U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-029)

Vulnerability Summary for the Week of January 22, 2007

Original release date: January 29, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Guestbook -- Advanced Guestbook** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.
unknown
2007-01-25
7.0CVE-2007-0530
BUGTRAQ
BUGTRAQ
Andrew Morgan -- Linux-PAMpam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
unknown
2007-01-23
7.0CVE-2007-0003
MLIST
MLIST
MLIST
Apple -- Mac OS X
Apple -- Quicktime
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
unknown
2007-01-25
10.0CVE-2007-0462
OTHER-REF
Apple -- SafariApple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
unknown
2007-01-24
7.0CVE-2007-0478
BUGTRAQ
OTHER-REF
AWFFull -- AWFFullMultiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
unknown
2007-01-25
7.0CVE-2007-0510
MLIST
OTHER-REF
FRSIRT
BBClone -- BBClonePHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.
unknown
2007-01-25
7.0CVE-2007-0508
OTHER-REF
FRSIRT
SECUNIA
BEA System -- Weblogic ServerBEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
unknown
2007-01-22
7.0CVE-2007-0408
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
unknown
2007-01-22
7.0CVE-2007-0416
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.
unknown
2007-01-22
10.0CVE-2007-0417
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
unknown
2007-01-22
7.0CVE-2007-0418
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Platform and Server
BEA Systems -- JRockit
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.
unknown
2007-01-22
7.0CVE-2007-0425
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- AquaLogic Service BusBEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
unknown
2007-01-22
7.0CVE-2007-0432
BEA
SECTRACK
SECUNIA
Bradabra -- BradabraPHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2007-01-25
7.0CVE-2007-0500
OTHER-REF
FRSIRT
SECUNIA
Check Point Software -- Connectra NGXsre/params.php in Check Point Connectra NGX R62 and earlier allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.
2006-12-20
2007-01-23
7.0CVE-2007-0471
BUGTRAQ
BUGTRAQ
FULLDISC
FRSIRT
XF
Cisco -- IOS XR
Cisco -- IOS Transmission Control Protocol
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
unknown
2007-01-24
10.0CVE-2007-0480
CISCO
Citrix -- Citrix MetaFrame XP
Citrix -- Citrix Presentation Server
Stack-based buffer overflow in the print provider library (cpprov.dll) Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
unknown
2007-01-24
7.0CVE-2007-0444
OTHER-REF
OTHER-REF
Computer Associates -- Host Intrusion Prevention SystemComputer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
unknown
2007-01-24
7.0CVE-2006-6952
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
SECUNIA
Computer Associates -- Desktop Protection Suite
Computer Associates -- BrightStor ARCserve Backup for Laptops & Desktops
Computer Associates -- Desktop Management Suite
Computer Associates -- Mobile Backup
Computer Associates -- Business Protection Suite
Multiple buffer overflows in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via unknown vectors.
unknown
2007-01-23
10.0CVE-2007-0449
OTHER-REF
Enthusiast -- EnthusiastMultiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0483
SECUNIA
Enthusiast -- EnthusiastMultiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0484
SECUNIA
FreeWebShop -- FreeWebShopPHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
unknown
2007-01-25
7.0CVE-2007-0531
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Grigoriadis -- Mini Web serverMultiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.
unknown
2007-01-25
7.0CVE-2007-0525
OTHER-REF
FRSIRT
Hitachi -- uCosminexus Service Architect
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Developer Light
Hitachi -- Cosminexus Developer Professional Version 6
Hitachi -- uCosminexus Service Platform
Hitachi -- uCosminexus Developer Standard
Hitachi -- Cosminexus Application Server Enterprise Version 6
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Cosminexus Application Server Standard Version 6
Hitachi -- Cosminexus Server - Standard Edition
Hitachi -- Hitachi Web Server for VOS3
Hitachi -- Cosminexus Server - Enterprise Edition
Hitachi -- Cosminexus Server - Standard Edition Version 4
Hitachi -- Cosminexus Application Server Version 5
Hitachi -- Cosminexus Server - Web Edition Version 4
Hitachi -- Hitachi Web Server
Hitachi -- Cosminexus Server - Web Edition
Hitachi -- uCosminexus Application Server Smart Edition
Hitachi -- Cosminexus Developer Light Version 6
Hitachi -- Cosminexus Developer Standard Version 6
Hitachi -- Cosminexus Developer Version 5
Hitachi -- Hitachi Web Server - Security Enhancement
Hitachi -- Hitachi Web Server - Custom Edition
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
unknown
2007-01-25
7.0CVE-2007-0514
OTHER-REF
FRSIRT
