U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-015)

Vulnerability Summary for the Week of January 8, 2007

Original release date: January 15, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@lexPHPTeam -- @lex GuestbookSQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
unknown
2007-01-11
7.0CVE-2007-0202
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
@lexPHPTeam -- @lex GuestbookMultiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 and earlier allow remote attackers to (1) include and execute arbitrary local files via a relative pathname in the lang parameter to index.php, which is handled in livre_include.php, and (2) possibly access arbitrary directories via the aj_skin and skin_edit parameters to admin/skins.php.
unknown
2007-01-11
7.0CVE-2007-0205
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Adam Jarret -- AJLoginAJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.
unknown
2007-01-09
7.0CVE-2007-0153
BUGTRAQ
XF
Adobe -- Acrobat ReaderThe Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0103
BID
OTHER-REF
XF
AllMyPHP -- AllMyVisitorsPHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
unknown
2007-01-10
7.0CVE-2007-0170
OTHER-REF
BID
XF
Apple -- Mac OS X Preview.appThe Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0102
OTHER-REF
BID
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
unknown
2007-01-08
10.0CVE-2007-0117
OTHER-REF
BID
FRSIRT
SECUNIA
b2evolution -- b2evolutionCross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-10
7.0CVE-2007-0175
SECUNIA
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.
unknown
2007-01-09
7.0CVE-2007-0145
SECTRACK
XF
Cisco -- Secure Access Control ServerStack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
unknown
2007-01-08
10.0CVE-2007-0105
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Computer Associates -- Server/Business Protection Suite
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Enterprise Backup
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
unknown
2007-01-11
7.0CVE-2007-0168
OTHER-REF
OTHER-REF
Computer Associates -- Server/Business Protection Suite
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Enterprise Backup
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service , or opnum (3) 0xCF in the Tape Engine service.
unknown
2007-01-11
7.0CVE-2007-0169
OTHER-REF
OTHER-REF
OTHER-REF
CreateAuction -- CreateAuctionSQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2007-01-08
7.0CVE-2007-0112
BUGTRAQ
BID
XF
Dayfox Designs -- Dayfox BlogMultiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
unknown
2007-01-09
7.0CVE-2007-0150
BUGTRAQ
FRSIRT
SECUNIA
XF
Digger Solutions -- Intranet Open SourceDigger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.
unknown
2007-01-08
7.0CVE-2007-0116
BUGTRAQ
XF
DigiAppz -- DigiRezSQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
unknown
2007-01-09
7.0CVE-2007-0128
OTHER-REF
FRSIRT
SECUNIA
Digitizing Quote And Ordering System -- Digitizing Quote And Ordering SystemCross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
unknown
2007-01-09
7.0CVE-2007-0144
OTHER-REF
SECUNIA
XF
Edit-X -- eCommercePHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
unknown
2007-01-12
7.0CVE-2007-0190
BUGTRAQ
EditTag -- EditTagMultiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
unknown
2007-01-08
7.0CVE-2007-0119
BUGTRAQ
BID
EF Software -- EF CommanderStack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.
unknown
2007-01-10
8.0CVE-2007-0180
OTHER-REF
SECUNIA
EMembersPro -- EMembersProEMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.
unknown
2007-01-09
7.0CVE-2007-0149
BUGTRAQ
XF
F5 -- FirePass SSL VPNMultiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
unknown
2007-01-12
7.0CVE-2007-0186
OTHER-REF
OTHER-REF
OTHER-REF
BID
F5 -- FirepassF5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
unknown
2007-01-12
7.0CVE-2007-0187
OTHER-REF
OTHER-REF
BID
FON -- La FoneraFON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.
unknown
2007-01-12
7.0CVE-2007-0193
BUGTRAQ
BUGTRAQ
GeoBB -- GeoBBUnspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
unknown
2007-01-11
7.0CVE-2006-6918
OTHER-REF
GeoBB -- Georgian Bulletin Board** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.
unknown
2007-01-12
7.0CVE-2007-0189
BUGTRAQ
VIM
XF
Geoffrey Golliher -- Axiom Photo/News GalleryPHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.
unknown
2007-01-11
7.0CVE-2007-0200
OTHER-REF
VIM
FRSIRT
Getahead -- Direct Web RemotingGetahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
unknown
2007-01-12
7.0CVE-2007-0184
OTHER-REF
BID
FRSIRT
SECUNIA
GForge -- GForgeCross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
unknown
2007-01-10
7.0CVE-2007-0176
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
HarikaOnline -- HarikaOnlineHarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.
