U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-043)

Vulnerability Summary for the Week of February 5, 2007

Original release date: February 12, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Poll -- Advanced Polladmin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
unknown
2007-02-08
7.0CVE-2007-0845
OTHER-REF
BID
AgerMenu -- AgerMenuPHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
unknown
2007-02-07
7.0CVE-2007-0837
OTHER-REF
VIM
VIM
FRSIRT
Alibaba -- Alipay ActiveX controlHeap-based buffer overflow in the Alibaba Alipay ActiveX control allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument.
unknown
2007-02-07
7.0CVE-2007-0827
OTHER-REF
Atsphp -- Atsphp** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.
unknown
2007-02-07
7.0CVE-2007-0831
BUGTRAQ
BUGTRAQ
Barron McCann -- Install
Barron McCann -- X-Kryptor Driver
Barron McCann -- X-Kryptor Secure Client
Barron McCann -- Xgntr
Unspecified vulnerability in Barron McCann X-Kryptor Driver BMS1446HRR, Xgntr BMS1351, and Install BMS1472 in X-Kryptor Secure Client allows local users to gain privileges via unknown vectors.
unknown
2007-02-03
7.0CVE-2007-0436
OTHER-REF
OTHER-REF
Blue Coat Systems -- WinProxyBlue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
unknown
2007-02-06
7.0CVE-2007-0796
IDEFENSE
FRSIRT
Bluevirus-design -- SMA-DBPHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.
unknown
2007-02-06
7.0CVE-2007-0797
OTHER-REF
BID
BtitTracker -- BtitTrackerSQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.
unknown
2007-02-07
7.0CVE-2006-6972
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
Cedric -- CLAIRE PortailPhpMultiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
7.0CVE-2007-0820
BID
CentiPaid -- CentiPaidPHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.
unknown
2007-02-08
7.0CVE-2006-6976
OTHER-REF
VIM
XF
Comodo -- Comodo Firewall Procmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
unknown
2007-02-03
7.0CVE-2007-0708
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Comodo -- Comodo Firewall Procmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
unknown
2007-02-03
7.0CVE-2007-0709
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Darrens $5 Script Archive -- FlashChatCross-site scripting (XSS) vulnerability in index.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.
unknown
2007-02-07
7.0CVE-2007-0807
BUGTRAQ
Darrens $5 Script Archive -- FlashChatCross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
7.0CVE-2007-0834
SECUNIA
dB Masters Multimedia -- Curium CMSSQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.
unknown
2007-02-05
7.0CVE-2007-0765
OTHER-REF
BID
XF
Epistemon -- EpistemonPHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
unknown
2007-02-03
7.0CVE-2007-0701
Milw0rm
VIM
BID
FRSIRT
EQdkp -- EQdkpEQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.
unknown
2007-02-05
10.0CVE-2007-0760
OTHER-REF
BID
F3Site -- F3SiteCross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
unknown
2007-02-05
7.0CVE-2007-0763
OTHER-REF
BID
FCKeditor -- FCKeditorCross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
unknown
2007-02-08
7.0CVE-2006-6978
BUGTRAQ
OTHER-REF
XF
Fenrir -- Darksky RSS barCross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
7.0CVE-2007-0706
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Fenrir & Co -- Portable Sleipnir
Fenrir & Co -- Sleipnir
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
7.0CVE-2007-0705
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Flipsource -- FlipPHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
unknown
2007-02-06
7.0CVE-2007-0785
OTHER-REF
BID
FRSIRT
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net PortalMultiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protections chemes, not the vulnerable functions.
unknown
2007-02-03
7.0CVE-2007-0695
OTHER-REF
VIM
FRSIRT
XF
Geeklog -- GeeklogPHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
unknown
2007-02-07
7.0CVE-2007-0810
OTHER-REF
GGCMS -- GGCMSDirectory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
unknown
2007-02-07
7.0CVE-2007-0804
OTHER-REF
BID
FRSIRT
XF
GlobalMegaCorp -- DvddbPHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
unknown
2007-02-06
7.0CVE-2007-0793
BUGTRAQ
GlobalMegaCorp -- DvddbSQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2007-02-06
7.0CVE-2007-0794
BUGTRAQ
Headstart Solutions -- DeskPROHeadstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.