Mafia Scum Tools -- Mafia Scum ToolsPHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
unknown
2007-01-25
7.0CVE-2007-0501
Milw0rm
FRSIRT
MagicVideoSoftare -- Magic Music Editor
XWaver.com -- Magic Music Studio Pro
Movavi -- ConvertMovie
Joshua Mediasoft -- Video Converter Plus
NCTsoft Products -- NCTDialogicVoice
SoftDiv Softare -- iVideoMAX
Movavi -- VideoMessage
Quikscribe -- Quikscribe Player
Mystik Media Products -- Blaze Media Pro
McFunSoft -- iPod Music Converter
J Hepple Products -- Fx Video Converter
CheetahBurner -- Cheetah DVD Burner
J Hepple Products -- Fx Audio Editor
Joshua Mediasoft -- Audio Convertor Plus
NCTsoft Products -- NCTAudioFile2
Roemer Software -- Easy Hi-Q Recorder
MagicVideoSoftare -- Magic Audio Recorder
Mystik Media Products -- Blaze MediaConvert
iAudioSoft.com -- Absolute MP3 Splitter
CheetahBurner -- Cheetah CD Burner
RMBSoft -- SoundEdit Pro
Code-It Softare -- aBasic Editor
Dandans Digital Media Products -- Easy Audio Editor
McFunSoft -- Audio Editor
Digital Borneo -- Audio Mixer And Editor
Mystik Media Products -- AudioEdit Deluxe
iMesh.com -- iMesh
Smart Media Systems -- Power Audio Editor
iAudioSoft.com -- Absolute Sound Recorder
Quikscribe -- Quikscribe Recorder
J Hepple Products -- Fx Movie Joiner
Virtual CD -- Virtual CD File Server
Movavi -- ChiliBurner
Dandans Digital Media Products -- Visual Video Converter
Mediatox -- Aurora Media Workshop
Mystik Media Products -- ContextConvert Pro
Movavi -- DVD to iPod
McFunSoft -- Recording to iPod Solution
Altdo -- Convert Mp3 Master
Dandans Digital Media Products -- Music Editing Master
NCTsoft Products -- NCTAudioStudio
Sienzo -- Digital Music Mentor
Dandans Digital Media Products -- Full Audio Converter
Easy Ringtone Maker -- Easy Ringtone Maker
MP3-Soft -- MP3 Normalizer
AmericanShareware -- MP3 WAV Converter
RecordNRip -- RecordNRip
J Hepple Products -- Fx Audio Tools
McFunSoft -- Audio Studio
McFunSoft -- iPod Audio Studio
NextLevel Systems -- Audio Studio Gold
J Hepple Products -- Fx New Sound
Xrlly Software -- Arial Audio Converter
Movavi -- Suite
CDBurnerXP -- CDBurnerXP Pro
XWaver.com -- Magic Audio Editor Pro
J Hepple Products -- Fx Movie Splitter
MagicVideoSoftare -- Magic Audio Converter
Xrlly Software -- Arial Sound Recorder
J Hepple Products -- Fx Audio ConCat
Movavi -- SplitMovie
SoftDiv Softare -- Dexster
RMBSoft -- AudioConvert
Code-It Softare -- Wave MP3 Editor
Roemer Software -- Easy Hi-Q Converter
SoftDiv Softare -- VIDEOzilla
EXPStudio -- Audio Editor
Virtual CD -- Virtual CD
iAudioSoft.com -- Absolute Video to Audio Converter
Roemer Software -- FREE Hi-Q Recorder
Xrlly Software -- Text to Speech Maker
J Hepple Products -- Fx Movie Joiner and Splitter
J Hepple Products -- Fx Magic Music
Altdo -- Mp3 Record&Edit Audio Master
SoftDiv Softare -- Snosh
Audio Edit Magic -- Audio Edit Magic
McFunSoft -- Audio Recorder for Free
NextLevel Systems -- Audio Editor Gold
NCTsoft Products -- NCTAudioEditor
SoftDiv Softare -- MP3 to WAV Converter
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (1! 8) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; and (28) MP3 WAV Converter.
unknown
2007-01-24
8.0CVE-2007-0018
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MaklerPlus -- MaklerPlusMultiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.
unknown
2007-01-25
7.0CVE-2007-0509
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Help WorkshopStack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
unknown
2007-01-22
8.0CVE-2007-0427
BUGTRAQ
OTHER-REF
BID
Microsoft -- Office Word
Microsoft -- Office
Microsoft -- Word
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service (crash) on Word 2003, via unknown attack vectors, as exploited by Trojan.Mdropper.W. NOTE: a reliable source has claimed that this is a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561, but as of 20070125, Microsoft has not confirmed this.
unknown
2007-01-25
8.0CVE-2007-0515
OTHER-REF
BID
NEC -- MultiWriterThe web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
unknown
2007-01-22
7.0CVE-2006-6946
OTHER-REF
Neon Labs -- Neon Labs WebsitePHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
unknown
2007-01-25
10.0CVE-2007-0496
OTHER-REF
FRSIRT
Odysseus Blog -- Odysseus BlogCross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2007-01-22
7.0CVE-2006-6951
BUGTRAQ
VIM
BID
XF
Openads -- OpenadsCross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka Max Media Manager before 0.3.31-alpha) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.
unknown
2007-01-24
7.0CVE-2007-0477
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Panic Transmit -- Panic TransmitHeap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.
unknown
2007-01-23
8.0CVE-2007-0020
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
phpAdsNew -- phpAdsNewMultiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc.
