Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-358 archive

Vulnerability Summary for the Week of December 17, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash Player
Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
unknown
2007-12-19
9.3CVE-2007-6242
OTHER-REF
Adobe -- Flash Player
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
unknown
2007-12-19
9.3CVE-2007-6243
OTHER-REF
OTHER-REF
AdultScript -- AdultScript
admin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
unknown
2007-12-17
7.5CVE-2007-6414
MILW0RM
BID
SECUNIA
Aertherwide -- exiftags
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.
unknown
2007-12-18
10.0CVE-2007-6354
OTHER-REF
SECUNIA
Aertherwide -- exiftags
Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.
unknown
2007-12-18
10.0CVE-2007-6355
OTHER-REF
SECUNIA
Apple -- Mac OS X
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
unknown
2007-12-19
9.3CVE-2007-4708
APPLE
Apple -- Mac OS X
Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
unknown
2007-12-19
8.8CVE-2007-4709
APPLE
Apple -- Mac OS X
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-4710
APPLE
Apple -- Mac OS X
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
unknown
2007-12-19
7.2CVE-2007-5848
APPLE
Apple -- Mac OS X
Integer underflow in CUPS in Apple Mac OS X 10.5.1, when SNMP is enabled, allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
unknown
2007-12-19
9.3CVE-2007-5849
APPLE
Apple -- Mac OS X
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
unknown
2007-12-19
8.8CVE-2007-5850
APPLE
Apple -- Mac OS X
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5853
APPLE
Apple -- Mac OS X
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
unknown
2007-12-19
9.4CVE-2007-5856
APPLE
Apple -- Safari
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5859
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
unknown
2007-12-19
7.2CVE-2007-5860
APPLE
Apple -- Mac OS X
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
unknown
2007-12-18
9.4CVE-2007-5862
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
unknown
2007-12-19
9.3CVE-2007-5863
APPLE
Cisco -- IP Phone Model 7940
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-17
7.8CVE-2007-5583
FULLDISC
MILW0RM
BID
XF
Cisco -- FWSM
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
unknown
2007-12-19
7.8CVE-2007-5584
CISCO
BID
XF
Cisco -- IP Phone Model 7940
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-14
7.8CVE-2007-6370
FULLDISC
MILW0RM
BID
XF
Clam Anti-Virus -- ClamAV
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6335
IDEFENSE
DEBIAN
SECUNIA
Ethereal Group -- Ethereal
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
unknown
2007-12-19
7.8CVE-2007-6449
OTHER-REF
exiv2 -- exiv2
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6353
OTHER-REF
SECUNIA
Falcon -- Series One CMS
Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
unknown
2007-12-20
7.5CVE-2007-6489
MILW0RM
FRSIRT
SECUNIA
FreeWebShop -- FreeWebShop
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action.
unknown
2007-12-19
7.5CVE-2007-6466
OTHER-REF
BID
Gesytec Easylon -- OPC Server
Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
unknown
2007-12-17
10.0CVE-2007-4473
OTHER-REF
OTHER-REF
CERT-VN
Hammer of Thyrion -- Hammer of Thyrion
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6468
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Hosting Controller -- Hosting Controller
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
unknown
2007-12-20
10.0CVE-2007-6494
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
unknown
2007-12-20
7.5CVE-2007-6497
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting Controller
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
unknown
2007-12-20
7.5CVE-2007-6498
BUGTRAQ
MILW0RM
BID
XF
HP -- Software Update
The HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
unknown
2007-12-20
9.3CVE-2007-6506
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
iMesh.com -- iMesh
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
unknown
2007-12-20
7.1CVE-2007-6492
OTHER-REF
SECUNIA
iMesh.com -- iMesh
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
unknown
2007-12-20
10.0CVE-2007-6493
OTHER-REF
SECUNIA
JBoss -- Seam
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
unknown
2007-12-18
7.5CVE-2007-6433
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Justsystem -- Ichitaro
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
unknown
2007-12-18
9.3CVE-2007-6436
OTHER-REF
FRSIRT
SECUNIA
XF
Kvaliitti -- WebDoc CMS
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
unknown
2007-12-20
10.0CVE-2007-6491
BUGTRAQ
Linux -- Kernel
Linux kernel 2.6.22 and earlier, and possibly other versions, does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
unknown
2007-12-20
7.8CVE-2007-4567
UBUNTU
Linux -- Kernel
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
7.2CVE-2007-5966
OTHER-REF
BID
FRSIRT
SECUNIA
Linux -- Kernel
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly allocate memory in some circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
unknown
2007-12-17
7.2CVE-2007-6417
MLIST
MLIST
MLIST
MKPortal -- MKPortal
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
unknown
2007-12-19
7.5CVE-2007-6467
BUGTRAQ
BID
XF
my123tkShop -- e-Commerce-Suite
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
unknown
2007-12-19
7.5CVE-2007-6458
MILW0RM
BID
Novell -- Groupwise
Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
unknown
2007-12-18
9.3CVE-2007-6435
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
PeerCast -- PeerCast
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
unknown