unknown
2007-01-09
7.0CVE-2007-0155
BUGTRAQ
XF
HP -- DECnet/OSIUnspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.
unknown
2007-01-09
7.0CVE-2007-0139
OTHER-REF
OTHER-REF
SECUNIA
FRSIRT
iGeneric -- iG CalendarSQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0130
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
iGeneric -- iG ShopSQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0132
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
iGeneric -- iG ShopMultiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
unknown
2007-01-09
7.0CVE-2007-0133
FRSIRT
iGeneric -- iG ShopMultiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php.
unknown
2007-01-09
7.0CVE-2007-0134
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
JAMWiki -- JAMWikiJAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.
unknown
2007-01-09
7.0CVE-2007-0131
OTHER-REF
SECUNIA
BID
XF
Kolayindir Download -- Kolayindir DownloadSQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0140
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
LocazoList -- LocazoList ClassifiedsSQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
unknown
2007-01-09
7.0CVE-2007-0129
OTHER-REF
XF
FRSIRT
M-Core -- M-CoreM-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
unknown
2007-01-09
7.0CVE-2007-0156
BUGTRAQ
XF
Michael Romedahl -- RI BlogCross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-01-08
7.0CVE-2007-0121
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Microsoft -- Internet ExplorerInteger overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
unknown
2007-01-09
8.0CVE-2007-0024
IDEFENSE
MS
MSKB
CERT-VN
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
unknown
2007-01-09
10.0CVE-2007-0027
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malformed record that triggers an "Improper Memory Access," a different issue than CVE-2007-0027.
unknown
2007-01-09
10.0CVE-2007-0028
MS
CERT-VN
FRSIRT
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
unknown
2007-01-09
8.0CVE-2007-0029
MS
BID
FRSIRT
SECTRACK
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
unknown
2007-01-09
8.0CVE-2007-0030
IDEFENSE
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- ExcelHeap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
unknown
2007-01-09
8.0CVE-2007-0031
IDEFENSE
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- OutlookMicrosoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
unknown
2007-01-09
8.0CVE-2007-0033
MS
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- OutlookMicrosoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability".
unknown
2007-01-09
8.0CVE-2007-0034
MS
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
MitiSoft -- MitiSoftMitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.
unknown
2007-01-09
7.0CVE-2007-0151
BUGTRAQ
XF
MKPortal -- MKPortalCross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.
unknown
2007-01-12
7.0CVE-2007-0191
BUGTRAQ
XF
MKPortal -- MKPortalCross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.
unknown
2007-01-12
7.0CVE-2007-0192
BUGTRAQ
Motionborg -- Motionborg Web Real EstateSQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
unknown
2007-01-11
7.0CVE-2007-0196
OTHER-REF
BID
XF
Novell -- Novell Access Manager Identity ServerCross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.
unknown
2007-01-08
7.0CVE-2007-0110
OTHER-REF
BID
FRSIRT
SECUNIA
OhhASP -- OhhASPOhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.
unknown
2007-01-09
7.0CVE-2007-0152
BUGTRAQ
OTHER-REF
XF
Opera Software -- OperaThe Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
2006-11-16
2007-01-08
7.0CVE-2007-0127
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
SECTRACK
PHP Web Scripts -- Easy Banner ProPHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
unknown
2007-01-10
7.0CVE-2007-0178
BUGTRAQ
PHPKIT -- PHPKITSQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
unknown
2007-01-10
7.0CVE-2007-0179
BUGTRAQ
BID
phpMyAdmin -- phpMyAdminMultiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
unknown
2007-01-11
7.0CVE-2007-0203
OTHER-REF
SECUNIA
phpMyAdmin -- phpMyAdminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,
unknown
2007-01-11
7.0CVE-2007-0204
OTHER-REF
FRSIRT
SECUNIA
PPC Search Engine -- PPC Search Engine
WGS-PPC -- WGS-PPC
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.
unknown
2007-01-09
7.0CVE-2007-0167
BUGTRAQ
VIM
BID
Scriptaty -- Magic Photo Storage WebsitePHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.
