U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-022)

Vulnerability Summary for the Week of January 15, 2007

Original release date: January 22, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Agnitum -- Outpost Firewall PROAgnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.
unknown
2007-01-17
7.0CVE-2007-0333
BUGTRAQ
OTHER-REF
BID
All In One Control Panel -- All In One Control PanelMultiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.
unknown
2007-01-17
7.0CVE-2007-0316
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
FreeBSD -- FreeBSD
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
unknown
2007-01-12
7.0CVE-2007-0229
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
MLIST
XF
Apple -- Mac OS XDouble-free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
unknown
2007-01-16
10.0CVE-2007-0236
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS X
Apple -- Minimal SLP Service Agent
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
unknown
2007-01-18
7.0CVE-2007-0355
OTHER-REF
OTHER-REF
Article System -- Article SystemMultiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.
unknown
2007-01-17
7.0CVE-2007-0314
OTHER-REF
BID
XF
BolinTech -- DreamFTP ServerHeap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.
unknown
2007-01-17
7.0CVE-2007-0338
OTHER-REF
SECUNIA
Colloquy -- ColloquyMultiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the room name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
unknown
2007-01-17
7.0CVE-2007-0344
OTHER-REF
BID
SECUNIA
Computer Associates -- Protection Suites
Computer Associates -- Brightstor ARCserve Backup
Computer Associates -- Enterprise Backup
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
unknown
2007-01-16
10.0CVE-2006-5171
ISS
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
Computer Associates -- Brightstor ARCserve Backup
Computer Associates -- Brightstor Enterprise Backup
Computer Associates -- Protection Suites
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
unknown
2007-01-16
10.0CVE-2006-5172
OTHER-REF
ISS
BID
FRSIRT
SECUNIA
XF
SECTRACK
ComScripts -- PHPMyphorumPHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
unknown
2007-01-18
7.0CVE-2007-0361
OTHER-REF
FRSIRT
Digiappz -- DigiAffiliateSQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0306
OTHER-REF
BID
FRSIRT
SECUNIA
Easy-content filemanager -- Easy-content filemanagerUnspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.
unknown
2007-01-16
7.0CVE-2007-0252
BUGTRAQ
Ezboxx -- Ezboxx Portal SystemSQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.
unknown
2007-01-16
7.0CVE-2007-0266
BUGTRAQ
F5 -- FirePass SSL VPNMultiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
unknown
2007-01-12
7.0CVE-2007-0186
OTHER-REF
OTHER-REF
OTHER-REF
BID
FULLDISC
SECUNIA
SECUNIA
FileZilla -- FileZillaMultiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
10.0CVE-2007-0315
OTHER-REF
BID
FRSIRT
XF
FileZilla -- FileZillaFormat string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
7.0CVE-2007-0317
OTHER-REF
BID
FRSIRT
XF
Francisco Burzi -- PHP-NukeSQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-01-17
7.0CVE-2007-0309
BUGTRAQ
OTHER-REF
BID
SECTRACK
FreshReader -- FreshReaderCross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.
unknown
2007-01-18
7.0CVE-2007-0362
OTHER-REF
OTHER-REF
SECUNIA
Grsecurity -- Grsecurity Kernel Patch** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.
unknown
2007-01-16
7.0CVE-2007-0253
OTHER-REF
OTHER-REF
OTHER-REF
Grsecurity -- Grsecurity Kernel Patch** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.
unknown
2007-01-16
7.0CVE-2007-0257
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
SECTRACK
Image gallery with Access Database -- Image gallery with Access DatabaseMultiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.
unknown
2007-01-16
7.0CVE-2006-6932
BUGTRAQ
BID
InGate -- Firewall and SIParatorUnspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.
unknown
2007-01-17
7.0CVE-2007-0334
OTHER-REF
BID
SECUNIA
FRSIRT
Ipswitch -- WS_FTPBuffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.
unknown
2007-01-17
7.0CVE-2007-0330
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
KGB -- KGBDirectory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.
unknown
2007-01-17
7.0CVE-2007-0337
OTHER-REF
BID
libgtop -- libgtopStack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.
unknown
2007-01-16
7.0CVE-2007-0235
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
FRSIRT
FRSIRT
SECUNIA
SECUNIA
MGB -- OpenSource GuestbookSQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-18
7.0CVE-2007-0354
OTHER-REF
OTHER-REF
VIM
BID
Michiel Broek -- mbse-bbsStack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.
unknown
2007-01-19
10.0CVE-2007-0368
OTHER-REF
OTHER-REF
BID
Microsoft -- Help WorkshopStack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
unknown
2007-01-18
8.0CVE-2007-0352
BUGTRAQ
OTHER-REF
OTHER-REF
MiNT -- Haber Sistemi 2.7SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0304
OTHER-REF
FRSIRT
SECUNIA
myWebland -- myBloggieCross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
unknown
2007-01-18
7.0CVE-2007-0353
BUGTRAQ
OTHER-REF
BID
Naig -- Naig** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.
