Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-365 archive

Vulnerability Summary for the Week of December 24, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
1024 CMS -- 1024 CMS
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
unknown
2007-12-28
7.5CVE-2007-6583
MILW0RM
AdultScript -- AdultScript
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
unknown
2007-12-28
7.5CVE-2007-6576
MILW0RM
OTHER-REF
Agares Media -- Arcadem
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter.
unknown
2007-12-27
7.5CVE-2007-6542
MILW0RM
Blakord -- Blakord Portal
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
unknown
2007-12-28
7.5CVE-2007-6565
BUGTRAQ
MILW0RM
OTHER-REF
BID
Brand039 -- mmsLamp
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
unknown
2007-12-28
7.5CVE-2007-6575
MILW0RM
XF
Eagle Software -- AERIES Browser Interface
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-24
7.5CVE-2007-6517
OTHER-REF
BID
SECUNIA
eSyndicat -- eSyndicat Link Exchange
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-27
7.5CVE-2007-6543
MILW0RM
George Lewe -- TeamCal Pro
Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) register.php, (3) login.php, or (4) statistics.php.
unknown
2007-12-27
7.5CVE-2007-6554
MILW0RM
BID
HP -- HP-UX
Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
unknown
2007-12-24
7.8CVE-2007-6419
HP
BID
SECUNIA
HP -- LoadRunner
Groove -- Virtual Office
Persits Software -- XUpload
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
unknown
2007-12-27
9.3CVE-2007-6530
FULLDISC
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
IBM -- Domino Web Access
IBM -- Lotus Domino Web Access
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
unknown
2007-12-27
9.3CVE-2007-4474
FULLDISC
CERT-VN
BID
FRSIRT
SECUNIA
XF
IBM -- DB2 Content Manager Toolkit
Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."
unknown
2007-12-27
10.0CVE-2007-6525
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
XF
Inmatrix -- Zoom Player
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
unknown
2007-12-27
7.5CVE-2007-6533
BUGTRAQ
BID
IP_Reg -- IP_Reg
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors.
unknown
2007-12-28
7.5CVE-2007-6579
MILW0RM
BID
Logaholic -- Logaholic
Multiple SQL injection vulnerabilities in Logaholic allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
unknown
2007-12-27
7.5CVE-2007-6559
BUGTRAQ
BID
Mail Machine -- MailMachine_PRO
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-27
7.5CVE-2007-6551
MILW0RM
OTHER-REF
Meeting Room Booking Software -- MRBS
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-27
7.5CVE-2007-6538
BUGTRAQ
BID
XF
MeGaCheatZ -- MeGaCheatZ
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
unknown
2007-12-27
7.5CVE-2007-6557
MILW0RM
OTHER-REF
BID
Neuron -- News
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
unknown
2007-12-27
7.5CVE-2007-6540
BUGTRAQ
nicLor -- nicLor
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
unknown
2007-12-28
7.5CVE-2007-6586
MILW0RM
BID
Opera Software -- Opera
Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.
unknown
2007-12-24
10.0CVE-2007-6521
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Opera Software -- Opera
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
unknown
2007-12-24
7.8CVE-2007-6523
BUGTRAQ
BID
FRSIRT
Opera Software -- Opera
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file.
unknown
2007-12-24
7.8CVE-2007-6524
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Phil Taylor -- mosDirectory
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
unknown
2007-12-27
9.3CVE-2007-6555
MILW0RM
BID
Plogger -- Plogger
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-28
7.5CVE-2007-6587
OTHER-REF
OTHER-REF
BID
PMOS Helpdesk -- PMOS Helpdesk
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
unknown
2007-12-27
7.5CVE-2007-6550
MILW0RM
QKSoft -- QK SMTP Server 3
QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.
unknown
2007-12-28
7.8CVE-2007-6573
BUGTRAQ
RunCMS -- RunCMS
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
unknown
2007-12-27
7.5CVE-2007-6544
BUGTRAQ
MILW0RM
MILW0RM
OTHER-REF
BID
RunCMS -- RunCMS
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenanc! e.php in modules/.
