Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-323 archive

Vulnerability Summary for the Week of November 12, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server		 CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
unknown
2007-11-14
7.5CVE-2007-4679
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server		 CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
unknown
2007-11-14
7.5CVE-2007-4680
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.
unknown
2007-11-15
9.3CVE-2007-4344
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
AOL -- Radio
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
unknown
2007-11-13
10.0CVE-2007-5755
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach thread or thread exception port, which allows local users to execute arbitrary code by writing to the address space of a privileged process.
unknown
2007-11-14
7.2CVE-2007-3749
APPLE
Apple -- Mac OS X
Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ioctl request to an AppleTalk socket.
unknown
2007-11-14
7.2CVE-2007-4267
APPLE
Apple -- Mac OS X
An "arithmetic error" in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message that triggers a buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4268
APPLE
Apple -- Mac OS X
Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4269
IDEFENSE
APPLE
Apple -- Quicktime
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
unknown
2007-11-14
7.1CVE-2007-4678
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
unknown
2007-11-14
7.2CVE-2007-4685
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or execute arbitrary code via a crafted ioctl request.
unknown
2007-11-14
7.2CVE-2007-4686
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
unknown
2007-11-14
9.3CVE-2007-4687
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
unknown
2007-11-14
10.0CVE-2007-4689
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
unknown
2007-11-14
9.0CVE-2007-4690
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
unknown
2007-11-14
10.0CVE-2007-4691
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
unknown
2007-11-14
7.2CVE-2007-4693
APPLE
Apple -- Safari
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
unknown
2007-11-14
7.5CVE-2007-4699
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
unknown
2007-11-14
7.5CVE-2007-4700
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4702
APPLE
OTHER-REF
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root-owned executable from accepting incoming connections, even when "Block incoming connections" has been set for that executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4703
APPLE
OTHER-REF
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted again, which might allow attackers to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4704
APPLE
OTHER-REF
Autonomy -- KeyView Viewer SDK
Autonomy -- KeyView Export SDK
Autonomy -- KeyView Filter SDK
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
9.3CVE-2007-6008
SECUNIA
BTI-Tracker -- BTI-Tracker
blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
unknown
2007-11-14
7.5CVE-2007-5988
OTHER-REF
OTHER-REF
SECUNIA
XF
bug software -- bughotel reservation system
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
10.0CVE-2007-6011
BID
datecomm -- Social Networking Script
SQL injection vulnerability in index.php in datecomm Social Networking Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
7.5CVE-2007-5992
BID
E-Vendejo -- 0.2
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-13
7.5CVE-2007-5951
OTHER-REF
SECUNIA
EXO -- ExoPHPDesk
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
unknown
2007-11-15
7.5CVE-2007-5991
BUGTRAQ
BID
HP -- HP-UX
Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
unknown
2007-11-13
7.2CVE-2007-5946
HP
BID
SECTRACK
IBM -- Informix Dynamic Server
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows attackers to have an unknown impact via directory traversal sequences in the DBLANG environment variable.
unknown
2007-11-14
7.2CVE-2007-5956
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JPortal -- JPortal Web Portal
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
unknown
2007-11-14
7.5CVE-2007-5973
MILW0RM
BID
XF
JPortal -- JPortal Web Portal
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
unknown
2007-11-14
7.5CVE-2007-5974
MILW0RM
BID
XF
Justin Hagstrom -- AutoIndex PHP Script
classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."
unknown
2007-11-14
7.8CVE-2007-5984
BUGTRAQ
OTHER-REF
BID
Microsoft -- windows-nt
The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
unknown
2007-11-13
7.8CVE-2007-3898
BUGTRAQ
OTHER-REF
MS
CERT-VN
BID
SECTRACK
SECUNIA
XF
Novell -- Novell client
NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
unknown
2007-11-13
7.2CVE-2007-5667
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Pioneers -- Pioneers
Pioneers before 0.11.3 allows remote attackers to cause a denial of service (crash) by causing a "Broken pipe" error, which triggers a delete operation while the Session object is still being used.
unknown
2007-11-13
7.8CVE-2007-5933
OTHER-REF
OTHER-REF
Pioneers -- Pioneers
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.