unknown
2007-01-16
7.0CVE-2007-0260
BUGTRAQ
VIM
nicecoder -- INDEXUMultiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email ! parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.
unknown
2007-01-19
7.0CVE-2007-0364
BUGTRAQ
BID
SECUNIA
Nicola Asuni -- All In One Control PanelMultiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.
unknown
2007-01-19
7.0CVE-2007-0365
OTHER-REF
FRSIRT
SECUNIA
XF
NWOM -- NWOM TopsitesCross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.
unknown
2007-01-16
7.0CVE-2007-0249
BUGTRAQ
BID
Okulsistem Okul Web -- Otomasyon SistemiSQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0305
BUGTRAQ
OTHER-REF
BID
SECUNIA
Openads -- OpenadsCross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
unknown
2007-01-18
7.0CVE-2007-0363
OTHER-REF
OTHER-REF
SECUNIA
OpenSolution -- Quick.Car
Fastilo -- Fastilo
Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-01-16
7.0CVE-2007-0258
OTHER-REF
BID
SECUNIA
SECUNIA
Oracle -- Oracle E-Business Suite and Applications
Oracle -- Oracle HTTP Server
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.
unknown
2007-01-16
7.0CVE-2007-0279
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerMultiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02.
unknown
2007-01-16
7.0CVE-2007-0292
OTHER-REF
CERT
SECUNIA
Oreon Project -- OreonPHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-01-18
7.0CVE-2007-0360
OTHER-REF
FRSIRT
OWA -- OWABuffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
unknown
2007-01-17
10.0CVE-2006-6940
OTHER-REF
OTHER-REF
FRSIRT
Pancake.org -- ZinaMultiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
unknown
2007-01-17
7.0CVE-2007-0303
OTHER-REF
BID
FRSIRT
Pensacola Web Designs -- XtremeASP PhotoGalleryCross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field.
unknown
2007-01-16
7.0CVE-2006-6936
BUGTRAQ
BID
XF
Pensacola Web Designs -- XtremeASP PhotoGallerySQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
unknown
2007-01-16
7.0CVE-2006-6937
BUGTRAQ
BID
XF
phpMyAdmin -- phpMyAdminMultiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
unknown
2007-01-18
7.0CVE-2006-6942
BUGTRAQ
OTHER-REF
phpMyAdmin -- phpMyAdminphpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
unknown
2007-01-18
7.0CVE-2006-6944
OTHER-REF
Plain Black -- WebGUICross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
unknown
2007-01-17
7.0CVE-2007-0308
OTHER-REF
BID
SECUNIA
Poplar Gedcom Viewer -- Poplar Gedcom ViewerPHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.
unknown
2007-01-17
7.0CVE-2007-0307
OTHER-REF
BID
FRSIRT
SECUNIA
Portix-PHP -- Portix-PHPSQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.
unknown
2007-01-16
7.0CVE-2006-6935
BUGTRAQ
BID
XF
Scriptme -- SMe FileMailerSQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
7.0CVE-2007-0339
BUGTRAQ
VIM
SECUNIA
SmE -- FileMailerSQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.
unknown
2007-01-17
7.0CVE-2007-0346
VIM
FRSIRT
SmE -- FileMailerMultiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-18
7.0CVE-2007-0350
FRSIRT
sNews -- sNewssnews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
unknown
2007-01-16
10.0CVE-2007-0261
OTHER-REF
BID
SECUNIA
Sun -- JDK
Sun -- SDK
Sun -- JRE
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
2006-06-16
2007-01-17
8.0CVE-2007-0243
OTHER-REF
SUNALERT
BUGTRAQ
CERT-VN
FRSIRT
SECUNIA
ThWboard -- ThWboardSQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
unknown
2007-01-17
7.0CVE-2007-0340
OTHER-REF
SECUNIA
Uberghey -- CMSPHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
unknown
2007-01-18
7.0CVE-2007-0359
OTHER-REF
VIM
FRSIRT
Virtuemart -- VirtuemartSQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
unknown
2007-01-19
7.0CVE-2006-6945
FULLDISC
OTHER-REF
OTHER-REF
BID
WinZip -- WinZipBuffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
8.0CVE-2007-0264
BID
Xentraz -- liens_dynamiquesCross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.
unknown
2007-01-17
7.0CVE-2007-0331
BUGTRAQ
BID
Xentraz -- liens_dynamiques(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.
unknown
2007-01-17
7.0CVE-2007-0332
BUGTRAQ
BID
xine -- xine-uiFormat string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.
unknown
2007-01-16
10.0CVE-2007-0254
BUGTRAQ
BID
SECUNIA
XF
XINE -- XINEXINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
unknown
2007-01-16
8.0CVE-2007-0255
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
FreeBSD -- FreeBSD
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct). NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.
unknown
2007-01-16
4.7CVE-2007-0267
MLIST
OTHER-REF
BID
FRSIRT
Apple -- Mac OS XThe (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
unknown
2007-01-17
4.2CVE-2007-0345
OTHER-REF
OTHER-REF
Dexxaboy -- LunarPollPHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter.
