Vulnerability Summary for the Week of October 8, 2007

Released
Oct 15, 2007
Document ID
SB07-288

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- PagemakerStack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and 7.0.2 on Windows allows user-assisted remote attackers to execute arbitrary code via a long font name in a .PMD file.
unknown
2007-10-11
9.3CVE-2007-5169
OTHER-REF
OTHER-REF
BID
SECTRACK
AfterLogic -- MailBee WebMailMultiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
unknown
2007-10-09
7.5CVE-2007-5290
BUGTRAQ
BID
Alcatel -- SpeedTouch 7G router
BT -- Home Hub
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allows remote attackers on an intranet to bypass authentication and gain administrative access via unspecified vectors, probably involving an HTTP session on port 80. NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.
unknown
2007-10-11
9.3CVE-2007-5383
BUGTRAQ
OTHER-REF
OTHER-REF
BID
AppFuse -- AppFuseMultiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.
unknown
2007-10-08
7.5CVE-2007-5280
OTHER-REF
OTHER-REF
BID
SECUNIA
AppFuse -- AppFuseMultiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.
unknown
2007-10-08
7.5CVE-2007-5285
OTHER-REF
OTHER-REF
BID
SECUNIA
Battlefront -- DropteamMultiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet.
unknown
2007-10-08
7.5CVE-2007-5262
BUGTRAQ
OTHER-REF
BID
SECUNIA
Battlefront -- DropteamMultiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via (1) a crafted "0x5c" packet or (2) many 32-bit numbers in a "0x18" packet, or cause a denial of service (crash) via (3) a large "0x4b" packet.
unknown
2007-10-08
7.5CVE-2007-5263
BUGTRAQ
OTHER-REF
BID
SECUNIA
bendiken -- Boost module for DrupalUnspecified vulnerability in the Boost module before 4.7.x-1.0, and 5.x before 5.x-1.0, for Drupal allows remote attackers to create or overwrite arbitrary files, and conduct cross-site scripting attacks (XSS) via unspecified vectors.
unknown
2007-10-08
7.5CVE-2007-5270
OTHER-REF
XF
Cisco -- IOSStack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco IOS before 12.2(18)SXF11, 12.4(16a), and 12.4(2)T6 allow remote attackers to execute arbitrary code by setting a long hostname on the target system, then causing an error message to be printed, as demonstrated by a telnet session to the LPD from a source port other than 515.
unknown
2007-10-11
7.6CVE-2007-5381
OTHER-REF
CISCO
BID
FRSIRT
SECUNIA
XF
Cisco -- Wireless LAN Solution Engine
Cisco -- Wireless Control System
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges.
unknown
2007-10-11
10.0CVE-2007-5382
CISCO
BID
FRSIRT
ConeXware -- PowerArchiverHeap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.
unknown
2007-10-08
7.6CVE-2007-5279
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ConeXware -- PowerArchiverHeap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.
unknown
2007-10-08
7.6CVE-2007-5284
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Daniel Broadbent -- DB ManagerCross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-10-09
7.5CVE-2007-5291
OTHER-REF
dawnoftime -- Dawn of TimeMultiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.
unknown
2007-10-08
7.5CVE-2007-5265
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
EMC -- ReplistorThe RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call.
unknown
2007-10-10
10.0CVE-2007-5323
OTHER-REF
Firebird Project -- FirebirdStack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
unknown
2007-10-10
10.0CVE-2007-4992
OTHER-REF
Furkan Tastan Blog -- Furkan Tastan BlogSQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.
unknown
2007-10-08
7.5CVE-2007-5272
MILW0RM
HP -- HP-UXMultiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH fcor Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-10-09
7.5CVE-2007-5302
HP
HP
FRSIRT
SECUNIA
HP -- Select IdentityUnspecified vulnerability in HP Select Identity 4.01 through 4.01.010 and 4.10 through 4.13.001 allows remote attackers to obtain unspecified access via unknown vectors.
unknown
2007-10-12
10.0CVE-2007-5391
HP
BID
IDMOS -- IDMOSMultiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.
unknown
2007-10-09
7.5CVE-2007-5293
BUGTRAQ
MILW0RM
BID
IDMOS -- IDMOSPHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter.
unknown
2007-10-09
7.5CVE-2007-5294
BUGTRAQ
MILW0RM
LedgerSMB -- LedgerSMB
DWS Systems Inc. -- SQL-Ledger
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
unknown
2007-10-11
10.0CVE-2007-5372
BUGTRAQ
Livio Siri -- dbListMultiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-10-09
7.5CVE-2007-5296
OTHER-REF
SECUNIA
Microsoft -- windowsUnspecified vulnerability in the remote procedure call (RPC) component in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via a crafted RPC NTLMSSP authentication request. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
unknown
2007-10-09
7.8CVE-2007-2228
MS
Microsoft -- ieMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
unknown
2007-10-09
7.5CVE-2007-3892
MS
Microsoft -- ieThe URL handling in Windows XP and Windows Server 2003, with Windows Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe, Skype, and other applications. NOTE: this issue might be related to other involving URL handlers in Windows systems, such as CVE-2007-3845.