unknown
2007-02-07
7.0CVE-2006-6973
OTHER-REF
Headstart Solutions -- DeskPROHeadstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.
unknown
2007-02-07
7.0CVE-2006-6974
OTHER-REF
HP -- Network Node Manager Remote ConsoleHP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.
unknown
2007-02-08
7.0CVE-2007-0819
FULLDISC
OTHER-REF
Hunkaray Duyuru -- ScriptiSQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-02
7.0CVE-2007-0688
OTHER-REF
Kisisel Site 2007 -- Kisisel Site forum.aspSQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
unknown
2007-02-07
7.0CVE-2007-0826
OTHER-REF
Les News -- Les NewsLes News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.
unknown
2007-02-07
7.0CVE-2007-0806
BUGTRAQ
OTHER-REF
LightRO -- Light RO CMSPHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
unknown
2007-02-07
7.0CVE-2007-0824
OTHER-REF
BID
Maian Recipe -- Maian RecipePHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
unknown
2007-02-08
7.0CVE-2007-0848
OTHER-REF
VIM
SECUNIA
Mambo -- MamboSQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via the unspecified vectors in cancel edit functions, possibly related to the id parameter.
unknown
2007-02-06
7.0CVE-2007-0789
OTHER-REF
FRSIRT
SECUNIA
Miguel Nunes -- Call of Duty 2 DreamStats SystemPHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
unknown
2007-02-05
7.0CVE-2007-0757
OTHER-REF
VIM
BID
Mina Ajans -- Mina Ajans ScriptPHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
unknown
2007-02-07
7.0CVE-2007-0808
BUGTRAQ
Mozilla -- BugzillaThe mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
unknown
2007-02-06
7.0CVE-2007-0792
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
MySQLNewsEngine -- MySQLNewsEnginePHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
unknown
2007-02-07
7.0CVE-2007-0828
BUGTRAQ
BID
Noname Media -- Photo Galerie StandardSQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-06
7.0CVE-2007-0786
OTHER-REF
BID
FRSIRT
Omegaboard -- OmegaboardPHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-02
7.0CVE-2007-0683
Milw0rm
OTHER-REF
OTHER-REF
Open Tibia Server CMS -- Open Tibia Server CMSSQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
unknown
2007-02-08
7.0CVE-2007-0847
OTHER-REF
BID
Phorum -- PhorumCross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-05
7.0CVE-2007-0767
OTHER-REF
FRSIRT
Phorum -- Phorum** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly."
unknown
2007-02-05
7.0CVE-2007-0769
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
phpBB -- ezBoard ConverterPHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
unknown
2007-02-05
7.0CVE-2007-0761
OTHER-REF
OTHER-REF
VIM
XF
phpBB++ -- phpBB++PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-05
7.0CVE-2007-0762
OTHER-REF
VIM
phpEventMan -- phpEventManMultiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
unknown
2007-02-03
7.0CVE-2007-0702
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
phpGraphy -- phpGraphyphpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.
unknown
2007-02-03
7.0CVE-2006-6966
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
PHPProbid -- PHPProbidPHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-05
7.0CVE-2007-0758
BID
Portail Web Php -- Portail Web PhpPHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
unknown
2007-02-03
7.0CVE-2007-0699
BUGTRAQ
VIM
BID
FRSIRT
Ptirhiikmods -- mod-CHPHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-07
7.0CVE-2007-0809
OTHER-REF
RBL -- tPasswordSQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.
unknown
2007-02-06
7.0CVE-2007-0784
BUGTRAQ
BUGTRAQ
OTHER-REF
VIM
Remotesoft -- .NET ExplorerStack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
unknown
2007-02-05
8.0CVE-2007-0766
OTHER-REF
BID
SmartFTP -- SmartFTPHeap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-06
7.0CVE-2007-0790
SECUNIA
Somery -- SomeryPHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.