unknown
2007-01-17
5.6CVE-2007-0298
BUGTRAQ
VIM
BID
DT Guestbook -- DT GuestbookCross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
unknown
2007-01-16
5.6CVE-2006-6487
netVigilance
OSVDB
SECUNIA
FRSIRT
Ezboxx -- Portal System BetaMultiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.
unknown
2007-01-16
5.6CVE-2007-0265
BUGTRAQ
FdWeB -- Espace MembrePHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-01-17
5.6CVE-2007-0301
Milw0rm
BID
FRSIRT
SECUNIA
GNU -- edGNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
unknown
2007-01-16
5.6CVE-2006-6939
OTHER-REF
FRSIRT
XF
GONICUS -- GONICUS System AdministrationUnspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
unknown
2007-01-17
6.0CVE-2007-0313
MLIST
FRSIRT
SECUNIA
InstantASP -- InstantASPMultiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
unknown
2007-01-17
5.6CVE-2007-0302
BUGTRAQ
BID
SECUNIA
Jax Scripts -- Jax Petition BookMultiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.
unknown
2007-01-17
5.6CVE-2007-0335
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
Maxum Development Corporation -- Rumpus FTP ServerMultiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
unknown
2007-01-19
4.2CVE-2007-0019
OTHER-REF
Maxum Development Corporation -- Rumpus FTP ServerUntrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
unknown
2007-01-19
4.9CVE-2007-0366
OTHER-REF
Maxum Development Corporation -- Rumpus FTP ServerRumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
unknown
2007-01-19
4.9CVE-2007-0367
OTHER-REF
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product.
unknown
2007-01-18
5.6CVE-2007-0351
BUGTRAQ
BUGTRAQ
oftpd -- oftpdoftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
unknown
2007-01-16
6.7CVE-2006-6767
GENTOO
BID
FRSIRT
SECUNIA
SECUNIA
Oracle -- OracleMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly disputed claims by a reliable researcher that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package.
unknown
2007-01-16
4.2CVE-2007-0268
OTHER-REF
OTHER-REF
CERT
CERT-VN
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03.
unknown
2007-01-16
4.0CVE-2007-0270
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05.
unknown
2007-01-16
4.0CVE-2007-0272
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01.
unknown
2007-01-16
4.7CVE-2007-0280
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
unknown
2007-01-16
4.7CVE-2007-0284
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Application ServerMultiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.
unknown
2007-01-16
4.7CVE-2007-0289
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerMultiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console.
unknown
2007-01-16
4.7CVE-2007-0293
OTHER-REF
CERT
SECUNIA
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
unknown
2007-01-17
5.6CVE-2007-0341
BUGTRAQ
BUGTRAQ
OTHER-REF
Portix-PHP -- Portix-PHPMultiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.
unknown
2007-01-16
5.6CVE-2006-6934
BUGTRAQ
BID
SECUNIA
XF
TLM CMS -- TLM CMSPHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2007-01-17
5.6CVE-2007-0300
Milw0rm
BID
FRSIRT
SECUNIA
Total Commander -- Total CommanderUnspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
5.3CVE-2007-0263
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XInteger overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.
unknown
2007-01-17
2.7CVE-2007-0299
OTHER-REF
SECUNIA
Apple -- Mac OS XThe do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.
unknown
2007-01-17
3.3CVE-2007-0318
SECUNIA
FRSIRT
Apple -- Mac OS X
Apple -- Safari
OmniGroup -- OmniWeb
Apple -- Apple WebKit
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
unknown
2007-01-17
2.3CVE-2007-0342
OTHER-REF
BID
BMC Software -- Remedy Action Request SystemBMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
unknown
2007-01-17
2.3CVE-2007-0310
BUGTRAQ
OTHER-REF
BID
SECUNIA
EFS Software -- Easy Chat ServerEasy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
3.3CVE-2006-6933
SECUNIA
XF
Ezboxx -- Ezboxx Portal SystemEzboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.
unknown
2007-01-16
3.3CVE-2007-0259
BUGTRAQ
OTHER-REF
FRSIRT
FreeWebshop -- FreeWebshopindex.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.
unknown
2007-01-18
2.3CVE-2006-6941
OTHER-REF
OTHER-REF
Fritz!DSL -- Fritz!DSLDirectory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.
unknown
2007-01-18
2.3CVE-2007-0357
FULLDISC
BID
HP -- Jetdirect firmwareUnspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.
unknown
2007-01-18
3.3CVE-2007-0358
HP
SECUNIA
Joonas Viljanen -- JV2 Folder Gallerydownload.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
unknown
2007-01-17
2.3CVE-2007-0329
OTHER-REF
FRSIRT
SECUNIA
libsoup -- libsoupThe soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
unknown
2007-01-16
3.3CVE-2006-5876
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Microsoft -- Internet Explorer
Common Controls Replacement Project -- FolderTreeview ActiveX control
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
unknown
2007-01-18
2.3CVE-2007-0356
OTHER-REF
BID
Nicecoder -- indexuDirectory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
unknown
2007-01-18
2.3CVE-2007-0349
BUGTRAQ
NitroTech -- NitroTechDirectory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
unknown
2007-01-16
2.3CVE-2006-6938
OTHER-REF
BID
XF
NWOM -- NWOM Topsitesindex.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.