unknown
2007-10-10
9.3CVE-2007-3896
OTHER-REF
OTHER-REF
OTHER-REF
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
MSKB
CERT-VN
SECUNIA
Microsoft -- Office
Microsoft -- Word
Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
unknown
2007-10-09
9.3CVE-2007-3899
MS
Microsoft -- Visual Fox ProThe FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
unknown
2007-10-09
7.5CVE-2007-5322
OTHER-REF
BID
Minki -- MinkiCross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2007-10-09
7.5CVE-2007-5297
OTHER-REF
OpenBSD -- OpenBSDStack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
unknown
2007-10-11
10.0CVE-2007-5365
OTHER-REF
OPENBSD
OPENBSD
OPENBSD
BID
SECUNIA
Script-solution.de -- PicturesolutionPHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-10-09
7.5CVE-2007-5313
MILW0RM
BID
XF
SnewsCMS -- SnewsCMS RusCross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
unknown
2007-10-09
7.5CVE-2007-5303
BUGTRAQ
splitside -- Directory Image GalleryCross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.
unknown
2007-10-09
7.5CVE-2007-5292
OTHER-REF
TorrentTrader -- TorrentTraderDirectory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter.
unknown
2007-10-09
7.5CVE-2007-5311
BUGTRAQ
MILW0RM
SECUNIA
XF
ViArt -- Shopping Cart** DISPUTED ** Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerprint function. NOTE: this issue is disputed by CVE because PHP encounters a fatal function-call error on a direct request for payments/ideal_process.php.
unknown
2007-10-10
10.0CVE-2007-5364
BUGTRAQ
WikePage -- OpusMultiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.
unknown
2007-10-09
7.5CVE-2007-5295
OTHER-REF
Yannick Tanguy -- Else If CMSMultiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduvote parameter to utilisateurs/votesresultats.php, and the (3) elseifforumtxtmenugeneraleduforum parameter to moduleajouter/depot/adminforum.php.
unknown
2007-10-09
7.5CVE-2007-5304
BUGTRAQ
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Macromedia Shockwave PlayerThe Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a victim machine to establish TCP sessions with arbitrary hosts via a Flash (SWF) movie, related to lack of pinning of a hostname to a single IP address after receiving an allow-access-from element in a cross-domain-policy XML document, and the availability of a Flash Socket class that does not use the browser's DNS pins, aka DNS rebinding attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.
unknown
2007-10-08
5.0CVE-2007-5275
OTHER-REF
ag-solutions -- MOSMedia LiteMultiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
unknown
2007-10-10
6.8CVE-2007-5362
BID
Alcatel -- SpeedTouch 7G router
BT -- Home Hub
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
unknown
2007-10-11
4.3CVE-2007-5384
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Alcatel -- SpeedTouch 7G router
BT -- Home Hub
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-10-11
4.3CVE-2007-5385
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Alsaplayer -- AlsaplayerBuffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.
unknown
2007-10-09
6.8CVE-2007-5301
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Battlefront -- DropteamBattlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
unknown
2007-10-08
5.0CVE-2007-5264
BUGTRAQ
OTHER-REF
BID
SECUNIA
Creamotion -- CreamotionMultiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
unknown
2007-10-09
6.4CVE-2007-5298
BUGTRAQ
MILW0RM
Electronic Arts -- SnoopyCtrlMultiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.
unknown
2007-10-09
6.8CVE-2007-4466
CERT-VN
BID
FRSIRT
SECUNIA
Fujitsu -- Interstage Apworks
Fujitsu -- Interstage Studio
Fujitsu -- Interstage Application Server
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.
unknown
2007-10-11
5.0CVE-2007-5366
OTHER-REF
BID
SECUNIA
GNU -- TRAMPThe (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
unknown
2007-10-11
6.9CVE-2007-5377
OTHER-REF
MLIST
MLIST
Hitachi -- uCosminexus Service Architect
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Client
Hitachi -- uCosminexus Developer Standard
Hitachi -- uCosminexus Developer Professional
Hitachi -- uCosminexus Operator
Hitachi -- uCosminexus Service Platform
The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698.
unknown
2007-10-08
5.0CVE-2007-5281
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- Cosminexus Library Standard
Hitachi -- Cosminexus Agent
Hitachi -- Cosminexus Library Web
Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.