unknown
2007-01-10
7.0CVE-2007-0181
BUGTRAQ
Scriptaty -- Magic Photo Storage WebsiteMultiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
unknown
2007-01-12
7.0CVE-2007-0182
BUGTRAQ
Shopstorenow -- E-commerce Shopping CartSQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
unknown
2007-01-09
7.0CVE-2007-0142
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Sina -- SinaMultiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.
unknown
2007-01-10
7.0CVE-2007-0174
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
TIS -- Internet Firewall ToolkitBuffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).
unknown
2007-01-11
10.0CVE-2007-0201
OTHER-REF
BID
SECTRACK
XF
Voice Of Web -- AllMyLinksPHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
unknown
2007-01-10
7.0CVE-2007-0171
OTHER-REF
BID
XF
Voice Of Web -- AllMyGuestsMultiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.
unknown
2007-01-10
7.0CVE-2007-0172
OTHER-REF
BID
XF
Webulas -- WebulasWebulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.
unknown
2007-01-09
7.0CVE-2007-0154
BUGTRAQ
XF
Xpdf -- XpdfThe Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0104
BID
OTHER-REF
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Finder
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
unknown
2007-01-11
5.6CVE-2007-0197
OTHER-REF
Aratix -- AratixPHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
unknown
2007-01-09
5.6CVE-2007-0135
VIM
OTHER-REF
OTHER-REF
FRSIRT
XF
CenterICQ -- CenterICQStack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) by adding the victim as a friend and using long (1) username and (2) real name strings.
unknown
2007-01-09
5.6CVE-2007-0160
BUGTRAQ
BID
Coppermine -- Coppermine Photo GalleryMultiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
unknown
2007-01-08
4.2CVE-2007-0122
BUGTRAQ
OTHER-REF
BID
Drupal -- DrupalMultiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.
unknown
2007-01-09
5.6CVE-2007-0136
FULLDISC
OTHER-REF
FRSIRT
BUGTRAQ
OTHER-REF
XF
F5 -- FirepassF5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.
unknown
2007-01-12
4.2CVE-2007-0188
OTHER-REF
OTHER-REF
BID
GeoIP -- GeoIPDirectory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.
unknown
2007-01-09
4.7CVE-2007-0159
OTHER-REF
MANDRIVA
BID
FRSIRT
FRSIRT
L2J -- Statistik ScriptDirectory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
unknown
2007-01-10
5.6CVE-2007-0173
OTHER-REF
BID
XF
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-10
5.6CVE-2007-0177
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- Firefox Sage ExtensionFirefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
unknown
2007-01-11
5.6CVE-2006-6919
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
Nucleus CMS -- Nucleus CMSCross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.
unknown
2007-01-11
5.6CVE-2006-6920
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
NUNE -- News ScriptMultiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.
unknown
2007-01-09
5.6CVE-2007-0143
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
XF
OmniGroup -- OmniWebFormat string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
unknown
2007-01-09
5.6CVE-2007-0148
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
OTHER-REF
BID
XF
Opera Software -- OperaHeap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.
unknown
2007-01-08
5.6CVE-2007-0126
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
SECTRACK
XF
Resco -- Photo ViewerBuffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.
unknown
2007-01-08
5.6CVE-2007-0111
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SerendipityNZ -- Serene Bach sb 1.13D
SerendipityNZ -- Serene Bach 2.05R
SerendipityNZ -- Serene Bach 1.18R
SerendipityNZ -- Serene Bach 2.08D
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-09
5.6CVE-2007-0137
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
SECTRACK
XF
Sun -- iPlanet Web ServerCross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-12
5.6CVE-2007-0183
BID
SECUNIA
Uber Uploader -- Uber UploaderUnrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
unknown
2007-01-08
5.6CVE-2007-0123
BUGTRAQ
XF
Unsanity -- Application EnhancerUnsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
unknown
2007-01-09
4.2CVE-2007-0162
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
WordPress -- WordPressWordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
unknown
2007-01-08
5.6CVE-2007-0107
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
OPENPKG
XF
Yet Another Link Directory -- Yet Another Link DirectoryCross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
unknown
2007-01-09
5.6CVE-2007-0141
BUGTRAQ
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acunetix -- Web Vulnerability ScannerAcunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
unknown
2007-01-08
2.3CVE-2007-0120
OTHER-REF
BID
XF
Camouflage -- CamouflageCamouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.
