Cisco -- CLI
Cisco -- IOS
Cisco -- CBOS
Cisco -- IDS
Cisco -- IOS_XR
Unspecified vulnerability in Cisco IOS allows context-dependent attackers to cause a denial of service (device restart and BGP routing table rebuild) via certain regular expressions in a "show ip bgp regexp" command. NOTE: unauthenticated remote attacks are possible in environments with anonymous telnet and Looking Glass access.
unknown
2007-08-20
5.0CVE-2007-4430
OTHER-REF
BID
Drupal -- Project Issue Tracking Module
Drupal -- Project
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 does not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
unknown
2007-08-20
5.0CVE-2007-4436
OTHER-REF
SECUNIA
dscripting.com -- D22-ShoutboxCross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision Power Board (IPB or IP.Board) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-08-22
4.3CVE-2007-4487
BUGTRAQ
OTHER-REF
eCentrex -- VOIP Client moduleBuffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.
unknown
2007-08-22
6.8CVE-2007-4489
MILW0RM
BID
XF
EDraw -- Office Viewer ComponentAbsolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
unknown
2007-08-18
6.8CVE-2007-4420
MILW0RM
BID
XF
Epic Games -- Unreal EngineStack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service (application crash) via a request for a long .gif filename in the images/ directory, related to conversion from Unicode to ASCII.
unknown
2007-08-20
5.0CVE-2007-4442
BUGTRAQ
SECUNIA
Epic Games -- Unreal EngineThe UCC dedicated server for the Unreal engine, possibly 2003 and 2004, on Windows allows remote attackers to cause a denial of service (continuous beep and server slowdown) via a string containing many 0x07 characters in (1) a request to the images/ directory, (2) the Content-Type field, (3) a HEAD request, and possibly other unspecified vectors.
unknown
2007-08-20
5.0CVE-2007-4443
BUGTRAQ
SECUNIA
eZ Systems -- eZ publishThe tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
unknown
2007-08-22
5.0CVE-2007-4494
OTHER-REF
OTHER-REF
OTHER-REF
Florian Mahieu -- Dalai ForumDirectory traversal vulnerability in forumreply.php in Dalai Forum 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the chemin parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-21
6.4CVE-2007-4457
BID
Ghisler -- Total Commander
Fransois Gannier -- FileInfo plugin
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
unknown
2007-08-21
5.0CVE-2007-4463
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Ghisler -- Total Commander
Fransois Gannier -- FileInfo plugin
CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CLRF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which would complicate forensics investigations.
unknown
2007-08-21
4.3CVE-2007-4464
BUGTRAQ
OTHER-REF
OTHER-REF
IBM -- DB2 Universal DatabaseIBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.
unknown
2007-08-18
6.0CVE-2007-4417
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
SECUNIA
IBM -- DB2 Universal DatabaseIBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.
unknown
2007-08-18
5.5CVE-2007-4418
OTHER-REF
AIXAPAR
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service.
unknown
2007-08-18
5.0CVE-2007-4423
OTHER-REF
AIXAPAR
SECUNIA
Jelsoft -- vBulletin** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calendar.php, (e) search.php, (f) forumdisplay.php, (g) showgroups.php, (h) online.php, and (i) sendmessage.php. NOTE: these issues have been disputed by the vendor, stating "I can't reproduce a single one of these". The researcher is known to be unreliable.
unknown
2007-08-21
4.3CVE-2007-4453
BUGTRAQ
BUGTRAQ
Joomla -- RSfilesDirectory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
unknown
2007-08-23
5.0CVE-2007-4504
MILW0RM
Kolab -- Kolab Server
Clam Anti-Virus -- ClamAV
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
unknown
2007-08-23
4.3CVE-2007-4510
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
XF
XF
Lhaz -- LhazLhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116.
unknown
2007-08-20
6.8CVE-2007-4428
OTHER-REF
OTHER-REF
BID
Live for Speed -- Live for SpeedMultiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track.
unknown
2007-08-20
6.0CVE-2007-4425
BUGTRAQ
FULLDISC
XF
Live for Speed -- Live for SpeedLive for Speed (LFS) S1 and S2 allows remote attackers to cause a denial of service (server crash) via (1) a certain 0x00 byte in a pre-login ID 3 packet, which triggers a NULL dereference; or (2) a pre-login ID 5 packet that lacks certain strings, which triggers an invalid pointer dereference.
unknown
2007-08-20
5.0CVE-2007-4426
BUGTRAQ
FULLDISC
XF
XF
Microsoft -- Internet ExplorerCross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6.0 allows user-assisted remote attackers to inject arbitrary web script or HTML in the local zone via a URI, when the document at the associated URL is saved to a local file, which then contains the URI string along with the document's original content.
unknown
2007-08-22
4.3CVE-2007-4478
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
NuFW -- NuFWNuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain "out of period" choices of packet transmission time.
unknown
2007-08-21
4.3CVE-2007-4461
OTHER-REF
SECUNIA
Olate -- OlateDownloadEval injection vulnerability in environment.php in Olate Download (od) 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the (1) PDO::ATTR_SERVER_VERSION or (2) PDO::ATTR_CLIENT_VERSION attribute.
unknown
2007-08-21
6.8CVE-2007-4454
BUGTRAQ
OTHER-REF
BID
XF
PHP -- PHPBuffer overflow in php_win32std.dll in the win32std extension for PHP 5.2.0 and earlier allows context-dependent attackers to execute arbitrary code via a long string in the filename argument to the win_browse_file function.
unknown
2007-08-20
4.6CVE-2007-4441
MILW0RM
PHP -- PHPMultiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.
unknown
2007-08-23
6.8CVE-2007-4507
MILW0RM
Planet Technology Corp -- VC-200M VDSL2The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header.