unknown
2007-01-16
2.3CVE-2007-0250
BUGTRAQ
BID
OpenBSD -- OpenBSDOpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.
unknown
2007-01-17
2.3CVE-2007-0343
OPENBSD
OPENBSD
BID
SECTRACK
Oracle -- Oracle10g Application ServerDirectory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors.
unknown
2007-01-16
2.3CVE-2007-0222
BUGTRAQ
BID
SECUNIA
Oracle -- OracleUnspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.
unknown
2007-01-16
2.8CVE-2007-0269
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04.
unknown
2007-01-16
2.8CVE-2007-0271
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06.
unknown
2007-01-16
2.3CVE-2007-0273
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09).
unknown
2007-01-16
1.4CVE-2007-0274
OTHER-REF
CERT
SECUNIA
Oracle -- E-Business Suite and Applications
Oracle -- Collaboration Suite
Oracle -- Application Server
Oracle -- Oracle Database
Unspecified vulnerability in Oracle Workflow Cartridge, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; has unknown impact and attack vectors, aka OWF01.
unknown
2007-01-16
2.8CVE-2007-0275
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).
unknown
2007-01-16
2.9CVE-2007-0276
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.
unknown
2007-01-16
2.9CVE-2007-0277
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).
unknown
2007-01-16
2.9CVE-2007-0278
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
unknown
2007-01-16
2.3CVE-2007-0281
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
unknown
2007-01-16
2.0CVE-2007-0282
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.
unknown
2007-01-16
3.7CVE-2007-0283
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and Applications
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.
unknown
2007-01-16
2.3CVE-2007-0285
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
unknown
2007-01-16
1.9CVE-2007-0286
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
unknown
2007-01-16
1.0CVE-2007-0287
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
unknown
2007-01-16
1.0CVE-2007-0288
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationMultiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).
unknown
2007-01-16
2.8CVE-2007-0290
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationsUnspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
unknown
2007-01-16
1.4CVE-2007-0291
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerUnspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
unknown
2007-01-16
1.0CVE-2007-0294
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.
unknown
2007-01-16
3.3CVE-2007-0295
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
unknown
2007-01-16
1.6CVE-2007-0296
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
unknown
2007-01-16
1.4CVE-2007-0297
OTHER-REF
CERT
SECUNIA
PentaWare -- PentaZip
PentaWare -- PentaSuite-PRO
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.
unknown
2007-01-18
1.9CVE-2006-5963
OTHER-REF
SECUNIA
PentaWare -- PentaZip
PentaWare -- PentaSuite-PRO
choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename.
unknown
2007-01-18
2.7CVE-2006-5964
OTHER-REF
SECUNIA
phpMyAdmin -- phpMyAdminhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.
unknown
2007-01-18
2.3CVE-2006-6943
BUGTRAQ
OTHER-REF
Rixstep -- UndercoverUndercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.
unknown
2007-01-17
3.9CVE-2007-0336
FULLDISC
BID
SISCO -- SISCO OSI StackThe SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.
unknown
2007-01-17
2.3CVE-2006-6489
OTHER-REF
CERT-VN
BID
Snort Project -- SnortAlgorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
unknown
2007-01-16
2.3CVE-2006-6931
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Snort Project -- SnortInteger underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.
unknown
2007-01-16
3.3CVE-2007-0251
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Squid -- Squidsquid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses.
unknown
2007-01-16
3.3CVE-2007-0247
OTHER-REF
OTHER-REF
SECUNIA
Squid -- SquidThe aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
unknown
2007-01-16
3.3CVE-2007-0248
OTHER-REF
OTHER-REF
SECUNIA
Sun -- ChainKey Java Code ProtectionChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
unknown
2007-01-16
3.9CVE-2007-0014
BUGTRAQ
BUGTRAQ
Texas Imperial Software -- WFTPD
Texas Imperial Software -- WFTPD Pro Server
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.
unknown
2007-01-17
2.3CVE-2007-0311
OTHER-REF
BID
VideoLAN -- VLC Media PlayerVideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
unknown
2007-01-16
3.3CVE-2007-0256
OTHER-REF
BID
wcSimple Poll -- wcSimple PollwcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
unknown
2007-01-17
3.3CVE-2007-0312
BUGTRAQ
WordPress -- WordPressWordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
unknown
2007-01-16
3.3CVE-2007-0262
BUGTRAQ

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Agnitum -- Outpost Firewall PROAgnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.
unknown
2007-01-17
7.0CVE-2007-0333
BUGTRAQ
OTHER-REF
BID
All In One Control Panel -- All In One Control PanelMultiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.