unknown
2007-01-09
3.3CVE-2007-0164
OTHER-REF
BID
SECUNIA
Cisco -- IP Contact Center Hosted
Cisco -- IP Contact Center Enterprise
Cisco -- Unified Contact Center Enterprise
Cisco -- Unified Contact Center Hosted
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.
unknown
2007-01-11
2.3CVE-2007-0198
CISCO
BID
Cisco -- IOSThe Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
unknown
2007-01-11
2.3CVE-2007-0199
CISCO
Coppermine -- Coppermine Photo GalleryStatic code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
unknown
2007-01-08
3.4CVE-2007-0115
BUGTRAQ
VIM
OTHER-REF
Cuyahoga -- CuyahogaCuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
unknown
2007-01-09
2.3CVE-2007-0147
OTHER-REF
OTHER-REF
SECUNIA
BID
Drupal -- DrupalUnspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
unknown
2007-01-08
1.1CVE-2007-0124
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
EditTag -- EditTagMultiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
unknown
2007-01-08
1.9CVE-2007-0118
BUGTRAQ
BID
F5 -- Firepassmy.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
unknown
2007-01-12
2.3CVE-2007-0195
OTHER-REF
OTHER-REF
BID
Fersche -- Formankserverformbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-09
2.3CVE-2007-0138
SECUNIA
XF
Fix and Chips Computer Services -- Fix and Chips CMSMultiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.
unknown
2007-01-09
3.4CVE-2007-0146
BUGTRAQ
FRSIRT
SECUNIA
XF
FreeBSD -- FreeBSDThe jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
unknown
2007-01-11
3.4CVE-2007-0166
FREEBSD
Getahead -- Direct Web RemotingGetahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.
unknown
2007-01-12
2.3CVE-2007-0185
OTHER-REF
BID
FRSIRT
SECUNIA
HP -- Officejet 5100
HP -- Officejet 4100
HP -- Officejet 5500
HP -- Officejet D
HP -- Officejet 6100
HP -- Officejet G
HP -- PSC 2400 Photosmart All-in-one
HP -- PSC 700
HP -- PSC 2200
HP -- PML Driver HPZ12
HP -- PSC 2500 Photosmart All-in-one
HP -- PSC 1100
HP -- Color LaserJet 4650
HP -- PSC 1200
HP -- PSC 1300
HP -- Officejet 7100
HP -- PSC 1210 All-in-One
HP -- PSC 2100
HP -- PSC 900
HP -- PSC 2510 Photosmart Printer
HP -- Officejet K
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
2006-05-29
2007-01-09
2.3CVE-2007-0161
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
HP -- OpenView Network Node ManagerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.
unknown
2007-01-11
2.3CVE-2007-0206
HP
BID
Kaspersky Lab -- Kaspersky Antivirus EngineKaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
unknown
2007-01-08
2.3CVE-2007-0125
IDEFENSE
SECUNIA
BID
FRSIRT
SECTRACK
XF
MKPortal -- MKPortaladmin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.
unknown
2007-01-12
3.3CVE-2007-0194
BUGTRAQ
neon -- neonArray index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
unknown
2007-01-09
3.3CVE-2007-0157
MLIST
OTHER-REF
OTHER-REF
Novell -- Novell Clientnwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.
unknown
2007-01-08
3.4CVE-2007-0108
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Packeteer PacketShaper -- PacketWiseBuffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.
unknown
2007-01-08
2.0CVE-2007-0113
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SecureKit -- SecureKit SteganographySecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
unknown
2007-01-09
3.3CVE-2007-0163
BUGTRAQ
OTHER-REF
SECUNIA
Sun -- Java System Content Delivery ServerSun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
unknown
2007-01-08
2.3CVE-2007-0114
SUNALERT
BID
FRSIRT
SECUNIA
XF
Sun -- SolarisUnspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
unknown
2007-01-09
3.3CVE-2007-0165
SUNALERT
BID
FRSIRT
SECUNIA
XF
WordPress -- WordPressCross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
unknown
2007-01-08
2.3CVE-2007-0106
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
WordPress -- WordPresswp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
unknown
2007-01-08
2.3CVE-2007-0109
BUGTRAQ
FRSIRT
SECUNIA
XF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@lexPHPTeam -- @lex GuestbookSQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.