unknown
2007-01-24
7.0CVE-2007-0486
BUGTRAQ
PhpSherpa -- PhpSherpaPHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
unknown
2007-01-25
10.0CVE-2007-0495
OTHER-REF
FRSIRT
SECUNIA
rPath -- rPath LinuxThe chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
unknown
2007-01-26
7.0CVE-2007-0536
OTHER-REF
OTHER-REF
RubyForge -- RubyGemsThe extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
unknown
2007-01-23
8.0CVE-2007-0469
OTHER-REF
FRSIRT
Sangwan Kim -- phpIndexPagePHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
unknown
2007-01-25
7.0CVE-2007-0499
Milw0rm
FRSIRT
Scriptsez -- Random PHP QuoteScriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.
unknown
2007-01-25
7.0CVE-2007-0517
BUGTRAQ
Scriptsez -- Smart PHP SubscriberScriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
unknown
2007-01-25
7.0CVE-2007-0518
BUGTRAQ
SECUNIA
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
unknown
2007-01-25
7.0CVE-2007-0498
OTHER-REF
Sun -- SolarisMultiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
unknown
2007-01-23
7.0CVE-2007-0470
SUNALERT
SuSE -- SuSE LinuxBuffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, has unknown impact and attack vectors related to "improper string length calculations."
unknown
2007-01-23
7.0CVE-2007-0460
SUSE
SECUNIA
T-Com -- Speedport 500VT-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
unknown
2007-01-22
7.0CVE-2007-0435
BUGTRAQ
Unique Ads -- Unique AdsSQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
unknown
2007-01-25
7.0CVE-2007-0520
BUGTRAQ
XF
Vote! Pro -- Vote! ProEval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
unknown
2007-01-25
10.0CVE-2007-0504
OTHER-REF
FRSIRT
SECUNIA
Vote! Pro -- Vote! ProMultiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-25
7.0CVE-2007-0535
FRSIRT
SECUNIA
WebChat.org -- WebChatPHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
unknown
2007-01-24
7.0CVE-2007-0485
OTHER-REF
XF
webSPELL -- webSPELLMultiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0492
FRSIRT
webSPELL -- webSPELLSQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
unknown
2007-01-25
7.0CVE-2007-0502
OTHER-REF
FRSIRT
ZoneO-Soft -- freeForumPHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
unknown
2007-01-24
7.0CVE-2007-0487
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XThe CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
unknown
2007-01-23
5.6CVE-2007-0023
OTHER-REF
BEA System -- WebLogicBEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.
unknown
2007-01-22
5.6CVE-2007-0411
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
unknown
2007-01-22
4.7CVE-2007-0421
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
unknown
2007-01-22
5.6CVE-2007-0426
BEA
FRSIRT
SECUNIA
BEA Systems -- AquaLogic Service BusUnspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.
unknown
2007-01-22
4.2CVE-2007-0433
BEA
SECTRACK
SECUNIA
BEA Systems -- AquaLogic Enterprise SecurityBEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.
unknown
2007-01-22
4.9CVE-2007-0434
BEA
SECUNIA
Centrality Communications -- PA168 chipsetThe admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
unknown
2007-01-25
6.0CVE-2007-0528
BUGTRAQ
OTHER-REF
Conti -- FTPServerConti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.
unknown
2007-01-22
4.9CVE-2006-6949
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- Project issue tracking
Drupal -- Project
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
unknown
2007-01-25
4.8CVE-2007-0505
OTHER-REF
FRSIRT
Gentoo -- Gentoo LinuxThe gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
unknown
2007-01-24
4.9CVE-2007-0476
GENTOO
SECUNIA
HP -- OpenView Network Node ManagerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.
unknown
2007-01-23
5.6CVE-2007-0441
HP
SECTRACK
Microsoft -- Visual StudioStack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
unknown
2007-01-23
5.6CVE-2007-0468
BUGTRAQ
OTHER-REF
SECUNIA
phpXMLDOM -- phpXMLDOMMultiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.
unknown
2007-01-25
5.6CVE-2007-0511
OTHER-REF
SECUNIA
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
unknown
2007-01-24
5.6CVE-2007-0491
FRSIRT
SECUNIA
Sun -- Ray Server Softwarecgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
unknown
2007-01-24
4.9CVE-2007-0482
SUNALERT
Sun -- SolarisUnspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
unknown
2007-01-25
5.6CVE-2007-0503
SUNALERT
FRSIRT
SECTRACK
SECUNIA
XF
Upload-Service -- Upload-ServicePHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
unknown
2007-01-25
5.6CVE-2007-0497
OTHER-REF
FRSIRT
SECUNIA
VisoHotlink -- VisoHotlinkPHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-01-24
5.6CVE-2007-0489
OTHER-REF
FRSIRT
SECUNIA
XF
Website Baker -- Website BakerSQL injection vulnerability in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter.
unknown
2007-01-25
5.6CVE-2007-0527
BUGTRAQ
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XThe shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
unknown
2007-01-22
2.3CVE-2007-0430
BUGTRAQ
AToZed Software -- IntraWeb ComponentThe AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.
unknown
2007-01-25
2.3CVE-2007-0533
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
XF
AVM -- FRITZ!BoxAVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).