unknown
2007-01-17
7.0CVE-2007-0316
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
FreeBSD -- FreeBSD
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
unknown
2007-01-12
7.0CVE-2007-0229
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
MLIST
XF
Apple -- Mac OS XDouble-free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
unknown
2007-01-16
10.0CVE-2007-0236
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS X
Apple -- Minimal SLP Service Agent
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
unknown
2007-01-18
7.0CVE-2007-0355
OTHER-REF
OTHER-REF
Article System -- Article SystemMultiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.
unknown
2007-01-17
7.0CVE-2007-0314
OTHER-REF
BID
XF
BolinTech -- DreamFTP ServerHeap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.
unknown
2007-01-17
7.0CVE-2007-0338
OTHER-REF
SECUNIA
Colloquy -- ColloquyMultiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the room name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
unknown
2007-01-17
7.0CVE-2007-0344
OTHER-REF
BID
SECUNIA
Computer Associates -- Protection Suites
Computer Associates -- Brightstor ARCserve Backup
Computer Associates -- Enterprise Backup
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
unknown
2007-01-16
10.0CVE-2006-5171
ISS
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
Computer Associates -- Brightstor ARCserve Backup
Computer Associates -- Brightstor Enterprise Backup
Computer Associates -- Protection Suites
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
unknown
2007-01-16
10.0CVE-2006-5172
OTHER-REF
ISS
BID
FRSIRT
SECUNIA
XF
SECTRACK
ComScripts -- PHPMyphorumPHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.
unknown
2007-01-18
7.0CVE-2007-0361
OTHER-REF
FRSIRT
Digiappz -- DigiAffiliateSQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0306
OTHER-REF
BID
FRSIRT
SECUNIA
Easy-content filemanager -- Easy-content filemanagerUnspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.
unknown
2007-01-16
7.0CVE-2007-0252
BUGTRAQ
Ezboxx -- Ezboxx Portal SystemSQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.
unknown
2007-01-16
7.0CVE-2007-0266
BUGTRAQ
F5 -- FirePass SSL VPNMultiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. NOTE: it is possible that this candidate overlaps CVE-2006-3550.
unknown
2007-01-12
7.0CVE-2007-0186
OTHER-REF
OTHER-REF
OTHER-REF
BID
FULLDISC
SECUNIA
SECUNIA
FileZilla -- FileZillaMultiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when sotring settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
10.0CVE-2007-0315
OTHER-REF
BID
FRSIRT
XF
FileZilla -- FileZillaFormat string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
7.0CVE-2007-0317
OTHER-REF
BID
FRSIRT
XF
Francisco Burzi -- PHP-NukeSQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-01-17
7.0CVE-2007-0309
BUGTRAQ
OTHER-REF
BID
SECTRACK
FreshReader -- FreshReaderCross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.
unknown
2007-01-18
7.0CVE-2007-0362
OTHER-REF
OTHER-REF
SECUNIA
Grsecurity -- Grsecurity Kernel Patch** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.
unknown
2007-01-16
7.0CVE-2007-0253
OTHER-REF
OTHER-REF
OTHER-REF
Grsecurity -- Grsecurity Kernel Patch** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.
unknown
2007-01-16
7.0CVE-2007-0257
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
SECTRACK
Image gallery with Access Database -- Image gallery with Access DatabaseMultiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.
unknown
2007-01-16
7.0CVE-2006-6932
BUGTRAQ
BID
InGate -- Firewall and SIParatorUnspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.
unknown
2007-01-17
7.0CVE-2007-0334
OTHER-REF
BID
SECUNIA
FRSIRT
Ipswitch -- WS_FTPBuffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.
unknown
2007-01-17
7.0CVE-2007-0330
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
KGB -- KGBDirectory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.
unknown
2007-01-17
7.0CVE-2007-0337
OTHER-REF
BID
libgtop -- libgtopStack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.
unknown
2007-01-16
7.0CVE-2007-0235
OTHER-REF
OTHER-REF
OTHER-REF
UBUNTU
FRSIRT
FRSIRT
SECUNIA
SECUNIA
MGB -- OpenSource GuestbookSQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-18
7.0CVE-2007-0354
OTHER-REF
OTHER-REF
VIM
BID
Michiel Broek -- mbse-bbsStack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.
unknown
2007-01-19
10.0CVE-2007-0368
OTHER-REF
OTHER-REF
BID
Microsoft -- Help WorkshopStack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
unknown
2007-01-18
8.0CVE-2007-0352
BUGTRAQ
OTHER-REF
OTHER-REF
MiNT -- Haber Sistemi 2.7SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0304
OTHER-REF
FRSIRT
SECUNIA
myWebland -- myBloggieCross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.
unknown
2007-01-18
7.0CVE-2007-0353
BUGTRAQ
OTHER-REF
BID
Naig -- Naig** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party disputes this vulnerability because this_path is defined before use.
unknown
2007-01-16
7.0CVE-2007-0260
BUGTRAQ
VIM
nicecoder -- INDEXUMultiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email ! parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.
unknown
2007-01-19
7.0CVE-2007-0364
BUGTRAQ
BID
SECUNIA
Nicola Asuni -- All In One Control PanelMultiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably a different vulnerability than CVE-2006-5830.