unknown
2007-01-11
7.0CVE-2007-0202
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
@lexPHPTeam -- @lex GuestbookMultiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 and earlier allow remote attackers to (1) include and execute arbitrary local files via a relative pathname in the lang parameter to index.php, which is handled in livre_include.php, and (2) possibly access arbitrary directories via the aj_skin and skin_edit parameters to admin/skins.php.
unknown
2007-01-11
7.0CVE-2007-0205
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Adam Jarret -- AJLoginAJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.
unknown
2007-01-09
7.0CVE-2007-0153
BUGTRAQ
XF
Adobe -- Acrobat ReaderThe Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0103
BID
OTHER-REF
XF
AllMyPHP -- AllMyVisitorsPHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.
unknown
2007-01-10
7.0CVE-2007-0170
OTHER-REF
BID
XF
Apple -- Mac OS X Preview.appThe Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0102
OTHER-REF
BID
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
unknown
2007-01-08
10.0CVE-2007-0117
OTHER-REF
BID
FRSIRT
SECUNIA
b2evolution -- b2evolutionCross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-10
7.0CVE-2007-0175
SECUNIA
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.
unknown
2007-01-09
7.0CVE-2007-0145
SECTRACK
XF
Cisco -- Secure Access Control ServerStack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
unknown
2007-01-08
10.0CVE-2007-0105
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Computer Associates -- Server/Business Protection Suite
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Enterprise Backup
The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
unknown
2007-01-11
7.0CVE-2007-0168
OTHER-REF
OTHER-REF
Computer Associates -- Server/Business Protection Suite
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Enterprise Backup
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service , or opnum (3) 0xCF in the Tape Engine service.
unknown
2007-01-11
7.0CVE-2007-0169
OTHER-REF
OTHER-REF
OTHER-REF
CreateAuction -- CreateAuctionSQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.
unknown
2007-01-08
7.0CVE-2007-0112
BUGTRAQ
BID
XF
Dayfox Designs -- Dayfox BlogMultiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.
unknown
2007-01-09
7.0CVE-2007-0150
BUGTRAQ
FRSIRT
SECUNIA
XF
Digger Solutions -- Intranet Open SourceDigger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.
unknown
2007-01-08
7.0CVE-2007-0116
BUGTRAQ
XF
DigiAppz -- DigiRezSQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
unknown
2007-01-09
7.0CVE-2007-0128
OTHER-REF
FRSIRT
SECUNIA
Digitizing Quote And Ordering System -- Digitizing Quote And Ordering SystemCross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.
unknown
2007-01-09
7.0CVE-2007-0144
OTHER-REF
SECUNIA
XF
Edit-X -- eCommercePHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
unknown
2007-01-12
7.0CVE-2007-0190
BUGTRAQ
EditTag -- EditTagMultiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.
unknown
2007-01-08
7.0CVE-2007-0119
BUGTRAQ
BID
EF Software -- EF CommanderStack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.
unknown
2007-01-10
8.0CVE-2007-0180
OTHER-REF
SECUNIA
EMembersPro -- EMembersProEMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.
unknown
2007-01-09
7.0CVE-2007-0149
BUGTRAQ
XF
F5 -- FirePass SSL VPNMultiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
unknown
2007-01-12
7.0CVE-2007-0186
OTHER-REF
OTHER-REF
OTHER-REF
BID
F5 -- FirepassF5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.
unknown
2007-01-12
7.0CVE-2007-0187
OTHER-REF
OTHER-REF
BID
FON -- La FoneraFON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.
unknown
2007-01-12
7.0CVE-2007-0193
BUGTRAQ
BUGTRAQ
GeoBB -- GeoBBUnspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
unknown
2007-01-11
7.0CVE-2006-6918
OTHER-REF
GeoBB -- Georgian Bulletin Board** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.
unknown
2007-01-12
7.0CVE-2007-0189
BUGTRAQ
VIM
XF
Geoffrey Golliher -- Axiom Photo/News GalleryPHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.
unknown
2007-01-11
7.0CVE-2007-0200
OTHER-REF
VIM
FRSIRT
Getahead -- Direct Web RemotingGetahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.
unknown
2007-01-12
7.0CVE-2007-0184
OTHER-REF
BID
FRSIRT
SECUNIA
GForge -- GForgeCross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
unknown
2007-01-10
7.0CVE-2007-0176
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
HarikaOnline -- HarikaOnlineHarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.