unknown
2007-01-22
3.3CVE-2007-0431
BUGTRAQ
FULLDISC
OTHER-REF
BID
BEA System -- WebLogicBEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
unknown
2007-01-22
0.8CVE-2007-0409
BEA
FRSIRT
SECTRACK
SECUNIA
BEA System -- WebLogicUnspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."
unknown
2007-01-22
2.3CVE-2007-0410
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.
unknown
2007-01-22
2.3CVE-2007-0412
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
unknown
2007-01-22
3.9CVE-2007-0413
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
unknown
2007-01-22
2.3CVE-2007-0414
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
unknown
2007-01-22
2.3CVE-2007-0415
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
unknown
2007-01-22
2.3CVE-2007-0419
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
unknown
2007-01-22
2.3CVE-2007-0420
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
unknown
2007-01-22
2.3CVE-2007-0422
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
unknown
2007-01-22
3.9CVE-2007-0423
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerUnspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
unknown
2007-01-22
2.3CVE-2007-0424
BEA
FRSIRT
SECTRACK
SECUNIA
Bitweaver -- BitweaverMultiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.
unknown
2007-01-25
2.3CVE-2007-0526
BUGTRAQ
XF
Cisco -- IOS Transmission Control ProtocolMemory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
unknown
2007-01-24
3.3CVE-2007-0479
CISCO
Cisco -- IOSCisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
unknown
2007-01-24
3.3CVE-2007-0481
CISCO
Conti -- FTPServerDirectory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument.
unknown
2007-01-22
2.3CVE-2006-6950
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Dazuko -- DazukoMultiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.
unknown
2007-01-23
2.3CVE-2007-0461
SUSE
DivX Inc. -- DivX PlayerDivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.
unknown
2007-01-22
2.3CVE-2007-0429
OTHER-REF
BID
XF
Drupal -- Project issue tracking
Drupal -- Project
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
unknown
2007-01-25
3.4CVE-2007-0506
OTHER-REF
FRSIRT
Drupal -- AcidfreeSQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
unknown
2007-01-25
3.4CVE-2007-0507
OTHER-REF
FRSIRT
SECUNIA
Drupal -- Project module
Drupal -- Project Issue Tracking module
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
unknown
2007-01-25
2.3CVE-2007-0534
OTHER-REF
FRSIRT
Hitachi -- TP1/Link
Hitachi -- TP1/Server Base
Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port.
unknown
2007-01-25
2.3CVE-2007-0512
OTHER-REF
FRSIRT
Hitachi -- HiRDB/Parallel Server
Hitachi -- HiRDB/Workgroup Server
Hitachi -- HiRDB/Single Server Workgroup Edition
Hitachi -- HiRDB/Single Server
Hitachi -- HiRDB Datareplicator
Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.
unknown
2007-01-25
2.3CVE-2007-0513
OTHER-REF
FRSIRT
Huawei -- Versatile Routing PlatformThe Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.
unknown
2007-01-24
2.3CVE-2007-0488
FULLDISC
XF
IBM -- OS/400Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
unknown
2007-01-23
2.3CVE-2007-0442
AIXAPAR
AIXAPAR
SECUNIA
Internet Systems Consortium -- BINDUse-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
unknown
2007-01-25
3.3CVE-2007-0493
FULLDISC
MLIST
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ISC -- BINDISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.
unknown
2007-01-25
1.9CVE-2007-0494
MLIST
OTHER-REF
OTHER-REF
SECUNIA
LG Electronics -- Chocolate KG800The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0524
BUGTRAQ
BUGTRAQ
Motorola -- MOTORAZRThe Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0522
BUGTRAQ
BUGTRAQ
MyODBC -- MyODBCMyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
unknown
2007-01-22
3.3CVE-2006-6948
OTHER-REF
NEC -- MultiWriterThe FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
unknown
2007-01-22
3.3CVE-2006-6947
OTHER-REF
Nokia -- N70The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0523
BUGTRAQ
BUGTRAQ
Open-Realty -- Open-Realtyindex.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.
unknown
2007-01-24
2.3CVE-2007-0490
BUGTRAQ
PHP Link Directory -- PHP Link DirectoryCross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.
unknown
2007-01-25
2.3CVE-2007-0529
BUGTRAQ
OTHER-REF
XF
Sony Ericsson -- W810i
Sony Ericsson -- K700i
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0521
BUGTRAQ
BUGTRAQ
The GIMP Team -- GIMP ToolKitThe GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
unknown
2007-01-24
1.6CVE-2007-0010
OTHER-REF
REDHAT
Tuan Do -- UploaderTuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
unknown
2007-01-25
2.3CVE-2007-0532
BUGTRAQ
XF
wzdftpd -- wzdftpdUnspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
unknown
2007-01-22
2.3CVE-2007-0428
BUGTRAQ
FULLDISC
OTHER-REF
SECTRACK
XF
XMB Software -- U2U Instant MessengerCross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
unknown
2007-01-25
1.1CVE-2007-0519
BUGTRAQ
OTHER-REF
XF
Yana Framework -- Yana FrameworkYana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-25
1.1CVE-2007-0516
OTHER-REF
OSVDB
SECUNIA
XF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Guestbook -- Advanced Guestbook** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.