unknown
2007-12-27
7.5CVE-2007-6548
BUGTRAQ
MILW0RM
OTHER-REF
BID
RunCMS -- RunCMS
Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."
unknown
2007-12-27
7.5CVE-2007-6549
OTHER-REF
TikiWiki -- Tikiwiki
Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.
unknown
2007-12-27
10.0CVE-2007-6529
OTHER-REF
SECUNIA
Wallpaper -- Wallpaper Complete Website
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
unknown
2007-12-28
7.5CVE-2007-6580
MILW0RM
BID
Websihirbazi -- websihirbazi
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
unknown
2007-12-27
7.5CVE-2007-6556
MILW0RM
WinAce -- WinAce
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.
unknown
2007-12-27
10.0CVE-2007-6563
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
WoltLab -- Burning Board Lite
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
unknown
2007-12-24
7.5CVE-2007-6518
BUGTRAQ
BID
SECUNIA
XZero Scripts -- XZero Community Classifieds
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
unknown
2007-12-28
7.5CVE-2007-6566
MILW0RM
BID
XZero Scripts -- XZero Community Classifieds
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
unknown
2007-12-28
7.5CVE-2007-6568
MILW0RM
BID
Zeak.net -- PHP_ZLink
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-28
7.5CVE-2007-6578
MILW0RM
XF
zSuite -- zBlog
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
unknown
2007-12-28
7.5CVE-2007-6577
MILW0RM
BID
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
1024 CMS -- 1024 CMS
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/.
unknown
2007-12-28
6.4CVE-2007-6584
MILW0RM
Apache Software Foundation -- Tomcat
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
unknown
2007-12-27
6.4CVE-2007-5342
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
Apple -- Safari
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
unknown
2007-12-28
4.3CVE-2007-6592
BUGTRAQ
BUGTRAQ
OTHER-REF
auraCMS -- AuraCMS
Directory traversal vulnerability in index.php in AuraCMS 2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the act parameter, possibly involving the news pilih component; as demonstrated by including admin/admin_users.php to bypass a protection mechanism against direct request.
unknown
2007-12-27
6.0CVE-2007-6552
MILW0RM
OTHER-REF
C97net -- mBlog
Directory traversal vulnerability in index.php in mBlog 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter in a page mode action.
unknown
2007-12-28
6.4CVE-2007-6582
MILW0RM
BID
SECUNIA
XF
Dokeos -- Open Source Learning and Knowledge Management Tool
Dokeos -- Open Source Learning and Knowledge Management
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
unknown
2007-12-28
4.3CVE-2007-6574
BUGTRAQ
BID
George Lewe -- TeamCal Pro
Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.
unknown
2007-12-27
6.8CVE-2007-6553
MILW0RM
BID
Google -- Google Toolbar
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
unknown
2007-12-27
6.8CVE-2007-6536
BUGTRAQ
OTHER-REF
SECUNIA
XF
HP -- Tru64-UNIX
Unspecified vulnerability in the File-on-File Mounting File System (FFM) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows local users to cause a denial of service (system crash) via unspecified vectors.
unknown
2007-12-24
4.9CVE-2007-6519
HP
BID
SECUNIA
iDevspot -- iSupport
PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter.
unknown
2007-12-27
6.8CVE-2007-6539
BUGTRAQ
BID
XF
KDE -- Konqueror
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
unknown
2007-12-28
4.3CVE-2007-6591
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
Limbo CMS -- Limbo CMS
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
unknown
2007-12-27
4.3CVE-2007-6564
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Logaholic -- Logaholic
Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow remote attackers to inject arbitrary web script or HTML via (1) the newconfname parameter to profiles.php or (2) the conf parameter to index.php.
unknown
2007-12-27
4.3CVE-2007-6560
BUGTRAQ
BID
Microsoft -- Publisher
Multiple unspecified vulnerabilities in Microsoft Office Publisher allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted PUB file, possibly involving wordart.