unknown
2007-01-09
7.0CVE-2007-0155
BUGTRAQ
XF
HP -- DECnet/OSIUnspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.
unknown
2007-01-09
7.0CVE-2007-0139
OTHER-REF
OTHER-REF
SECUNIA
FRSIRT
iGeneric -- iG CalendarSQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0130
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
iGeneric -- iG ShopSQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0132
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
iGeneric -- iG ShopMultiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.
unknown
2007-01-09
7.0CVE-2007-0133
FRSIRT
iGeneric -- iG ShopMultiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php.
unknown
2007-01-09
7.0CVE-2007-0134
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
JAMWiki -- JAMWikiJAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.
unknown
2007-01-09
7.0CVE-2007-0131
OTHER-REF
SECUNIA
BID
XF
Kolayindir Download -- Kolayindir DownloadSQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-09
7.0CVE-2007-0140
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
LocazoList -- LocazoList ClassifiedsSQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.
unknown
2007-01-09
7.0CVE-2007-0129
OTHER-REF
XF
FRSIRT
M-Core -- M-CoreM-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.
unknown
2007-01-09
7.0CVE-2007-0156
BUGTRAQ
XF
Michael Romedahl -- RI BlogCross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-01-08
7.0CVE-2007-0121
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Microsoft -- Internet ExplorerInteger overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
unknown
2007-01-09
8.0CVE-2007-0024
IDEFENSE
MS
MSKB
CERT-VN
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
unknown
2007-01-09
10.0CVE-2007-0027
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malformed record that triggers an "Improper Memory Access," a different issue than CVE-2007-0027.
unknown
2007-01-09
10.0CVE-2007-0028
MS
CERT-VN
FRSIRT
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
unknown
2007-01-09
8.0CVE-2007-0029
MS
BID
FRSIRT
SECTRACK
Microsoft -- ExcelMicrosoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
unknown
2007-01-09
8.0CVE-2007-0030
IDEFENSE
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- ExcelHeap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
unknown
2007-01-09
8.0CVE-2007-0031
IDEFENSE
MS
CERT-VN
BID
FRSIRT
SECTRACK
Microsoft -- OutlookMicrosoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
unknown
2007-01-09
8.0CVE-2007-0033
MS
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- OutlookMicrosoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability".
unknown
2007-01-09
8.0CVE-2007-0034
MS
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
MitiSoft -- MitiSoftMitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.
unknown
2007-01-09
7.0CVE-2007-0151
BUGTRAQ
XF
MKPortal -- MKPortalCross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.
unknown
2007-01-12
7.0CVE-2007-0191
BUGTRAQ
XF
MKPortal -- MKPortalCross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.
unknown
2007-01-12
7.0CVE-2007-0192
BUGTRAQ
Motionborg -- Motionborg Web Real EstateSQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
unknown
2007-01-11
7.0CVE-2007-0196
OTHER-REF
BID
XF
Novell -- Novell Access Manager Identity ServerCross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.
unknown
2007-01-08
7.0CVE-2007-0110
OTHER-REF
BID
FRSIRT
SECUNIA
OhhASP -- OhhASPOhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.
unknown
2007-01-09
7.0CVE-2007-0152
BUGTRAQ
OTHER-REF
XF
Opera Software -- OperaThe Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
2006-11-16
2007-01-08
7.0CVE-2007-0127
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
SECTRACK
PHP Web Scripts -- Easy Banner ProPHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
unknown
2007-01-10
7.0CVE-2007-0178
BUGTRAQ
PHPKIT -- PHPKITSQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.
unknown
2007-01-10
7.0CVE-2007-0179
BUGTRAQ
BID
phpMyAdmin -- phpMyAdminMultiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
unknown
2007-01-11
7.0CVE-2007-0203
OTHER-REF
SECUNIA
phpMyAdmin -- phpMyAdminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,
unknown
2007-01-11
7.0CVE-2007-0204
OTHER-REF
FRSIRT
SECUNIA
PPC Search Engine -- PPC Search Engine
WGS-PPC -- WGS-PPC
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.
unknown
2007-01-09
7.0CVE-2007-0167
BUGTRAQ
VIM
BID
Scriptaty -- Magic Photo Storage WebsitePHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.