unknown
2007-02-03
7.0CVE-2007-0704
OTHER-REF
VIM
SysCP Team -- SysCPscripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
unknown
2007-02-08
7.0CVE-2007-0850
BUGTRAQ
BID
TechExcel Inc. -- DevTrackCross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-08
7.0CVE-2007-0852
SECUNIA
TechExcel Inc. -- DevTrackSQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-08
7.0CVE-2007-0853
SECUNIA
Uapplication -- UblogSQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-02-06
7.0CVE-2007-0799
BUGTRAQ
OTHER-REF
BID
Umberto Caldera -- EasyMoblogMultiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
unknown
2007-02-05
7.0CVE-2007-0759
OTHER-REF
OTHER-REF
BID
SECUNIA
Valarsoft -- WebMaticMultiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
unknown
2007-02-07
7.0CVE-2007-0839
OTHER-REF
VIM
BID
vbDrupal -- vbDrupalMultiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
unknown
2007-02-07
7.0CVE-2007-0841
OTHER-REF
FRSIRT
SECUNIA
Wap -- Wap Portal ServerMultiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.
unknown
2007-02-06
7.0CVE-2007-0795
BUGTRAQ
WebBuilder -- WebBuilderPHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.
unknown
2007-02-03
7.0CVE-2007-0703
OTHER-REF
VIM
FRSIRT
Woltlab -- Burning Board LiteSQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
unknown
2007-02-07
7.0CVE-2007-0812
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amarok -- AmarokThe ruby handlers in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
unknown
2007-02-08
5.6CVE-2006-6979
OTHER-REF
SUSE
SECUNIA
CentiPaid -- CentiPaid** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.
unknown
2007-02-08
5.6CVE-2006-6975
BUGTRAQ
BUGTRAQ
BUGTRAQ
OSVDB
Coppermine -- Coppermine Photo Galleryadmin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
4.2CVE-2007-0835
BID
SECUNIA
XF
F3Site -- F3SiteUnrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
unknown
2007-02-05
4.2CVE-2007-0764
OTHER-REF
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net PortalCross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
unknown
2007-02-03
5.6CVE-2007-0696
OTHER-REF
FRSIRT
XF
FreeTextBox -- FreeTextBoxCross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
unknown
2007-02-08
5.6CVE-2006-6977
BUGTRAQ
OTHER-REF
XF
GOM Player -- GOM PlayerStack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-03
5.6CVE-2007-0707
OTHER-REF
SECUNIA
HLstats -- HLstatsCross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
unknown
2007-02-07
5.6CVE-2007-0840
OTHER-REF
BID
SECUNIA
Jelsoft -- VBulletin** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040.
unknown
2007-02-07
4.2CVE-2007-0830
BUGTRAQ
BUGTRAQ
XF
Jetty -- Jetty HTTP ServerJetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
unknown
2007-02-07
5.6CVE-2006-6969
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
MandrakeSoft -- Mandrake LinuxSoft
Debian -- Debian Linux
Samba -- Samba
MandrakeSoft -- Mandrake Corporate Server
Format string vulnerability in the afsacl.so VFS module Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
unknown
2007-02-05
4.9CVE-2007-0454
BUGTRAQ
BID
Mentiss ACGV -- ACGVannuindex2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
4.7CVE-2007-0697
OTHER-REF
BID
FRSIRT
XF
Mentiss ACGV -- ACGVannuMultiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-03
5.6CVE-2007-0698
FRSIRT
Michelle -- L2J DropCalcSQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.
unknown
2007-02-02
4.2CVE-2007-0687
OTHER-REF
BID
XF
Mozilla -- Firefox
Opera Software -- Opera
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
unknown
2007-02-07
4.9CVE-2006-6970
BUGTRAQ
OTHER-REF
Mozilla -- FirefoxMozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
unknown
2007-02-07
4.9CVE-2006-6971
OTHER-REF
OTHER-REF
Mozilla -- Firefox
Opera Software -- Opera
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
unknown
2007-02-07
4.9CVE-2007-0802
BUGTRAQ
OTHER-REF
OTHER-REF
Open Tibia Server CMS -- Open Tibia Server CMSCross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.
unknown
2007-02-08
5.6CVE-2007-0846
OTHER-REF
BID
pam_ssh -- pam_sshThe auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
unknown
2007-02-08
4.7CVE-2007-0844
OTHER-REF
FRSIRT
SECUNIA
PostgreSQL -- PostgreSQLPostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
unknown
2007-02-05
4.0CVE-2007-0555
OTHER-REF
UBUNTU
FRSIRT
SECUNIA
Samba -- SambaBuffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
unknown
2007-02-05
4.9CVE-2007-0453
BUGTRAQ
Simple Invoices -- Simple InvoicesPHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-02-06
5.6CVE-2007-0787
OTHER-REF
SECUNIA
STLport -- STLportMultiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."