unknown
2007-12-27
6.8CVE-2007-6534
BUGTRAQ
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.
unknown
2007-12-28
4.3CVE-2007-6589
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Netscape -- Netscape
Mozilla -- Mozilla
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
unknown
2007-12-28
4.3CVE-2007-6590
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
Neuron News -- Neuron News
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.
unknown
2007-12-27
4.3CVE-2007-6541
BUGTRAQ
NmnNewsletter -- NmnNewsletter
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
unknown
2007-12-28
6.8CVE-2007-6585
MILW0RM
BID
FRSIRT
SECUNIA
XF
Opera Software -- Opera
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
unknown
2007-12-24
4.3CVE-2007-6520
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Opera Software -- Opera
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
unknown
2007-12-24
4.3CVE-2007-6522
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
PDFLib -- PDFLib
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
unknown
2007-12-27
5.7CVE-2007-6561
BUGTRAQ
BID
SECUNIA
PHPCredo -- PHCDownload
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-28
4.3CVE-2007-6588
BID
XF
Rickard Andersson -- PunBB
uploadimg.php in the Automatic Image Upload with Thumbnails (imgUpload) module 1.3.2 for PunBB only verifies the Content-type field of uploaded files, which allows remote attackers to upload and execute arbitrary content via a file with a (1) JPG, (2) GIF, or (3) PNG MIME type.
unknown
2007-12-27
5.8CVE-2007-6527
OTHER-REF
SECUNIA
XF
RunCMS -- RunCMS
Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to the XoopsPageNav class; or (3) an avatar image to edituser.php.
unknown
2007-12-27
4.3CVE-2007-6545
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
RunCMS -- RunCMS
RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
unknown
2007-12-27
6.4CVE-2007-6546
BUGTRAQ
MILW0RM
OTHER-REF
BID
RunCMS -- RunCMS
RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session.
unknown
2007-12-27
6.8CVE-2007-6547
BUGTRAQ
MILW0RM
OTHER-REF
BID
Social Engine -- Social Engine
Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.
unknown
2007-12-28
6.4CVE-2007-6581
MILW0RM
OTHER-REF
BID
Sun -- Java Web Proxy Server
Sun -- Java System Web Server
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
unknown
2007-12-28
4.3CVE-2007-6569
OTHER-REF
SUNALERT
BID
SECUNIA
Sun -- Java Web Proxy Server
Sun -- Java System Web Server
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
unknown
2007-12-28
4.3CVE-2007-6570
OTHER-REF
OTHER-REF
SUNALERT
BID
SECUNIA
Sun -- Java Web Proxy Server
Sun -- Java System Web Server
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
unknown
2007-12-28
4.3CVE-2007-6571
SUNALERT
BID
Sun -- Java Web Proxy Server
Sun -- Java System Web Server
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
unknown
2007-12-28
4.3CVE-2007-6572
SUNALERT
BID
TCPreen -- TCPreen
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.
unknown
2007-12-27
5.0CVE-2007-6562
OTHER-REF
BID
FRSIRT
SECUNIA
TikiWiki -- Tikiwiki
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
unknown
2007-12-27
4.3CVE-2007-6526
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
TikiWiki -- Tikiwiki
Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.
unknown
2007-12-27
5.0CVE-2007-6528
BUGTRAQ
OTHER-REF
BID
SECUNIA
TotalPlayer -- TotalPlayer
TotalPlayer 3.0 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .m3u file.
unknown
2007-12-27
4.3CVE-2007-6558
BUGTRAQ
WinUAE -- WinUAE
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
unknown
2007-12-27
6.8CVE-2007-6537
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XZero Scripts -- XZero Community Classifieds
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
unknown
2007-12-28
6.4CVE-2007-6567
MILW0RM
OTHER-REF
BID
Yahoo -- Yahoo Toolbar
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
unknown
2007-12-27
6.8CVE-2007-6535
FULLDISC
BID
XF
Back to top
Last updated January 02, 2008