2007-12-19
10.0CVE-2007-6454
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Perforce -- P4Web
P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
unknown
2007-12-20
7.8CVE-2007-6349
BUGTRAQ
OTHER-REF
BID
SECUNIA
PHP Real Estate Classifieds -- PHP Real Estate Classifieds Premium Plus
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-19
7.5CVE-2007-6462
MILW0RM
OTHER-REF
BID
phpMyRealty -- phpMyRealty
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
7.5CVE-2007-6472
MILW0RM
SECUNIA
phpRPG -- phpRPG
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6469
BUGTRAQ
BID
SECUNIA
Planamesa -- NeoOffice
Unspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
unknown
2007-12-19
10.0CVE-2007-6456
OTHER-REF
BID
SECUNIA
XF
St. Bernard -- Open File Manager
Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
unknown
2007-12-19
10.0CVE-2007-6281
FULLDISC
OTHER-REF
BID
SECUNIA
Sun -- Solaris
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
unknown
2007-12-17
9.3CVE-2007-6413
SUNALERT
FRSIRT
SECUNIA
Sun -- Management Center
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
unknown
2007-12-20
9.4CVE-2007-6480
SUNALERT
SECUNIA
Sun -- Ray Server Software
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
unknown
2007-12-20
7.8CVE-2007-6482
SUNALERT
BID
SECUNIA
Trend Micro -- ServerProtect
SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
unknown
2007-12-20
10.0CVE-2007-6507
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) Firebird/Interbase, (2) DCP ETSI, (3) IPv6, or (4) USB dissector, which can trigger resource consumption or a crash.
unknown
2007-12-19
7.8CVE-2007-6439
OTHER-REF
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
unknown
2007-12-19
7.8CVE-2007-6441
OTHER-REF
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.99.5 to 0.99.6 allows remote attackers to cause a denial of service (large loop) via a malformed DNP packet.
unknown
2007-12-19
7.8CVE-2007-6444
OTHER-REF
Wireshark -- Wireshark
Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6, when running on "some systems," allows remote attackers to cause a denial of service (crash) via crafted chunked messages.
unknown
2007-12-19
7.8CVE-2007-6445
OTHER-REF
Wireshark -- Wireshark
Buffer overflow in the iSeries (OS/400) Communication trace file parser in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code unknown vectors.
unknown
2007-12-19
7.5CVE-2007-6447
OTHER-REF
Wireshark -- Wireshark
The Bluetooth SDP dissector in Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6448
OTHER-REF
Wireshark -- Wireshark
The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6450
OTHER-REF
Wireshark -- Wireshark
Unspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
unknown
2007-12-19
7.8CVE-2007-6451
OTHER-REF
xeCMS -- xeCMS
Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
unknown
2007-12-21
7.5CVE-2007-6508
BUGTRAQ
MILW0RM
BID
Xen -- Xen
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
unknown
2007-12-17
7.5CVE-2007-6416
OTHER-REF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash Player
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
unknown
2007-12-19
4.3CVE-2007-6244
OTHER-REF
Adobe -- Flash Player
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
unknown
2007-12-19
5.8CVE-2007-6245
OTHER-REF
Adobe -- Flash Player
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
unknown
2007-12-19
6.9CVE-2007-6246
OTHER-REF
Aertherwide -- exiftags
exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
unknown
2007-12-18
5.0CVE-2007-6356
OTHER-REF
SECUNIA
Anon Proxy Server -- Anon Proxy Server
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
unknown
2007-12-19
6.8CVE-2007-6459
BUGTRAQ
MILW0RM
BID
Anon Proxy Server -- Anon Proxy Server
Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
unknown
2007-12-19
4.3CVE-2007-6460
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Apple -- Mac OS X
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via crafted command line arguments to (1) mount_smbfs and (2) smbutil.
unknown
2007-12-19
6.6CVE-2007-3876
APPLE
Apple -- Mac OS X
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
unknown
2007-12-19
6.6CVE-2007-5847
APPLE
Apple -- Mac OS X
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
unknown
2007-12-19
4.3CVE-2007-5854
APPLE
Apple -- Mac OS X
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
unknown
2007-12-19
6.4CVE-2007-5855
APPLE
Apple -- Mac OS X
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
unknown
2007-12-19
6.4CVE-2007-5857
APPLE
Apple -- Safari
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
unknown
2007-12-19
4.3CVE-2007-5858
APPLE
Apple -- Mac OS X
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
unknown
2007-12-19
6.8CVE-2007-5861
APPLE
Asterisk -- Asterisk Business Edition
Asterisk -- Open Source
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
unknown
2007-12-19
4.3CVE-2007-6430
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Balabit -- syslog-ng Premium Edition
Balabit -- syslog-ng Open Source Edition
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
unknown
2007-12-19
5.0CVE-2007-6437
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
XF
Bitweaver -- Bitweaver
Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
unknown
2007-12-17
6.8CVE-2007-6412
BUGTRAQ
OTHER-REF
BID
Centreon -- Centreon
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
unknown
2007-12-20
6.8CVE-2007-6485
BUGTRAQ
MILW0RM
BID
XF
Citrix -- Web Interface
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-20
4.3CVE-2007-6477
OTHER-REF
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamAV
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP file.