unknown
2007-01-25
7.0CVE-2007-0530
BUGTRAQ
BUGTRAQ
Andrew Morgan -- Linux-PAMpam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
unknown
2007-01-23
7.0CVE-2007-0003
MLIST
MLIST
MLIST
Apple -- Mac OS X
Apple -- Quicktime
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
unknown
2007-01-25
10.0CVE-2007-0462
OTHER-REF
Apple -- SafariApple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
unknown
2007-01-24
7.0CVE-2007-0478
BUGTRAQ
OTHER-REF
AWFFull -- AWFFullMultiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
unknown
2007-01-25
7.0CVE-2007-0510
MLIST
OTHER-REF
FRSIRT
BBClone -- BBClonePHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.
unknown
2007-01-25
7.0CVE-2007-0508
OTHER-REF
FRSIRT
SECUNIA
BEA System -- Weblogic ServerBEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.
unknown
2007-01-22
7.0CVE-2007-0408
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.
unknown
2007-01-22
7.0CVE-2007-0416
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.
unknown
2007-01-22
10.0CVE-2007-0417
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.
unknown
2007-01-22
7.0CVE-2007-0418
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Platform and Server
BEA Systems -- JRockit
Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.
unknown
2007-01-22
7.0CVE-2007-0425
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- AquaLogic Service BusBEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.
unknown
2007-01-22
7.0CVE-2007-0432
BEA
SECTRACK
SECUNIA
Bradabra -- BradabraPHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2007-01-25
7.0CVE-2007-0500
OTHER-REF
FRSIRT
SECUNIA
Check Point Software -- Connectra NGXsre/params.php in Check Point Connectra NGX R62 and earlier allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.
2006-12-20
2007-01-23
7.0CVE-2007-0471
BUGTRAQ
BUGTRAQ
FULLDISC
FRSIRT
XF
Cisco -- IOS XR
Cisco -- IOS Transmission Control Protocol
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
unknown
2007-01-24
10.0CVE-2007-0480
CISCO
Citrix -- Citrix MetaFrame XP
Citrix -- Citrix Presentation Server
Stack-based buffer overflow in the print provider library (cpprov.dll) Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
unknown
2007-01-24
7.0CVE-2007-0444
OTHER-REF
OTHER-REF
Computer Associates -- Host Intrusion Prevention SystemComputer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
unknown
2007-01-24
7.0CVE-2006-6952
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
SECUNIA
Computer Associates -- Desktop Protection Suite
Computer Associates -- BrightStor ARCserve Backup for Laptops & Desktops
Computer Associates -- Desktop Management Suite
Computer Associates -- Mobile Backup
Computer Associates -- Business Protection Suite
Multiple buffer overflows in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via unknown vectors.
unknown
2007-01-23
10.0CVE-2007-0449
OTHER-REF
Enthusiast -- EnthusiastMultiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0483
SECUNIA
Enthusiast -- EnthusiastMultiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0484
SECUNIA
FreeWebShop -- FreeWebShopPHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.
unknown
2007-01-25
7.0CVE-2007-0531
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Grigoriadis -- Mini Web serverMultiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.
unknown
2007-01-25
7.0CVE-2007-0525
OTHER-REF
FRSIRT
Hitachi -- uCosminexus Service Architect
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Developer Light
Hitachi -- Cosminexus Developer Professional Version 6
Hitachi -- uCosminexus Service Platform
Hitachi -- uCosminexus Developer Standard
Hitachi -- Cosminexus Application Server Enterprise Version 6
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Cosminexus Application Server Standard Version 6
Hitachi -- Cosminexus Server - Standard Edition
Hitachi -- Hitachi Web Server for VOS3
Hitachi -- Cosminexus Server - Enterprise Edition
Hitachi -- Cosminexus Server - Standard Edition Version 4
Hitachi -- Cosminexus Application Server Version 5
Hitachi -- Cosminexus Server - Web Edition Version 4
Hitachi -- Hitachi Web Server
Hitachi -- Cosminexus Server - Web Edition
Hitachi -- uCosminexus Application Server Smart Edition
Hitachi -- Cosminexus Developer Light Version 6
Hitachi -- Cosminexus Developer Standard Version 6
Hitachi -- Cosminexus Developer Version 5
Hitachi -- Hitachi Web Server - Security Enhancement
Hitachi -- Hitachi Web Server - Custom Edition
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
unknown
2007-01-25
7.0CVE-2007-0514
OTHER-REF
FRSIRT
Mafia Scum Tools -- Mafia Scum ToolsPHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.