unknown
2007-01-19
7.0CVE-2007-0365
OTHER-REF
FRSIRT
SECUNIA
XF
NWOM -- NWOM TopsitesCross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.
unknown
2007-01-16
7.0CVE-2007-0249
BUGTRAQ
BID
Okulsistem Okul Web -- Otomasyon SistemiSQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-17
7.0CVE-2007-0305
BUGTRAQ
OTHER-REF
BID
SECUNIA
Openads -- OpenadsCross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
unknown
2007-01-18
7.0CVE-2007-0363
OTHER-REF
OTHER-REF
SECUNIA
OpenSolution -- Quick.Car
Fastilo -- Fastilo
Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-01-16
7.0CVE-2007-0258
OTHER-REF
BID
SECUNIA
SECUNIA
Oracle -- Oracle E-Business Suite and Applications
Oracle -- Oracle HTTP Server
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.
unknown
2007-01-16
7.0CVE-2007-0279
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerMultiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02.
unknown
2007-01-16
7.0CVE-2007-0292
OTHER-REF
CERT
SECUNIA
Oreon Project -- OreonPHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-01-18
7.0CVE-2007-0360
OTHER-REF
FRSIRT
OWA -- OWABuffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
unknown
2007-01-17
10.0CVE-2006-6940
OTHER-REF
OTHER-REF
FRSIRT
Pancake.org -- ZinaMultiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
unknown
2007-01-17
7.0CVE-2007-0303
OTHER-REF
BID
FRSIRT
Pensacola Web Designs -- XtremeASP PhotoGalleryCross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field.
unknown
2007-01-16
7.0CVE-2006-6936
BUGTRAQ
BID
XF
Pensacola Web Designs -- XtremeASP PhotoGallerySQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.
unknown
2007-01-16
7.0CVE-2006-6937
BUGTRAQ
BID
XF
phpMyAdmin -- phpMyAdminMultiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
unknown
2007-01-18
7.0CVE-2006-6942
BUGTRAQ
OTHER-REF
phpMyAdmin -- phpMyAdminphpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.
unknown
2007-01-18
7.0CVE-2006-6944
OTHER-REF
Plain Black -- WebGUICross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.
unknown
2007-01-17
7.0CVE-2007-0308
OTHER-REF
BID
SECUNIA
Poplar Gedcom Viewer -- Poplar Gedcom ViewerPHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.
unknown
2007-01-17
7.0CVE-2007-0307
OTHER-REF
BID
FRSIRT
SECUNIA
Portix-PHP -- Portix-PHPSQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.
unknown
2007-01-16
7.0CVE-2006-6935
BUGTRAQ
BID
XF
Scriptme -- SMe FileMailerSQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). NOTE: some of these details are obtained from third party information.
unknown
2007-01-17
7.0CVE-2007-0339
BUGTRAQ
VIM
SECUNIA
SmE -- FileMailerSQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.
unknown
2007-01-17
7.0CVE-2007-0346
VIM
FRSIRT
SmE -- FileMailerMultiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-18
7.0CVE-2007-0350
FRSIRT
sNews -- sNewssnews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
unknown
2007-01-16
10.0CVE-2007-0261
OTHER-REF
BID
SECUNIA
Sun -- JDK
Sun -- SDK
Sun -- JRE
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
2006-06-16
2007-01-17
8.0CVE-2007-0243
OTHER-REF
SUNALERT
BUGTRAQ
CERT-VN
FRSIRT
SECUNIA
ThWboard -- ThWboardSQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.
unknown
2007-01-17
7.0CVE-2007-0340
OTHER-REF
SECUNIA
Uberghey -- CMSPHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.
unknown
2007-01-18
7.0CVE-2007-0359
OTHER-REF
VIM
FRSIRT
Virtuemart -- VirtuemartSQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
unknown
2007-01-19
7.0CVE-2006-6945
FULLDISC
OTHER-REF
OTHER-REF
BID
WinZip -- WinZipBuffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
8.0CVE-2007-0264
BID
Xentraz -- liens_dynamiquesCross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.
unknown
2007-01-17
7.0CVE-2007-0331
BUGTRAQ
BID
Xentraz -- liens_dynamiques(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.
unknown
2007-01-17
7.0CVE-2007-0332
BUGTRAQ
BID
xine -- xine-uiFormat string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.
unknown
2007-01-16
10.0CVE-2007-0254
BUGTRAQ
BID
SECUNIA
XF
XINE -- XINEXINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
unknown
2007-01-16
8.0CVE-2007-0255
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
FreeBSD -- FreeBSD
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct). NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.
unknown
2007-01-16
4.7CVE-2007-0267
MLIST
OTHER-REF
BID
FRSIRT
Apple -- Mac OS XThe (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.
unknown
2007-01-17
4.2CVE-2007-0345
OTHER-REF
OTHER-REF
Dexxaboy -- LunarPollPHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers execute arbitrary PHP code via a URL in the PollDir parameter.
unknown
2007-01-17
5.6CVE-2007-0298
BUGTRAQ
VIM
BID
DT Guestbook -- DT GuestbookCross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.