unknown
2007-11-15
7.8CVE-2007-6010
OTHER-REF
redhat -- rhel_cluster
redhat -- Conga
The ricci daemon in Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
unknown
2007-11-13
7.8CVE-2007-4136
OTHER-REF
REDHAT
SECTRACK
softbizscripts -- Link Directory Script
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
unknown
2007-11-15
7.5CVE-2007-5996
MILW0RM
BID
XF
softbizscripts -- Softbiz Auctions Script
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
7.5CVE-2007-5999
MILW0RM
BID
XF
Sun -- Net Connect Software
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
unknown
2007-11-13
7.2CVE-2007-3880
IDEFENSE
SUNALERT
BID
FRSIRT
SECUNIA
Testlink -- testlink
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
unknown
2007-11-15
10.0CVE-2007-6006
OTHER-REF
SECUNIA
toko -- instan
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
unknown
2007-11-15
7.5CVE-2007-6004
MILW0RM
BID
Ubuntu -- Linux kernel
The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
unknown
2007-11-14
7.8CVE-2006-7229
OTHER-REF
XOOPS -- MyLinks Module
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-11-14
7.5CVE-2007-5978
BUGTRAQ
BID
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server		 Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possible execute arbitrary code via a crafted directory hierarchy.
unknown
2007-11-14
4.4CVE-2007-4681
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server		 CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
unknown
2007-11-14
4.3CVE-2007-4682
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server		 Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
unknown
2007-11-14
4.6CVE-2007-4683
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.
unknown
2007-11-15
6.8CVE-2007-6007
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
unknown
2007-11-15
6.8CVE-2007-6009
OTHER-REF
Adobe -- ColdFusion
Adobe -- ColdFusion MX
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
unknown
2007-11-15
6.8CVE-2007-5905
OTHER-REF
OTHER-REF
BID
SECTRACK
Adobe -- Shockwave
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
unknown
2007-11-13
5.0CVE-2007-5941
MILW0RM
BID
Apple -- Mac OS X
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via crafted arguments to the i386_set_ldt system call.
unknown
2007-11-14
6.9CVE-2007-4684
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
unknown
2007-11-14
5.0CVE-2007-4688
APPLE
Apple -- Safari
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
unknown
2007-11-14
4.3CVE-2007-4692
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
unknown
2007-11-14
4.3CVE-2007-4694
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
unknown
2007-11-14
4.3CVE-2007-4695
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
unknown
2007-11-14
4.3CVE-2007-4696
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
unknown
2007-11-14
6.8CVE-2007-4697
APPLE
Apple -- Safari
Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
unknown
2007-11-14
4.3CVE-2007-4698
APPLE
Bandersnatch -- Bandersnatch
Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.
unknown
2007-11-13
5.0CVE-2007-5942
OTHER-REF
XF
Bandersnatch -- Bandersnatch
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
unknown
2007-11-15
4.3CVE-2007-6001
OTHER-REF
XF
BTI-Tracker -- BTI-Tracker
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
unknown
2007-11-14
4.3CVE-2007-5985
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
XF
BTI-Tracker -- BTI-Tracker
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-11-14
5.0CVE-2007-5986
OTHER-REF
OTHER-REF
SECUNIA
XF
BTI-Tracker -- BTI-Tracker
details.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
unknown
2007-11-14
6.8CVE-2007-5987
OTHER-REF
OTHER-REF
SECUNIA
XF
eggblog -- eggblog
Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5980
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
EXO -- ExoPHPDesk
Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile.