unknown
2007-02-07
5.6CVE-2007-0803
OTHER-REF
BID
SECUNIA
Trend Micro -- Scan EngineBuffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before virus pattern file 4.245.00, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
unknown
2007-02-08
5.6CVE-2007-0851
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Yahoo! -- MessengerMultiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
unknown
2007-02-05
5.6CVE-2007-0768
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3proxy -- 3proxy3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.
unknown
2007-02-08
2.3CVE-2006-6981
OTHER-REF
3proxy -- 3proxy3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.
unknown
2007-02-08
2.3CVE-2006-6982
OTHER-REF
Adobe -- ColdFusion MXCross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
unknown
2007-02-07
1.9CVE-2007-0817
BUGTRAQ
BID
Adrenalin Labs -- Adrenalin's ASP ChatMultiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.
unknown
2007-02-07
1.9CVE-2007-0814
BUGTRAQ
OTHER-REF
BID
ALWIL -- Avast! Antivirus Server Editionavast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
unknown
2007-02-07
3.9CVE-2007-0829
OTHER-REF
BID
FRSIRT
SECUNIA
Cedric -- CLAIRE PortailPhpMultiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
2.3CVE-2007-0821
BID
Check Point Software -- Firewall-1Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).
unknown
2007-02-03
3.3CVE-2006-6967
OTHER-REF
OSVDB
Chicken of the VNC -- Chicken of the VNCChicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
unknown
2007-02-05
3.3CVE-2007-0756
BUGTRAQ
BID
Computer Associates -- BrightStor ARCServe BackupCA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup r11.5 SP2 allows remote attackers to cause a denial of service (crash) via a crafted TADDR2UADDR that triggers a null pointer dereference, possibly related to null credentials or verifier fields.
unknown
2007-02-07
2.3CVE-2007-0816
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Coppermine -- Coppermine Photo Galleryadmin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
1.4CVE-2007-0836
BID
SECUNIA
XF
FlashFXP -- FlashFXPFlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.
unknown
2007-02-07
3.3CVE-2007-0825
OTHER-REF
BID
FreeProxy -- FreeProxyFreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.
unknown
2007-02-07
2.3CVE-2007-0838
BUGTRAQ
FULLDISC
OTHER-REF
FRSIRT
Home production -- MySearchEngineCross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-07
1.9CVE-2007-0813
BUGTRAQ
OTHER-REF
BID
HP -- Tru64 UNIXThe ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.
unknown
2007-02-07
1.6CVE-2007-0805
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
SECUNIA
HP -- HP-UXUnspecified vulnerability in HP-UX B.11.23, when running IPFilter with PHNE_34474 applied, allows remote attackers to cause an unknown denial of service via unknown vectors.
unknown
2007-02-07
1.9CVE-2007-0818
HP
Intel -- 2200BG PROSet/WirelessThe Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
unknown
2007-02-02
2.7CVE-2007-0686
OTHER-REF
Linux -- Linux kernelThe key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows remote attackers to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
unknown
2007-02-06
1.3CVE-2007-0006
OTHER-REF
OTHER-REF
Linux -- Linux kernelumount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
unknown
2007-02-07
1.3CVE-2007-0822
FULLDISC
OTHER-REF
magnatune.com -- album browserThe magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.
unknown
2007-02-08
1.9CVE-2006-6980
SUSE
SECUNIA
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."
unknown
2007-02-06
1.9CVE-2007-0788
OTHER-REF
SECUNIA
Microsoft -- Windows MobileInternet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
unknown
2007-02-02
1.9CVE-2007-0685
OTHER-REF
BID
FRSIRT
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
unknown
2007-02-07
1.9CVE-2007-0811
OTHER-REF
OTHER-REF
Mozilla -- BugzillaCross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-06
2.3CVE-2007-0791
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Mozilla -- FirefoxCross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
unknown
2007-02-07
1.9CVE-2007-0800
BUGTRAQ
BUGTRAQ
BID
Mozilla -- FirefoxThe nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.