unknown
2007-10-08
4.3CVE-2007-5282
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- TPBroker Object Transaction MonitorThe TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.
unknown
2007-10-08
5.0CVE-2007-5283
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- uCosminexus Service Architect
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Client
Hitachi -- uCosminexus Developer Standard
Hitachi -- uCosminexus Developer Professional
Hitachi -- uCosminexus Operator
Hitachi -- uCosminexus Service Platform
The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698.
unknown
2007-10-08
5.0CVE-2007-5286
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- Cosminexus Library Standard
Hitachi -- Cosminexus Agent
Hitachi -- Cosminexus Library Web
Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.
unknown
2007-10-08
5.0CVE-2007-5287
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- TPBroker Object Transaction MonitorThe TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor and Cosminexus TPBroker Object Transaction Monitor 01-00 through 03-00 might allow attackers to cause a denial of service (crash) via invalid messages.
unknown
2007-10-08
5.0CVE-2007-5288
OTHER-REF
FRSIRT
SECUNIA
Joomla -- Joomla
webmaster-tips.net -- Flash Image Gallery
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
unknown
2007-10-09
6.8CVE-2007-5309
MILW0RM
VIM
VIM
BID
Joomla -- Joomla
webmaster-tips.net -- Flash Image Gallery
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-10-09
6.8CVE-2007-5310
MILW0RM
BID
XF
Kodak -- Image ViewerUnspecified vulnerability in Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption.
unknown
2007-10-09
6.8CVE-2007-2217
MS
libpng -- libpngOff-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated.
unknown
2007-10-08
4.3CVE-2007-5266
MLIST
MLIST
libpng -- libpngOff-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
unknown
2007-10-08
4.3CVE-2007-5267
MLIST
MLIST
FRSIRT
SECUNIA
libpng -- libpngpngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
unknown
2007-10-08
4.3CVE-2007-5268
MLIST
MLIST
MLIST
FRSIRT
SECUNIA
libpng -- libpngCertain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations.
unknown
2007-10-08
5.0CVE-2007-5269
MLIST
FRSIRT
SECUNIA
LightBlog -- LightBlogcp_memberedit.php in LightBlog 8.4.1.1 does not check for administrative credentials when processing an admin action, which allows remote authenticated users to increase the privileges of any account.
unknown
2007-10-11
6.5CVE-2007-5374
MILW0RM
Massive Entertainment -- World in ConflictThe GetMagicNumberString function in Massive Entertainment World in Conflict 1.000 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a string to the VoIP port (52999/tcp) with an invalid value in the third byte.
unknown
2007-10-11
5.0CVE-2007-5369
BUGTRAQ
OTHER-REF
BID
Microsoft -- ieUnspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
unknown
2007-10-09
6.8CVE-2007-3893
MS
Microsoft -- Outlook Express
Microsoft -- Windows Mail
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista allows remote attackers to execute arbitrary code via malformed Network News Transfer Protocol (NNTP) responses that trigger memory corruption.
unknown
2007-10-09
6.8CVE-2007-3897
MS
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.
unknown
2007-10-08
4.3CVE-2007-5277
OTHER-REF
MODxCMS -- MODxCMSMultiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter.
unknown
2007-10-11
6.8CVE-2007-5371
BUGTRAQ
NetWin -- DNewsWebMultiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.
unknown
2007-10-11
4.3CVE-2007-5370
BUGTRAQ
Opera Software -- Opera Web BrowserOpera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
unknown
2007-10-08
4.3CVE-2007-5276
OTHER-REF
Pegasus Imaging -- ImagXpressMultiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
unknown
2007-10-09
4.0CVE-2007-5320
OTHER-REF
OTHER-REF
BID
BID
FRSIRT
SECUNIA
PHP Homepage M -- PHP Homepage MSQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
unknown
2007-10-09
6.8CVE-2007-5308
MILW0RM
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: some of these details are obtained from third party information.
unknown
2007-10-12
4.3CVE-2007-5386
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PicoFlat CMS -- PicoFlat CMSPHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
unknown
2007-10-12
6.8CVE-2007-5390
MILW0RM
Pindorama -- PindoramaPHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter.
unknown
2007-10-12
6.8CVE-2007-5387
MILW0RM
SkaDate -- SkaDate Online Dating SoftwareMultiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, and possibly later versions such as 6.482, allow remote attackers to read arbitrary files via a .. (dot dot) in the view_mode parameter to (1) featured_list.php and (2) online_list.php in member/.
unknown
2007-10-09
5.0CVE-2007-5299
MILW0RM
SECUNIA
softbizscripts -- Softbiz Jobs and Recruitment ScriptSQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
unknown
2007-10-09
5.0CVE-2007-5316
MILW0RM
SECUNIA
Softpedia -- LiveAlbumPHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
unknown
2007-10-09
6.8CVE-2007-5315
MILW0RM
SECUNIA
splitside -- Directory Image GalleryCross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.