unknown
2007-01-16
5.6CVE-2006-6487
netVigilance
OSVDB
SECUNIA
FRSIRT
Ezboxx -- Portal System BetaMultiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.
unknown
2007-01-16
5.6CVE-2007-0265
BUGTRAQ
FdWeB -- Espace MembrePHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-01-17
5.6CVE-2007-0301
Milw0rm
BID
FRSIRT
SECUNIA
GNU -- edGNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
unknown
2007-01-16
5.6CVE-2006-6939
OTHER-REF
FRSIRT
XF
GONICUS -- GONICUS System AdministrationUnspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
unknown
2007-01-17
6.0CVE-2007-0313
MLIST
FRSIRT
SECUNIA
InstantASP -- InstantASPMultiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.
unknown
2007-01-17
5.6CVE-2007-0302
BUGTRAQ
BID
SECUNIA
Jax Scripts -- Jax Petition BookMultiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.
unknown
2007-01-17
5.6CVE-2007-0335
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
Maxum Development Corporation -- Rumpus FTP ServerMultiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
unknown
2007-01-19
4.2CVE-2007-0019
OTHER-REF
Maxum Development Corporation -- Rumpus FTP ServerUntrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.
unknown
2007-01-19
4.9CVE-2007-0366
OTHER-REF
Maxum Development Corporation -- Rumpus FTP ServerRumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.
unknown
2007-01-19
4.9CVE-2007-0367
OTHER-REF
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product.
unknown
2007-01-18
5.6CVE-2007-0351
BUGTRAQ
BUGTRAQ
oftpd -- oftpdoftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
unknown
2007-01-16
6.7CVE-2006-6767
GENTOO
BID
FRSIRT
SECUNIA
SECUNIA
Oracle -- OracleMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly disputed claims by a reliable researcher that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package.
unknown
2007-01-16
4.2CVE-2007-0268
OTHER-REF
OTHER-REF
CERT
CERT-VN
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors related to the Data Guard and sys.dbms_drs privileges, aka DB03.
unknown
2007-01-16
4.0CVE-2007-0270
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unknown impact and attack vectors related to the Oracle Spatial component and mdsys.md privileges, aka DB05.
unknown
2007-01-16
4.0CVE-2007-0272
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01.
unknown
2007-01-16
4.7CVE-2007-0280
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
unknown
2007-01-16
4.7CVE-2007-0284
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Application ServerMultiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.
unknown
2007-01-16
4.7CVE-2007-0289
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerMultiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console.
unknown
2007-01-16
4.7CVE-2007-0293
OTHER-REF
CERT
SECUNIA
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
unknown
2007-01-17
5.6CVE-2007-0341
BUGTRAQ
BUGTRAQ
OTHER-REF
Portix-PHP -- Portix-PHPMultiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.
unknown
2007-01-16
5.6CVE-2006-6934
BUGTRAQ
BID
SECUNIA
XF
TLM CMS -- TLM CMSPHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2007-01-17
5.6CVE-2007-0300
Milw0rm
BID
FRSIRT
SECUNIA
Total Commander -- Total CommanderUnspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
5.3CVE-2007-0263
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XInteger overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.
unknown
2007-01-17
2.7CVE-2007-0299
OTHER-REF
SECUNIA
Apple -- Mac OS XThe do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.
unknown
2007-01-17
3.3CVE-2007-0318
SECUNIA
FRSIRT
Apple -- Mac OS X
Apple -- Safari
OmniGroup -- OmniWeb
Apple -- Apple WebKit
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
unknown
2007-01-17
2.3CVE-2007-0342
OTHER-REF
BID
BMC Software -- Remedy Action Request SystemBMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.
unknown
2007-01-17
2.3CVE-2007-0310
BUGTRAQ
OTHER-REF
BID
SECUNIA
EFS Software -- Easy Chat ServerEasy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-16
3.3CVE-2006-6933
SECUNIA
XF
Ezboxx -- Ezboxx Portal SystemEzboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via a invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.
unknown
2007-01-16
3.3CVE-2007-0259
BUGTRAQ
OTHER-REF
FRSIRT
FreeWebshop -- FreeWebshopindex.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.
unknown
2007-01-18
2.3CVE-2006-6941
OTHER-REF
OTHER-REF
Fritz!DSL -- Fritz!DSLDirectory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.
unknown
2007-01-18
2.3CVE-2007-0357
FULLDISC
BID
HP -- Jetdirect firmwareUnspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.
unknown
2007-01-18
3.3CVE-2007-0358
HP
SECUNIA
Joonas Viljanen -- JV2 Folder Gallerydownload.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
unknown
2007-01-17
2.3CVE-2007-0329
OTHER-REF
FRSIRT
SECUNIA
libsoup -- libsoupThe soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
unknown
2007-01-16
3.3CVE-2006-5876
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Microsoft -- Internet Explorer
Common Controls Replacement Project -- FolderTreeview ActiveX control
The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.
unknown
2007-01-18
2.3CVE-2007-0356
OTHER-REF
BID
Nicecoder -- indexuDirectory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. (dot dot) in the gateway parameter.