unknown
2007-01-25
7.0CVE-2007-0501
Milw0rm
FRSIRT
MagicVideoSoftare -- Magic Music Editor
XWaver.com -- Magic Music Studio Pro
Movavi -- ConvertMovie
Joshua Mediasoft -- Video Converter Plus
NCTsoft Products -- NCTDialogicVoice
SoftDiv Softare -- iVideoMAX
Movavi -- VideoMessage
Quikscribe -- Quikscribe Player
Mystik Media Products -- Blaze Media Pro
McFunSoft -- iPod Music Converter
J Hepple Products -- Fx Video Converter
CheetahBurner -- Cheetah DVD Burner
J Hepple Products -- Fx Audio Editor
Joshua Mediasoft -- Audio Convertor Plus
NCTsoft Products -- NCTAudioFile2
Roemer Software -- Easy Hi-Q Recorder
MagicVideoSoftare -- Magic Audio Recorder
Mystik Media Products -- Blaze MediaConvert
iAudioSoft.com -- Absolute MP3 Splitter
CheetahBurner -- Cheetah CD Burner
RMBSoft -- SoundEdit Pro
Code-It Softare -- aBasic Editor
Dandans Digital Media Products -- Easy Audio Editor
McFunSoft -- Audio Editor
Digital Borneo -- Audio Mixer And Editor
Mystik Media Products -- AudioEdit Deluxe
iMesh.com -- iMesh
Smart Media Systems -- Power Audio Editor
iAudioSoft.com -- Absolute Sound Recorder
Quikscribe -- Quikscribe Recorder
J Hepple Products -- Fx Movie Joiner
Virtual CD -- Virtual CD File Server
Movavi -- ChiliBurner
Dandans Digital Media Products -- Visual Video Converter
Mediatox -- Aurora Media Workshop
Mystik Media Products -- ContextConvert Pro
Movavi -- DVD to iPod
McFunSoft -- Recording to iPod Solution
Altdo -- Convert Mp3 Master
Dandans Digital Media Products -- Music Editing Master
NCTsoft Products -- NCTAudioStudio
Sienzo -- Digital Music Mentor
Dandans Digital Media Products -- Full Audio Converter
Easy Ringtone Maker -- Easy Ringtone Maker
MP3-Soft -- MP3 Normalizer
AmericanShareware -- MP3 WAV Converter
RecordNRip -- RecordNRip
J Hepple Products -- Fx Audio Tools
McFunSoft -- Audio Studio
McFunSoft -- iPod Audio Studio
NextLevel Systems -- Audio Studio Gold
J Hepple Products -- Fx New Sound
Xrlly Software -- Arial Audio Converter
Movavi -- Suite
CDBurnerXP -- CDBurnerXP Pro
XWaver.com -- Magic Audio Editor Pro
J Hepple Products -- Fx Movie Splitter
MagicVideoSoftare -- Magic Audio Converter
Xrlly Software -- Arial Sound Recorder
J Hepple Products -- Fx Audio ConCat
Movavi -- SplitMovie
SoftDiv Softare -- Dexster
RMBSoft -- AudioConvert
Code-It Softare -- Wave MP3 Editor
Roemer Software -- Easy Hi-Q Converter
SoftDiv Softare -- VIDEOzilla
EXPStudio -- Audio Editor
Virtual CD -- Virtual CD
iAudioSoft.com -- Absolute Video to Audio Converter
Roemer Software -- FREE Hi-Q Recorder
Xrlly Software -- Text to Speech Maker
J Hepple Products -- Fx Movie Joiner and Splitter
J Hepple Products -- Fx Magic Music
Altdo -- Mp3 Record&Edit Audio Master
SoftDiv Softare -- Snosh
Audio Edit Magic -- Audio Edit Magic
McFunSoft -- Audio Recorder for Free
NextLevel Systems -- Audio Editor Gold
NCTsoft Products -- NCTAudioEditor
SoftDiv Softare -- MP3 to WAV Converter
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (1! 8) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; and (28) MP3 WAV Converter.
unknown
2007-01-24
8.0CVE-2007-0018
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MaklerPlus -- MaklerPlusMultiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.
unknown
2007-01-25
7.0CVE-2007-0509
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Help WorkshopStack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
unknown
2007-01-22
8.0CVE-2007-0427
BUGTRAQ
OTHER-REF
BID
Microsoft -- Office Word
Microsoft -- Office
Microsoft -- Word
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service (crash) on Word 2003, via unknown attack vectors, as exploited by Trojan.Mdropper.W. NOTE: a reliable source has claimed that this is a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561, but as of 20070125, Microsoft has not confirmed this.
unknown
2007-01-25
8.0CVE-2007-0515
OTHER-REF
BID
NEC -- MultiWriterThe web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.
unknown
2007-01-22
7.0CVE-2006-6946
OTHER-REF
Neon Labs -- Neon Labs WebsitePHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
unknown
2007-01-25
10.0CVE-2007-0496
OTHER-REF
FRSIRT
Odysseus Blog -- Odysseus BlogCross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2007-01-22
7.0CVE-2006-6951
BUGTRAQ
VIM
BID
XF
Openads -- OpenadsCross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka Max Media Manager before 0.3.31-alpha) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.
unknown
2007-01-24
7.0CVE-2007-0477
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Panic Transmit -- Panic TransmitHeap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.
unknown
2007-01-23
8.0CVE-2007-0020
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
phpAdsNew -- phpAdsNewMultiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc.
unknown
2007-01-24
7.0CVE-2007-0486
BUGTRAQ
PhpSherpa -- PhpSherpaPHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
unknown
2007-01-25
10.0CVE-2007-0495
OTHER-REF
FRSIRT
SECUNIA
rPath -- rPath LinuxThe chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
unknown
2007-01-26
7.0CVE-2007-0536
OTHER-REF
OTHER-REF
RubyForge -- RubyGemsThe extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
unknown
2007-01-23
8.0CVE-2007-0469
OTHER-REF
FRSIRT
Sangwan Kim -- phpIndexPagePHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.