unknown
2007-01-10
7.0CVE-2007-0181
BUGTRAQ
Scriptaty -- Magic Photo Storage WebsiteMultiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
unknown
2007-01-12
7.0CVE-2007-0182
BUGTRAQ
Shopstorenow -- E-commerce Shopping CartSQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
unknown
2007-01-09
7.0CVE-2007-0142
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Sina -- SinaMultiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.
unknown
2007-01-10
7.0CVE-2007-0174
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
TIS -- Internet Firewall ToolkitBuffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).
unknown
2007-01-11
10.0CVE-2007-0201
OTHER-REF
BID
SECTRACK
XF
Voice Of Web -- AllMyLinksPHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.
unknown
2007-01-10
7.0CVE-2007-0171
OTHER-REF
BID
XF
Voice Of Web -- AllMyGuestsMultiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.
unknown
2007-01-10
7.0CVE-2007-0172
OTHER-REF
BID
XF
Webulas -- WebulasWebulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.
unknown
2007-01-09
7.0CVE-2007-0154
BUGTRAQ
XF
Xpdf -- XpdfThe Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
unknown
2007-01-08
7.0CVE-2007-0104
BID
OTHER-REF
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Finder
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
unknown
2007-01-11
5.6CVE-2007-0197
OTHER-REF
Aratix -- AratixPHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.
unknown
2007-01-09
5.6CVE-2007-0135
VIM
OTHER-REF
OTHER-REF
FRSIRT
XF
CenterICQ -- CenterICQStack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) by adding the victim as a friend and using long (1) username and (2) real name strings.
unknown
2007-01-09
5.6CVE-2007-0160
BUGTRAQ
BID
Coppermine -- Coppermine Photo GalleryMultiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
unknown
2007-01-08
4.2CVE-2007-0122
BUGTRAQ
OTHER-REF
BID
Drupal -- DrupalMultiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: some of these details are obtained from third party information.
unknown
2007-01-09
5.6CVE-2007-0136
FULLDISC
OTHER-REF
FRSIRT
BUGTRAQ
OTHER-REF
XF
F5 -- FirepassF5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.
unknown
2007-01-12
4.2CVE-2007-0188
OTHER-REF
OTHER-REF
BID
GeoIP -- GeoIPDirectory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.
unknown
2007-01-09
4.7CVE-2007-0159
OTHER-REF
MANDRIVA
BID
FRSIRT
FRSIRT
L2J -- Statistik ScriptDirectory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
unknown
2007-01-10
5.6CVE-2007-0173
OTHER-REF
BID
XF
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-10
5.6CVE-2007-0177
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Mozilla -- Firefox Sage ExtensionFirefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
unknown
2007-01-11
5.6CVE-2006-6919
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
Nucleus CMS -- Nucleus CMSCross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.
unknown
2007-01-11
5.6CVE-2006-6920
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
NUNE -- News ScriptMultiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.
unknown
2007-01-09
5.6CVE-2007-0143
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
XF
OmniGroup -- OmniWebFormat string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
unknown
2007-01-09
5.6CVE-2007-0148
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
OTHER-REF
BID
XF
Opera Software -- OperaHeap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.
unknown
2007-01-08
5.6CVE-2007-0126
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
SECTRACK
XF
Resco -- Photo ViewerBuffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.
unknown
2007-01-08
5.6CVE-2007-0111
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SerendipityNZ -- Serene Bach sb 1.13D
SerendipityNZ -- Serene Bach 2.05R
SerendipityNZ -- Serene Bach 1.18R
SerendipityNZ -- Serene Bach 2.08D
Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-01-09
5.6CVE-2007-0137
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
SECTRACK
XF
Sun -- iPlanet Web ServerCross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-12
5.6CVE-2007-0183
BID
SECUNIA
Uber Uploader -- Uber UploaderUnrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
unknown
2007-01-08
5.6CVE-2007-0123
BUGTRAQ
XF
Unsanity -- Application EnhancerUnsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
unknown
2007-01-09
4.2CVE-2007-0162
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
WordPress -- WordPressWordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
unknown
2007-01-08
5.6CVE-2007-0107
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
OPENPKG
XF
Yet Another Link Directory -- Yet Another Link DirectoryCross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
unknown
2007-01-09
5.6CVE-2007-0141
BUGTRAQ
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acunetix -- Web Vulnerability ScannerAcunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.