unknown
2007-08-22
5.0CVE-2007-4477
BUGTRAQ
OTHER-REF
OTHER-REF
Rival Interactive -- Prism
Rebellion -- Rogue Trooper
Stack-based buffer overflow in Rebellion Asura engine, as used for the server in Rogue Trooper 1.0 and earlier and Prism 1.1.1.0 and earlier, allows remote attackers to execute arbitrary code via a long string in a 0xf007 packet for the challenge B query.
unknown
2007-08-23
6.8CVE-2007-4508
BUGTRAQ
BID
Siemens -- Gigaset SE361 WLAN routerMultiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page.
unknown
2007-08-22
4.3CVE-2007-4488
BUGTRAQ
Skype Technologies -- SkypeUnspecified vulnerability in Skype allows remote attackers to cause a denial of service (server hang) via unknown vectors related to sending long URIs, as claimed to be actively exploited on 20070817 using a "call to a specific number." NOTE: this identifier is for the en.securitylab.ru disclosure. According to the vendor, this issue is separate from the "sign-on issues" that reduced Skype service on 20070817, which appears to be a site-specific problem that did not occur because of any attack. As of 20070820, it is not clear whether this issue is simply a symptom of the larger sign-on problem.
unknown
2007-08-20
5.0CVE-2007-4429
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SSHKeychain -- SSHKeychainUnspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 beta, and possibly later versions, allows local users to gain privileges via unspecified vectors.
unknown
2007-08-23
6.9CVE-2007-4500
MLIST
MLIST
MLIST
BID
Sun -- Java System Application ServerThe Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy.
unknown
2007-08-23
5.0CVE-2007-4511
BUGTRAQ
BID
XF
SuSE -- SuSE Linux Enterprise Desktop
SuSE -- SuSE Linux
Untrusted search path vulnerability in the wrapper scripts for the (1) rug, (2) zen-updater, (3) zen-installer, and (4) zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified (a) LD_LIBRARY_PATH and (b) MONO_GAC_PREFIX environment variables.
unknown
2007-08-20
4.6CVE-2007-4432
SUSE
Toribash -- ToribashThe server in Toribash 2.71 and earlier does not properly handle partially joined clients that are temporarily assigned the ID of -1, which allows remote attackers to cause a denial of service (daemon crash) via a GRIP command with the ID of -1.
unknown
2007-08-20
5.0CVE-2007-4448
BUGTRAQ
OTHER-REF
BID
SECUNIA
Toribash -- ToribashThe client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (application hang) via a command without an LF character, as demonstrated by a SAY command.
unknown
2007-08-20
5.0CVE-2007-4449
BUGTRAQ
OTHER-REF
BID
SECUNIA
Toribash -- ToribashThe server in Toribash 2.71 and earlier does not properly handle long commands, which allows remote attackers to trigger a protocol violation in which data is sent to other clients without a required LF character, as demonstrated by a SAY command. NOTE: the security impact of this violation is not clear, although it probably makes exploitation of CVE-2007-???? easier.
unknown
2007-08-20
5.0CVE-2007-4450
BUGTRAQ
OTHER-REF
BID
SECUNIA
Toribash -- ToribashThe server in Toribash 2.71 and earlier on Windows allows remote attackers to cause a denial of service (continuous beep and server hang) via certain commands that contain many 0x07 or other invalid characters.
unknown
2007-08-20
5.0CVE-2007-4451
BUGTRAQ
OTHER-REF
BID
SECUNIA
Toribash -- ToribashThe client in Toribash 2.71 and earlier allows remote attackers to cause a denial of service (disconnection) via a long (1) emote or (2) SPEC command.
unknown
2007-08-20
5.0CVE-2007-4452
BUGTRAQ
OTHER-REF
BID
SECUNIA
Trend Micro -- AntiSpyware
Trend Micro -- PC-Cillin Internet Security 2007
Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI Engine 5.0.0.1066 through 5.2.0.1012 in Trend Micro AntiSpyware 3.5 and PC-Cillin Internet Security 2007 15.0 through 15.3, when the Venus Spy Trap (VST) feature is enabled, allows local users to cause a denial of service (service crash) or execute arbitrary code via a file with a long pathname, which triggers the overflow during a ReadDirectoryChangesW callback notification.
unknown
2007-08-22
6.9CVE-2007-3873
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
WordPress -- SiriusCross-site scripting (XSS) vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-08-22
4.3CVE-2007-4480
BUGTRAQ
OTHER-REF
OTHER-REF
WordPress -- BlixCross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-08-22
4.3CVE-2007-4481
BUGTRAQ
OTHER-REF
OTHER-REF
WordPress -- PoolCross-site scripting (XSS) vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-08-22
4.3CVE-2007-4482
BUGTRAQ
OTHER-REF
OTHER-REF
WordPress -- WordPressClassicCross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-08-22
4.3CVE-2007-4483
BUGTRAQ
OTHER-REF
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
InterSystems -- Cache DatabaseMultiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.
unknown
2007-08-20
3.5CVE-2007-0437
OTHER-REF
OTHER-REF
OTHER-REF
InterSystems -- Cache DatabaseUnspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.
unknown
2007-08-20
3.5CVE-2007-4427
MLIST
po4a -- po4alib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.
unknown
2007-08-21
3.3CVE-2007-4462
OTHER-REF
OTHER-REF
SSHKeychain -- SSHKeychainUnspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection."
unknown
2007-08-23
1.9CVE-2007-4501
MLIST
MLIST
MLIST
BID
Sun -- SolarisMultiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.
unknown
2007-08-22
2.1CVE-2007-4492
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- SolarisUnspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
unknown
2007-08-22
2.1CVE-2007-4495
SUNALERT
BID
FRSIRT
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.