unknown
2007-11-15
4.3CVE-2007-5990
BUGTRAQ
BID
F5 -- Firepass 4100
Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
unknown
2007-11-14
4.3CVE-2007-5979
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Fenrir -- Grani
Fenrir -- Sleipnir
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
unknown
2007-11-15
4.3CVE-2007-6002
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
getmiro -- Broadcast Machine
Cross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2007-11-14
4.3CVE-2007-3694
BUGTRAQ
BID
XF
helioscalendar -- Helios Calendar
Cross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5952
BID
SECUNIA
IBM -- WebSphere Application Server
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
unknown
2007-11-13
4.3CVE-2007-5944
OTHER-REF
AIXAPAR
FRSIRT
IBM -- Informix Dynamic Server
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
unknown
2007-11-14
4.9CVE-2007-5957
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JLMForo System -- JLMForo System
Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5954
BID
Justin Hagstrom -- AutoIndex PHP Script
Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5983
BUGTRAQ
OTHER-REF
SECUNIA
KDE -- Konqueror
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
unknown
2007-11-15
5.0CVE-2007-6000
BUGTRAQ
BID
XF
Lantronix -- SCS3200
Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-14
5.0CVE-2007-5981
BID
SECUNIA
XF
Linux -- Kernel
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
unknown
2007-11-15
5.0CVE-2007-5501
OTHER-REF
Mozilla -- Firefox
The jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
unknown
2007-11-13
4.3CVE-2007-5947
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
NetCommons -- NetCommons
Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
unknown
2007-11-13
4.3CVE-2007-5950
OTHER-REF
OTHER-REF
SECUNIA
nss_ldap -- nss_ldap
Race condition in nss_ldap, when used in applications that use pthread and fork after a call to nss_ldap, does not properly handle the LDAP connection, which might cause nss_ldap to return the wrong user data to the wrong process. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
unknown
2007-11-13
5.0CVE-2007-5794
OTHER-REF
OTHER-REF
MLIST
MLIST
OrangeHRM -- OrangeHRM
The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-10
5.0CVE-2007-5931
OTHER-REF
BID
FRSIRT
XF
PCRE -- PCRE
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7227
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
PCRE -- PCRE
Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7228
OTHER-REF
OTHER-REF
SECUNIA
PCRE -- PCRE
Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
unknown
2007-11-15
5.0CVE-2006-7230
OTHER-REF
PEAR -- Structures_DataGrid_DataSource_MDB2
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
unknown
2007-11-13
4.3CVE-2007-5934
OTHER-REF
OTHER-REF
MLIST
BID
SECUNIA
php-tools -- patBBcode
PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
unknown
2007-11-15
6.8CVE-2007-5995
MILW0RM
BID
phpMyAdmin -- phpMyAdmin
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
unknown
2007-11-14
6.5CVE-2007-5976
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Really Simple CalDAV Store -- Really Simple CalDAV Store
Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5953
OTHER-REF
FRSIRT
ruby-lang -- Ruby
The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
unknown
2007-11-13
5.0CVE-2007-5770
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
SECUNIA
script-fun -- SF-Shoutbox
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
unknown
2007-11-13
4.3CVE-2007-5948
OTHER-REF
BID
SECUNIA
Simple Machines -- Simple Machines Forum
Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
unknown
2007-11-13
5.0CVE-2007-5943
BUGTRAQ
softbizscripts -- Banner Exchange Network Script
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
6.5CVE-2007-5997
MILW0RM
BID
XF
softbizscripts -- Ad Management plus Script
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
unknown
2007-11-15
6.5CVE-2007-5998
MILW0RM
BID
XF
Thomson -- SpeedTouch
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
4.3CVE-2007-6003
SECUNIA
XF
TorrentStrike -- TorrentStrike
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-14
6.5CVE-2007-5975
BUGTRAQ
BID
SECUNIA
tug -- TeXlive 2007
teTeX -- teTeX
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
unknown
2007-11-13
6.8CVE-2007-5935
OTHER-REF
OTHER-REF
tug -- TeXlive 2007
teTeX -- teTeX
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute execute arbitrary code via a crafted DVI input file.
unknown
2007-11-13
6.8CVE-2007-5937
OTHER-REF
OTHER-REF
tug -- TeXlive 2007
feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
unknown
2007-11-13
4.6CVE-2007-5940
OTHER-REF
UPDIR -- UPDIR.NET
Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-11-13
4.3CVE-2007-5955
OTHER-REF
OTHER-REF
SECUNIA
USVN -- USVN
USVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5945
OTHER-REF
OTHER-REF
BID
vtls -- vtls.web.gateway
Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
unknown
2007-11-15
4.3CVE-2007-5993
BUGTRAQ
WebEx Communications -- WebEx GPCContainer ActiveX Control
Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method.
unknown
2007-11-15
4.3CVE-2007-6005
FULLDISC
BID
XF
WinPcap -- WinPcap
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
unknown
2007-11-13
6.9CVE-2007-5756
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
X7 Group -- X7 Chat
Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
unknown
2007-11-14
4.3CVE-2007-5982
OTHER-REF
BID
SECUNIA
yappa-ng -- yappa-ng
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
unknown
2007-11-15
6.8CVE-2007-5994
OTHER-REF
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
unknown
2007-11-14
2.1CVE-2007-4701
APPLE
IBM -- Tivoli Service Desk
Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
unknown
2007-11-13
3.5CVE-2007-5949
AIXAPAR
BID
FRSIRT
SECUNIA
XF
phpMyAdmin -- phpMyAdmin
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
unknown
2007-11-14
3.5CVE-2007-5977
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
tug -- TeXlive 2007
teTeX -- teTeX
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
unknown
2007-11-13
3.6CVE-2007-5936
OTHER-REF
OTHER-REF
Back to top



=
Last updated November 19, 2007