unknown
2007-01-25
7.0CVE-2007-0499
Milw0rm
FRSIRT
Scriptsez -- Random PHP QuoteScriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.
unknown
2007-01-25
7.0CVE-2007-0517
BUGTRAQ
Scriptsez -- Smart PHP SubscriberScriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.
unknown
2007-01-25
7.0CVE-2007-0518
BUGTRAQ
SECUNIA
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
unknown
2007-01-25
7.0CVE-2007-0498
OTHER-REF
Sun -- SolarisMultiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
unknown
2007-01-23
7.0CVE-2007-0470
SUNALERT
SuSE -- SuSE LinuxBuffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, has unknown impact and attack vectors related to "improper string length calculations."
unknown
2007-01-23
7.0CVE-2007-0460
SUSE
SECUNIA
T-Com -- Speedport 500VT-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.
unknown
2007-01-22
7.0CVE-2007-0435
BUGTRAQ
Unique Ads -- Unique AdsSQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
unknown
2007-01-25
7.0CVE-2007-0520
BUGTRAQ
XF
Vote! Pro -- Vote! ProEval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
unknown
2007-01-25
10.0CVE-2007-0504
OTHER-REF
FRSIRT
SECUNIA
Vote! Pro -- Vote! ProMultiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-25
7.0CVE-2007-0535
FRSIRT
SECUNIA
WebChat.org -- WebChatPHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.
unknown
2007-01-24
7.0CVE-2007-0485
OTHER-REF
XF
webSPELL -- webSPELLMultiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-24
7.0CVE-2007-0492
FRSIRT
webSPELL -- webSPELLSQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.
unknown
2007-01-25
7.0CVE-2007-0502
OTHER-REF
FRSIRT
ZoneO-Soft -- freeForumPHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
unknown
2007-01-24
7.0CVE-2007-0487
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XThe CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.
unknown
2007-01-23
5.6CVE-2007-0023
OTHER-REF
BEA System -- WebLogicBEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.
unknown
2007-01-22
5.6CVE-2007-0411
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.
unknown
2007-01-22
4.7CVE-2007-0421
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.
unknown
2007-01-22
5.6CVE-2007-0426
BEA
FRSIRT
SECUNIA
BEA Systems -- AquaLogic Service BusUnspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.
unknown
2007-01-22
4.2CVE-2007-0433
BEA
SECTRACK
SECUNIA
BEA Systems -- AquaLogic Enterprise SecurityBEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.
unknown
2007-01-22
4.9CVE-2007-0434
BEA
SECUNIA
Centrality Communications -- PA168 chipsetThe admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
unknown
2007-01-25
6.0CVE-2007-0528
BUGTRAQ
OTHER-REF
Conti -- FTPServerConti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.
unknown
2007-01-22
4.9CVE-2006-6949
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- Project issue tracking
Drupal -- Project
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
unknown
2007-01-25
4.8CVE-2007-0505
OTHER-REF
FRSIRT
Gentoo -- Gentoo LinuxThe gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
unknown
2007-01-24
4.9CVE-2007-0476
GENTOO
SECUNIA
HP -- OpenView Network Node ManagerUnspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.
unknown
2007-01-23
5.6CVE-2007-0441
HP
SECTRACK
Microsoft -- Visual StudioStack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
unknown
2007-01-23
5.6CVE-2007-0468
BUGTRAQ
OTHER-REF
SECUNIA
phpXMLDOM -- phpXMLDOMMultiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.
unknown
2007-01-25
5.6CVE-2007-0511
OTHER-REF
SECUNIA
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.
unknown
2007-01-24
5.6CVE-2007-0491
FRSIRT
SECUNIA
Sun -- Ray Server Softwarecgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
unknown
2007-01-24
4.9CVE-2007-0482
SUNALERT
Sun -- SolarisUnspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
unknown
2007-01-25
5.6CVE-2007-0503
SUNALERT
FRSIRT
SECTRACK
SECUNIA
XF
Upload-Service -- Upload-ServicePHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.
unknown
2007-01-25
5.6CVE-2007-0497
OTHER-REF
FRSIRT
SECUNIA
VisoHotlink -- VisoHotlinkPHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-01-24
5.6CVE-2007-0489
OTHER-REF
FRSIRT
SECUNIA
XF
Website Baker -- Website BakerSQL injection vulnerability in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter.
unknown
2007-01-25
5.6CVE-2007-0527
BUGTRAQ
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XThe shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
unknown
2007-01-22
2.3CVE-2007-0430
BUGTRAQ
AToZed Software -- IntraWeb ComponentThe AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.
unknown
2007-01-25
2.3CVE-2007-0533
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
XF
AVM -- FRITZ!BoxAVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).
unknown
2007-01-22
3.3CVE-2007-0431
BUGTRAQ
FULLDISC
OTHER-REF
BID
BEA System -- WebLogicBEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.