unknown
2007-10-09
4.3CVE-2007-5317
OTHER-REF
XF
Sun -- JRE
Sun -- SDK
Sun -- JDK
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.
unknown
2007-10-05
4.0CVE-2007-5232
OTHER-REF
OTHER-REF
SUNALERT
SECTRACK
Sun -- JRE
Sun -- SDK
Sun -- JDK
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232, but affects different product versions.
unknown
2007-10-08
4.0CVE-2007-5273
FULLDISC
OTHER-REF
SUNALERT
SECTRACK
Sun -- JRE
Sun -- SDK
Mozilla -- Firefox
Opera Software -- Opera Web Browser
Sun -- JDK
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232, but affects different product versions.
unknown
2007-10-08
4.0CVE-2007-5274
OTHER-REF
SUNALERT
SECTRACK
Sun -- SolarisUnspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.
unknown
2007-10-11
4.9CVE-2007-5367
SUNALERT
Sun -- SolarisMultiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.
unknown
2007-10-11
4.9CVE-2007-5368
SUNALERT
swmenupro -- swMenuFree
Joomla -- Joomla
** DISPUTED ** PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests.
unknown
2007-10-12
6.8CVE-2007-5389
BUGTRAQ
Tcl_Tk -- tk toolkitBuffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
unknown
2007-10-11
4.3CVE-2007-5378
OTHER-REF
TorrentTrader -- TorrentTraderCross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php.
unknown
2007-10-09
4.3CVE-2007-5312
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
Trionic -- Cite CMSMultiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php.
unknown
2007-10-08
6.8CVE-2007-5271
MILW0RM
TYPOlight -- TYPOlight webCMSUnspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 allows remote attackers to download arbitrary files via the src parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-09
5.0CVE-2007-5318
SECUNIA
Verlihub-Project -- Verlihub Control PanelDirectory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
unknown
2007-10-09
6.8CVE-2007-5321
MILW0RM
BID
SECUNIA
XF
WebDesktop -- WebDesktopMultiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
unknown
2007-10-12
6.8CVE-2007-5388
MILW0RM
webmaster-tips -- Panoramic Picture ViewerPHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-10-10
6.8CVE-2007-5363
BID
FRSIRT
XF
Wesnoth -- WesnothUnspecified vulnerability in the multiplayer engine in Wesnoth before 1.2.7 allows remote servers to cause a denial of service (client application crash) via invalid UTF-8 strings. NOTE: some of these details are obtained from third-party information.
unknown
2007-10-11
5.0CVE-2007-3917
OTHER-REF
SECUNIA
wzdftpd -- wzdftpdOff-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
unknown
2007-10-09
5.0CVE-2007-5300
MILW0RM
FRSIRT
SECUNIA
xKiosk -- xKiosk WEBPHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
unknown
2007-10-09
6.8CVE-2007-5314
MILW0RM
SECUNIA
Yannick Tanguy -- Else If CMSMultiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) contenus parameter to (a) contenus.php; the (2) tpelseifportalrepertoire parameter to (b) votes.php, (c) espaceperso.php, (d) enregistrement.php, (e) commentaire.php, and (f) coeurusr.php in utilisateurs/, and (g) articles/fonctions.php and (h) depot/fonctions.php in moduleajouter/; the (3) corpsdesign parameter to (i) articles/usrarticles.php and (j) depot/usrdepot.php in moduleajouter/; and possibly other files.
unknown
2007-10-09
6.4CVE-2007-5305
BUGTRAQ
BID
Yannick Tanguy -- Else If CMSELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive information (full path) via unspecified vectors to utilisateurs/votesresultats.php.
unknown
2007-10-09
5.0CVE-2007-5306
BUGTRAQ
BID
Yannick Tanguy -- Else If CMSELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.
unknown
2007-10-09
6.4CVE-2007-5307
BUGTRAQ
BID
Zomplog -- ZomplogZomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a direct request to /upload and then retrieving individual files. NOTE: in a non-default configuration, the directory listing is denied, but filenames may be predicable.
unknown
2007-10-08
4.3CVE-2007-5278
MILW0RM
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
ldapscripts -- ldapscriptsldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.
unknown
2007-10-11
2.1CVE-2007-5373
OTHER-REF
SECUNIA
Sun -- SolarisUnspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
unknown
2007-10-09
3.5CVE-2007-5319
SUNALERT
FRSIRT
SECTRACK
SECUNIA
Sun -- Java Virtual MachineInterpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM.
unknown
2007-10-11
2.6CVE-2007-5375
OTHER-REF

Back to top
=

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.