unknown
2007-01-18
2.3CVE-2007-0349
BUGTRAQ
NitroTech -- NitroTechDirectory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.
unknown
2007-01-16
2.3CVE-2006-6938
OTHER-REF
BID
XF
NWOM -- NWOM Topsitesindex.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.
unknown
2007-01-16
2.3CVE-2007-0250
BUGTRAQ
BID
OpenBSD -- OpenBSDOpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.
unknown
2007-01-17
2.3CVE-2007-0343
OPENBSD
OPENBSD
BID
SECTRACK
Oracle -- Oracle10g Application ServerDirectory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors.
unknown
2007-01-16
2.3CVE-2007-0222
BUGTRAQ
BID
SECUNIA
Oracle -- OracleUnspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.
unknown
2007-01-16
2.8CVE-2007-0269
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04.
unknown
2007-01-16
2.8CVE-2007-0271
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06.
unknown
2007-01-16
2.3CVE-2007-0273
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09).
unknown
2007-01-16
1.4CVE-2007-0274
OTHER-REF
CERT
SECUNIA
Oracle -- E-Business Suite and Applications
Oracle -- Collaboration Suite
Oracle -- Application Server
Oracle -- Oracle Database
Unspecified vulnerability in Oracle Workflow Cartridge, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; has unknown impact and attack vectors, aka OWF01.
unknown
2007-01-16
2.8CVE-2007-0275
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).
unknown
2007-01-16
2.9CVE-2007-0276
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseUnspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.
unknown
2007-01-16
2.9CVE-2007-0277
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).
unknown
2007-01-16
2.9CVE-2007-0278
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.
unknown
2007-01-16
2.3CVE-2007-0281
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle HTTP Server
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.
unknown
2007-01-16
2.0CVE-2007-0282
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.
unknown
2007-01-16
3.7CVE-2007-0283
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and Applications
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.
unknown
2007-01-16
2.3CVE-2007-0285
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.
unknown
2007-01-16
1.9CVE-2007-0286
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.
unknown
2007-01-16
1.0CVE-2007-0287
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.
unknown
2007-01-16
1.0CVE-2007-0288
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationMultiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).
unknown
2007-01-16
2.8CVE-2007-0290
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle E-Business Suite and ApplicationsUnspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
unknown
2007-01-16
1.4CVE-2007-0291
OTHER-REF
CERT
SECUNIA
Oracle -- Oracle Enterprise ManagerUnspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.
unknown
2007-01-16
1.0CVE-2007-0294
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.
unknown
2007-01-16
3.3CVE-2007-0295
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.
unknown
2007-01-16
1.6CVE-2007-0296
OTHER-REF
CERT
SECUNIA
Oracle -- JD Edwards EnterpriseOne
Oracle -- PeopleSoft Enterprise
Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
unknown
2007-01-16
1.4CVE-2007-0297
OTHER-REF
CERT
SECUNIA
PentaWare -- PentaZip
PentaWare -- PentaSuite-PRO
Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.
unknown
2007-01-18
1.9CVE-2006-5963
OTHER-REF
SECUNIA
PentaWare -- PentaZip
PentaWare -- PentaSuite-PRO
choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename.
unknown
2007-01-18
2.7CVE-2006-5964
OTHER-REF
SECUNIA
phpMyAdmin -- phpMyAdminhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.
unknown
2007-01-18
2.3CVE-2006-6943
BUGTRAQ
OTHER-REF
Rixstep -- UndercoverUndercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.
unknown
2007-01-17
3.9CVE-2007-0336
FULLDISC
BID
SISCO -- SISCO OSI StackThe SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.
unknown
2007-01-17
2.3CVE-2006-6489
OTHER-REF
CERT-VN
BID
Snort Project -- SnortAlgorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
unknown
2007-01-16
2.3CVE-2006-6931
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Snort Project -- SnortInteger underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.
unknown
2007-01-16
3.3CVE-2007-0251
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Squid -- Squidsquid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses.
unknown
2007-01-16
3.3CVE-2007-0247
OTHER-REF
OTHER-REF
SECUNIA
Squid -- SquidThe aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
unknown
2007-01-16
3.3CVE-2007-0248
OTHER-REF
OTHER-REF
SECUNIA
Sun -- ChainKey Java Code ProtectionChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
unknown
2007-01-16
3.9CVE-2007-0014
BUGTRAQ
BUGTRAQ
Texas Imperial Software -- WFTPD
Texas Imperial Software -- WFTPD Pro Server
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.
unknown
2007-01-17
2.3CVE-2007-0311
OTHER-REF
BID
VideoLAN -- VLC Media PlayerVideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
unknown
2007-01-16
3.3CVE-2007-0256
OTHER-REF
BID
wcSimple Poll -- wcSimple PollwcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.
unknown
2007-01-17
3.3CVE-2007-0312
BUGTRAQ
WordPress -- WordPressWordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.
unknown
2007-01-16
3.3CVE-2007-0262
BUGTRAQ

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top