unknown
2007-01-22
0.8CVE-2007-0409
BEA
FRSIRT
SECTRACK
SECUNIA
BEA System -- WebLogicUnspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."
unknown
2007-01-22
2.3CVE-2007-0410
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.
unknown
2007-01-22
2.3CVE-2007-0412
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.
unknown
2007-01-22
3.9CVE-2007-0413
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.
unknown
2007-01-22
2.3CVE-2007-0414
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.
unknown
2007-01-22
2.3CVE-2007-0415
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
unknown
2007-01-22
2.3CVE-2007-0419
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.
unknown
2007-01-22
2.3CVE-2007-0420
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.
unknown
2007-01-22
2.3CVE-2007-0422
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.
unknown
2007-01-22
3.9CVE-2007-0423
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerUnspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.
unknown
2007-01-22
2.3CVE-2007-0424
BEA
FRSIRT
SECTRACK
SECUNIA
Bitweaver -- BitweaverMultiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.
unknown
2007-01-25
2.3CVE-2007-0526
BUGTRAQ
XF
Cisco -- IOS Transmission Control ProtocolMemory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.
unknown
2007-01-24
3.3CVE-2007-0479
CISCO
Cisco -- IOSCisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.
unknown
2007-01-24
3.3CVE-2007-0481
CISCO
Conti -- FTPServerDirectory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. (dot dot) in a filename argument.
unknown
2007-01-22
2.3CVE-2006-6950
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Dazuko -- DazukoMultiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.
unknown
2007-01-23
2.3CVE-2007-0461
SUSE
DivX Inc. -- DivX PlayerDivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.
unknown
2007-01-22
2.3CVE-2007-0429
OTHER-REF
BID
XF
Drupal -- Project issue tracking
Drupal -- Project
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
unknown
2007-01-25
3.4CVE-2007-0506
OTHER-REF
FRSIRT
Drupal -- AcidfreeSQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.
unknown
2007-01-25
3.4CVE-2007-0507
OTHER-REF
FRSIRT
SECUNIA
Drupal -- Project module
Drupal -- Project Issue Tracking module
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."
unknown
2007-01-25
2.3CVE-2007-0534
OTHER-REF
FRSIRT
Hitachi -- TP1/Link
Hitachi -- TP1/Server Base
Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port.
unknown
2007-01-25
2.3CVE-2007-0512
OTHER-REF
FRSIRT
Hitachi -- HiRDB/Parallel Server
Hitachi -- HiRDB/Workgroup Server
Hitachi -- HiRDB/Single Server Workgroup Edition
Hitachi -- HiRDB/Single Server
Hitachi -- HiRDB Datareplicator
Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.
unknown
2007-01-25
2.3CVE-2007-0513
OTHER-REF
FRSIRT
Huawei -- Versatile Routing PlatformThe Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.
unknown
2007-01-24
2.3CVE-2007-0488
FULLDISC
XF
IBM -- OS/400Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
unknown
2007-01-23
2.3CVE-2007-0442
AIXAPAR
AIXAPAR
SECUNIA
Internet Systems Consortium -- BINDUse-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
unknown
2007-01-25
3.3CVE-2007-0493
FULLDISC
MLIST
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ISC -- BINDISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.
unknown
2007-01-25
1.9CVE-2007-0494
MLIST
OTHER-REF
OTHER-REF
SECUNIA
LG Electronics -- Chocolate KG800The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0524
BUGTRAQ
BUGTRAQ
Motorola -- MOTORAZRThe Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0522
BUGTRAQ
BUGTRAQ
MyODBC -- MyODBCMyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.
unknown
2007-01-22
3.3CVE-2006-6948
OTHER-REF
NEC -- MultiWriterThe FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
unknown
2007-01-22
3.3CVE-2006-6947
OTHER-REF
Nokia -- N70The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0523
BUGTRAQ
BUGTRAQ
Open-Realty -- Open-Realtyindex.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.
unknown
2007-01-24
2.3CVE-2007-0490
BUGTRAQ
PHP Link Directory -- PHP Link DirectoryCross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.
unknown
2007-01-25
2.3CVE-2007-0529
BUGTRAQ
OTHER-REF
XF
Sony Ericsson -- W810i
Sony Ericsson -- K700i
The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
unknown
2007-01-25
1.9CVE-2007-0521
BUGTRAQ
BUGTRAQ
The GIMP Team -- GIMP ToolKitThe GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
unknown
2007-01-24
1.6CVE-2007-0010
OTHER-REF
REDHAT
Tuan Do -- UploaderTuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.
unknown
2007-01-25
2.3CVE-2007-0532
BUGTRAQ
XF
wzdftpd -- wzdftpdUnspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.
unknown
2007-01-22
2.3CVE-2007-0428
BUGTRAQ
FULLDISC
OTHER-REF
SECTRACK
XF
XMB Software -- U2U Instant MessengerCross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
unknown
2007-01-25
1.1CVE-2007-0519
BUGTRAQ
OTHER-REF
XF
Yana Framework -- Yana FrameworkYana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-25
1.1CVE-2007-0516
OTHER-REF
OSVDB
SECUNIA
XF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top