unknown
2007-12-19
6.8CVE-2007-6336
DEBIAN
BID
Dokeos -- Dokeos
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
unknown
2007-12-20
4.9CVE-2007-6479
MILW0RM
SECUNIA
Falcon -- Series One CMS
Multiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
unknown
2007-12-20
6.8CVE-2007-6488
MILW0RM
FRSIRT
SECUNIA
Falcon -- Series One CMS
Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
unknown
2007-12-20
4.3CVE-2007-6490
MILW0RM
FRSIRT
SECUNIA
Flyspray -- Flyspray
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
unknown
2007-12-19
4.3CVE-2007-6461
OTHER-REF
SECUNIA
Fonality -- Trixbox
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
unknown
2007-12-18
4.3CVE-2007-6424
MLIST
OTHER-REF
OTHER-REF
Form Tools -- Form Tools
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
unknown
2007-12-19
6.8CVE-2007-6464
MILW0RM
Ganglia -- Ganglia
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
4.3CVE-2007-6465
OTHER-REF
SECUNIA
Geek-Palace.com -- LineShout
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
4.3CVE-2007-6486
OTHER-REF
BID
SECUNIA
GF_3Xplorer -- GF_3Xplorer
Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
unknown
2007-12-20
4.3CVE-2007-6474
MILW0RM
SECUNIA
GF_3Xplorer -- GF_3Xplorer
Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
unknown
2007-12-20
6.4CVE-2007-6475
MILW0RM
GF_3Xplorer -- GF_3Xplorer
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
unknown
2007-12-20
5.0CVE-2007-6476
MILW0RM
SECUNIA
Google -- Google Web Toolkit
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
unknown
2007-12-19
4.3CVE-2007-6452
OTHER-REF
BID
FRSIRT
SECUNIA
Hosting Controller -- Hosting Controller
inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
unknown
2007-12-20
6.5CVE-2007-6495
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting Controller
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
unknown
2007-12-20
6.8CVE-2007-6496
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
unknown
2007-12-20
5.5CVE-2007-6499
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
unknown
2007-12-20
4.9CVE-2007-6500
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
unknown
2007-12-20
5.5CVE-2007-6501
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
unknown
2007-12-20
5.5CVE-2007-6502
BUGTRAQ
MILW0RM
BID
XF
XF
Hosting Controller -- Hosting Controller
Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
unknown
2007-12-20
5.5CVE-2007-6503
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting Controller
Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
unknown
2007-12-20
5.5CVE-2007-6504
BUGTRAQ
MILW0RM
BID
XF
Ingres -- Ingres
Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
unknown
2007-12-20
5.0CVE-2007-6334
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
KDE -- KDE
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
unknown
2007-12-19
4.7CVE-2007-5963
BUGTRAQ
OTHER-REF
libexif -- libexif
libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.
unknown
2007-12-19
4.3CVE-2007-6351
OTHER-REF
REDHAT
libexif -- libexif
Integer overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.
unknown
2007-12-19
6.8CVE-2007-6352
REDHAT
REDHAT
BID
Mambo -- Mambo
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
unknown
2007-12-19
4.3CVE-2007-6455
BUGTRAQ
Net_DNS -- Net_DNS
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
unknown
2007-12-20
5.0CVE-2007-6341
OTHER-REF
OTHER-REF
BID
SECTRACK
NetWin -- SurgeMail
Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
unknown
2007-12-19
5.0CVE-2007-6457
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PHP Real Estate Script -- Classifieds
Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
unknown
2007-12-19
4.3CVE-2007-6463
OTHER-REF
phPay -- phPay
Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
unknown
2007-12-19
5.8CVE-2007-6471
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
phpRPG -- phpRPG
phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
unknown
2007-12-19
6.4CVE-2007-6470
BUGTRAQ
BID
SECUNIA
phpRPG -- phpRPG
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-20
6.8CVE-2007-6484
SECUNIA
Plain Black -- WebGUI
Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
unknown
2007-12-20
4.9CVE-2007-6487
OTHER-REF
OTHER-REF
SECUNIA
XF
Raiden Professional Servers -- RaidenHTTPD
Directory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
unknown
2007-12-19
6.4CVE-2007-6453
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- Enterprise Linux
Red Hat -- Fedora
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
unknown
2007-12-17
4.9CVE-2007-6283
OTHER-REF
Rosoft Engineering -- Rosoft Media Player
Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
6.8CVE-2007-6478
BUGTRAQ