unknown
2007-01-08
2.3CVE-2007-0120
OTHER-REF
BID
XF
Camouflage -- CamouflageCamouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.
unknown
2007-01-09
3.3CVE-2007-0164
OTHER-REF
BID
SECUNIA
Cisco -- IP Contact Center Hosted
Cisco -- IP Contact Center Enterprise
Cisco -- Unified Contact Center Enterprise
Cisco -- Unified Contact Center Hosted
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.
unknown
2007-01-11
2.3CVE-2007-0198
CISCO
BID
Cisco -- IOSThe Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange."
unknown
2007-01-11
2.3CVE-2007-0199
CISCO
Coppermine -- Coppermine Photo GalleryStatic code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.
unknown
2007-01-08
3.4CVE-2007-0115
BUGTRAQ
VIM
OTHER-REF
Cuyahoga -- CuyahogaCuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.
unknown
2007-01-09
2.3CVE-2007-0147
OTHER-REF
OTHER-REF
SECUNIA
BID
Drupal -- DrupalUnspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
unknown
2007-01-08
1.1CVE-2007-0124
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
EditTag -- EditTagMultiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.
unknown
2007-01-08
1.9CVE-2007-0118
BUGTRAQ
BID
F5 -- Firepassmy.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.
unknown
2007-01-12
2.3CVE-2007-0195
OTHER-REF
OTHER-REF
BID
Fersche -- Formankserverformbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-09
2.3CVE-2007-0138
SECUNIA
XF
Fix and Chips Computer Services -- Fix and Chips CMSMultiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.
unknown
2007-01-09
3.4CVE-2007-0146
BUGTRAQ
FRSIRT
SECUNIA
XF
FreeBSD -- FreeBSDThe jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.
unknown
2007-01-11
3.4CVE-2007-0166
FREEBSD
Getahead -- Direct Web RemotingGetahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.
unknown
2007-01-12
2.3CVE-2007-0185
OTHER-REF
BID
FRSIRT
SECUNIA
HP -- Officejet 5100
HP -- Officejet 4100
HP -- Officejet 5500
HP -- Officejet D
HP -- Officejet 6100
HP -- Officejet G
HP -- PSC 2400 Photosmart All-in-one
HP -- PSC 700
HP -- PSC 2200
HP -- PML Driver HPZ12
HP -- PSC 2500 Photosmart All-in-one
HP -- PSC 1100
HP -- Color LaserJet 4650
HP -- PSC 1200
HP -- PSC 1300
HP -- Officejet 7100
HP -- PSC 1210 All-in-One
HP -- PSC 2100
HP -- PSC 900
HP -- PSC 2510 Photosmart Printer
HP -- Officejet K
The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.
2006-05-29
2007-01-09
2.3CVE-2007-0161
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
HP -- OpenView Network Node ManagerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.
unknown
2007-01-11
2.3CVE-2007-0206
HP
BID
Kaspersky Lab -- Kaspersky Antivirus EngineKaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.
unknown
2007-01-08
2.3CVE-2007-0125
IDEFENSE
SECUNIA
BID
FRSIRT
SECTRACK
XF
MKPortal -- MKPortaladmin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.
unknown
2007-01-12
3.3CVE-2007-0194
BUGTRAQ
neon -- neonArray index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.
unknown
2007-01-09
3.3CVE-2007-0157
MLIST
OTHER-REF
OTHER-REF
Novell -- Novell Clientnwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.
unknown
2007-01-08
3.4CVE-2007-0108
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Packeteer PacketShaper -- PacketWiseBuffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.
unknown
2007-01-08
2.0CVE-2007-0113
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SecureKit -- SecureKit SteganographySecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
unknown
2007-01-09
3.3CVE-2007-0163
BUGTRAQ
OTHER-REF
SECUNIA
Sun -- Java System Content Delivery ServerSun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
unknown
2007-01-08
2.3CVE-2007-0114
SUNALERT
BID
FRSIRT
SECUNIA
XF
Sun -- SolarisUnspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
unknown
2007-01-09
3.3CVE-2007-0165
SUNALERT
BID
FRSIRT
SECUNIA
XF
WordPress -- WordPressCross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.
unknown
2007-01-08
2.3CVE-2007-0106
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
WordPress -- WordPresswp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
unknown
2007-01-08
2.3CVE-2007-0109
BUGTRAQ
FRSIRT
SECUNIA
XF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top