Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-064 archive

Vulnerability Summary for the Week of February 26, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ActiveCalendar -- ActiveCalendar
Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.
unknown
2007-02-26
7.0CVE-2007-1111
BUGTRAQ
BID
Arkoon -- FAST360
Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."
unknown
2007-02-23
7.0CVE-2006-7053
OTHER-REF
FRSIRT
SECUNIA
XF
Clan Manager Pro -- Clan Manager Pro
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-23
8.0CVE-2006-7046
OSVDB
SECUNIA
Claroline -- Claroline
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.
unknown
2007-02-23
7.0CVE-2006-7048
FULLDISC
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
OSVDB
CMPro Team -- Clan Manager Pro
PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
unknown
2007-02-23
7.0CVE-2006-7044
OTHER-REF
FRSIRT
OSVDB
XF
CMPro Team -- Clan Manager Pro
PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2007-02-23
7.0CVE-2006-7045
FRSIRT
OSVDB
Coppermine -- Photo Gallery
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.
unknown
2007-02-26
7.0CVE-2007-1107
BUGTRAQ
MILW0RM
EMC -- NetWorker
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
unknown
2007-03-02
10.0CVE-2006-3892
OTHER-REF
OTHER-REF
CERT-VN
Hitachi -- JP1-Cm2-Network Node Manager Starter 250
Hitachi -- Cm2-Network Node Manager
Hitachi -- JP1-Cm2-Network Node Manager 250
Hitachi -- JP1-Cm2-Network Node Manager
Hitachi -- JP1-Cm2-Network Node Manager Starter
Hitachi -- Cm2-Network Node Manager 250
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
unknown
2007-02-26
10.0CVE-2007-1093
OTHER-REF
SECUNIA
Invision Power Services -- Invision Power Board
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
unknown
2007-02-23
10.0CVE-2006-7064
BUGTRAQ
BID
XF
Keith Reichley -- dotWidget for Articles
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
unknown
2007-02-23
10.0CVE-2006-7052
BUGTRAQ
BID
XF
Matt Johnston -- Dropbear SSH Server
dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.
unknown
2007-02-26
7.0CVE-2007-1099
OTHER-REF
Microsoft -- Publisher
Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
unknown
2007-02-26
10.0CVE-2007-1117
OTHER-REF
OTHER-REF
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
unknown
2007-02-26
10.0CVE-2007-0008
OTHER-REF
IDEFENSE
OTHER-REF
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
unknown
2007-02-26
10.0CVE-2007-0009
OTHER-REF
IDEFENSE
OTHER-REF
Mozilla -- Firefox
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
unknown
2007-02-26
7.0CVE-2007-0776
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
unknown
2007-02-26
10.0CVE-2007-0777
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.
unknown
2007-02-26
10.0CVE-2007-1092
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
MTCMS -- MTCMS
Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload files via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
7.0CVE-2007-1129
BID
Scripter.ch -- Sinapis Forum
PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1131
MILW0RM
BID
Scripter.ch -- FCRing
PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1133
MILW0RM
BID
Scriptsez.net -- E-Dating System
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
unknown
2007-02-23
10.0CVE-2006-7061
BUGTRAQ
SECUNIA
Sinapis -- Gastebuch
PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.
unknown
2007-02-26
7.0CVE-2007-1130
MILW0RM
BID
Sphider -- Sphider
SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2.
unknown
2007-02-23
7.0CVE-2006-7057
FRSIRT
SECUNIA
Steema Software -- TeeChart Pro
The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
8.0CVE-2007-1120
BID
SECUNIA
TinyPHPForum -- TinyPHPForum
Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.
unknown
2007-02-23
7.0CVE-2006-7063
MILW0RM
BID
XF
VirtueMart -- Virtuemart
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
unknown
2007-02-26
7.0CVE-2007-1096
OTHER-REF
WiClear -- WiClear
Unspecified vulnerability in the upload tool in Wiclear before 0.11.1 has unknown impact and remote attack vectors.
unknown
2007-02-26
7.0CVE-2007-1097
OTHER-REF
WikkaWiki -- WikkaWiki
The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.
unknown
2007-02-23
7.0CVE-2006-7049
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
WikkaWiki -- WikkaWiki
Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.
unknown
2007-02-23
7.0CVE-2006-7050
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
CS-Gallery -- CS-Gallery
PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.
unknown
2007-02-26
5.6CVE-2007-1108
MILW0RM
BID
DreamCost -- HostAdmin
Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. NOTE: the index.php vector is covered by CVE-2006-0791.
unknown
2007-02-23
5.6CVE-2006-7056
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
efiction -- efiction
Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.
unknown
2007-02-26
5.6CVE-2007-1118
MILW0RM
BID
FRSIRT
SECUNIA
Microsoft -- Internet Explorer
Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.
unknown
2007-02-26
5.6CVE-2007-1091
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Firefox
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
unknown
2007-02-26
5.6CVE-2007-0779
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
unknown
2007-02-26
5.6CVE-2007-0780
OTHER-REF
OTHER-REF
Mozilla -- Firefox
Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
unknown
2007-02-26
5.6CVE-2007-1095
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
NoMoKeTos Rules -- NoMoKeTos Rules
PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-26
5.6CVE-2007-1106
MILW0RM
BID
Novell -- ZENworks
Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.
unknown
2007-02-26
4.7CVE-2007-1119
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SweetPHP -- TotalCalendar
PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.
unknown
2007-02-23
5.6CVE-2006-7055
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
OSVDB
XF
Watersweb Shops -- Shop Kit Plus
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
unknown
2007-02-26
4.7CVE-2007-1127
BUGTRAQ
BID
Zephyr -- ZephyrSoft Toolbox Address Book Continued
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
unknown
2007-02-26
4.7CVE-2007-1121
OTHER-REF
BID
FRSIRT
SECUNIA
ZephyrSoft Toolbox -- Address Book Continued
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.
unknown
2007-02-26
4.7CVE-2007-1122
OTHER-REF
BID
FRSIRT
SECUNIA
ZPanel -- ZPanel
Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
5.6CVE-2007-1123
BID
FRSIRT
SECUNIA
XF
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ActiveCalendar -- ActiveCalendar
Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
unknown
2007-02-26
2.3CVE-2007-1110
BUGTRAQ
BID
Arkoon -- FAST360
The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite.
unknown
2007-02-23
3.3CVE-2006-7054
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Chipmunk Scripts -- Chipmunk Blogger
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.
unknown
2007-02-23
1.4CVE-2006-7043
BUGTRAQ
BID
XF
Extreme phpBB -- Extreme phpBB
PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-26
2.3CVE-2007-1105
MILW0RM
BID
KMail -- KMail
calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.
unknown
2007-02-23
3.3CVE-2006-7062
OTHER-REF
OSVDB
XF
Linux -- Linux
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.
unknown
2007-02-23
2.3CVE-2006-7051
BUGTRAQ
MILW0RM
XF
Microsoft -- Internet Explorer
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
unknown
2007-03-02
2.3CVE-2006-7065
FULLDISC
OTHER-REF
BID
Microsoft -- Windows Explorer
Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
unknown
2007-02-26
2.7CVE-2007-1090
OTHER-REF
OTHER-REF
Microsoft -- Internet Explorer
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.
unknown
2007-02-26
2.7CVE-2007-1094
BUGTRAQ
BID
Microsoft -- Internet Explorer
The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
1.9CVE-2007-1114
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.1, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
unknown
2007-02-26
3.9CVE-2007-0775
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
unknown
2007-02-26
2.7CVE-2007-0778
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
unknown
2007-02-26
2.3CVE-2007-0995
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
3.7CVE-2007-0996
OTHER-REF
OTHER-REF
REDHAT
Mozilla -- Firefox
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, whcih allows remote attackers to obtain sensitive information by querying the browser's session history.
unknown
2007-02-26
2.3CVE-2007-1116
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
MTCMS -- MTCMS
Multiple cross-site scripting (XSS) vulnerabilities in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-26
2.3CVE-2007-1132
BID
Opera Software -- Opera
The child frames in Opera 9 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
unknown
2007-02-26
3.7CVE-2007-1115
OTHER-REF
Photostand -- Photostand
Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) name field, or the (3) q parameter in a search action in index.php.
unknown
2007-02-26
1.9CVE-2007-1101
BUGTRAQ
BID
BID
Photostand -- Photostand
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
unknown
2007-02-26
2.3CVE-2007-1102
BUGTRAQ
PHP MIP -- PHP MIP
PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.
unknown
2007-02-26
1.9CVE-2007-1104
MILW0RM
PhpWebGallery -- PhpWebGallery
Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674.
unknown
2007-02-26
1.9CVE-2007-1109
BUGTRAQ
BID
picKLE -- picKLE
Directory traversal vulnerability in download.php in Pickle allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-02-26
2.3CVE-2007-1100
BUGTRAQ
BID
Scriptsez.net -- E-Dating System
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.
unknown
2007-02-23
1.9CVE-2006-7059
BUGTRAQ
BID
SECUNIA
XF
Scriptsez.net -- E-Dating System
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.
unknown
2007-02-23
2.3CVE-2006-7060
BUGTRAQ
SECUNIA
ScryMUD -- ScryMUD
Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.
unknown
2007-02-26
2.3CVE-2007-1098
MLIST
OTHER-REF
ShoutPro -- ShoutPro
include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution.
unknown
2007-02-23
2.3CVE-2006-7047
BUGTRAQ
BUGTRAQ
XF
Sphider -- Sphider
Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-23
2.3CVE-2006-7058
FRSIRT
OSVDB
SECUNIA
Tor -- Tor
Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
unknown
2007-02-26
1.9CVE-2007-1103
MLIST
MLIST
MLIST
OTHER-REF
Watersweb Shops -- Shop Kit Plus
shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.
unknown
2007-02-26
2.3CVE-2007-1128
BUGTRAQ
XeroXer -- Simple one-file gallery
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
unknown
2007-02-26
2.3CVE-2007-1124
BUGTRAQ
BID
XeroXer -- Simple one-file gallery
Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
unknown
2007-02-26
1.9CVE-2007-1125
BUGTRAQ
BID
XT-Commerce -- XT-Commerce Community Made Shopping
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
unknown
2007-02-26
2.3CVE-2007-1126
BUGTRAQ
Back to top



Last updated March 05, 2007