unknown
2007-02-07
1.9CVE-2007-0801
BUGTRAQ
BUGTRAQ
BID
Phorum -- PhorumCross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-05
3.7CVE-2006-6968
OTHER-REF
FRSIRT
phpBB Group -- phpBBphpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
unknown
2007-02-08
2.3CVE-2006-2219
BUGTRAQ
BUGTRAQ
FULLDISC
XF
phpBB Group -- phpBBphpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
unknown
2007-02-08
2.3CVE-2006-2220
BUGTRAQ
BUGTRAQ
FULLDISC
XF
Portail Web Php -- Portail Web PhpDirectory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
unknown
2007-02-03
2.3CVE-2007-0700
BUGTRAQ
VIM
VIM
VIM
BID
PostgreSQL -- PostgreSQLThe query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
unknown
2007-02-05
3.2CVE-2007-0556
OTHER-REF
UBUNTU
FRSIRT
SECUNIA
Samba -- Sambasmbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
unknown
2007-02-05
2.0CVE-2007-0452
BUGTRAQ
SGI -- ProPackSGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information.
unknown
2007-02-06
1.3CVE-2006-1167
SGI
OSVDB
Slackware -- Slackware Linuxxterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.
unknown
2007-02-07
1.3CVE-2007-0823
FULLDISC
OTHER-REF
Smb4k -- Smb4kMultiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
unknown
2007-02-03
3.9CVE-2007-0472
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kThe writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
unknown
2007-02-03
1.3CVE-2007-0473
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kSmb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
unknown
2007-02-03
2.6CVE-2007-0474
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kMultiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
unknown
2007-02-03
3.9CVE-2007-0475
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Uapplication -- Ublog ReloadMultiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.
unknown
2007-02-06
1.9CVE-2007-0798
BUGTRAQ
OTHER-REF
BID
XF
Uapplication -- uPhotoGalleryCross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
unknown
2007-02-07
1.9CVE-2007-0815
BUGTRAQ
BID
VMWare -- VMWare WorkstationVMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
unknown
2007-02-07
1.3CVE-2007-0832
BUGTRAQ
BID
VMWare -- VMWare WorkstationVMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.
unknown
2007-02-07
1.3CVE-2007-0833
BUGTRAQ
BID

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Poll -- Advanced Polladmin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.
unknown
2007-02-08
7.0CVE-2007-0845
OTHER-REF
BID
AgerMenu -- AgerMenuPHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
unknown
2007-02-07
7.0CVE-2007-0837
OTHER-REF
VIM
VIM
FRSIRT
Alibaba -- Alipay ActiveX controlHeap-based buffer overflow in the Alibaba Alipay ActiveX control allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument.
unknown
2007-02-07
7.0CVE-2007-0827
OTHER-REF
Atsphp -- Atsphp** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.
unknown
2007-02-07
7.0CVE-2007-0831
BUGTRAQ
BUGTRAQ
Barron McCann -- Install
Barron McCann -- X-Kryptor Driver
Barron McCann -- X-Kryptor Secure Client
Barron McCann -- Xgntr
Unspecified vulnerability in Barron McCann X-Kryptor Driver BMS1446HRR, Xgntr BMS1351, and Install BMS1472 in X-Kryptor Secure Client allows local users to gain privileges via unknown vectors.
unknown
2007-02-03
7.0CVE-2007-0436
OTHER-REF
OTHER-REF
Blue Coat Systems -- WinProxyBlue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.
unknown
2007-02-06
7.0CVE-2007-0796
IDEFENSE
FRSIRT
Bluevirus-design -- SMA-DBPHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.
unknown
2007-02-06
7.0CVE-2007-0797
OTHER-REF
BID
BtitTracker -- BtitTrackerSQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. NOTE: it is not clear whether this issue is exploitable.
unknown
2007-02-07
7.0CVE-2006-6972
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
Cedric -- CLAIRE PortailPhpMultiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
7.0CVE-2007-0820
BID
CentiPaid -- CentiPaidPHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.
unknown
2007-02-08
7.0CVE-2006-6976
OTHER-REF
VIM
XF
Comodo -- Comodo Firewall Procmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
unknown
2007-02-03
7.0CVE-2007-0708
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Comodo -- Comodo Firewall Procmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
unknown
2007-02-03
7.0CVE-2007-0709
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Darrens $5 Script Archive -- FlashChatCross-site scripting (XSS) vulnerability in index.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.
unknown
2007-02-07
7.0CVE-2007-0807
BUGTRAQ
Darrens $5 Script Archive -- FlashChatCross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
7.0CVE-2007-0834
SECUNIA
dB Masters Multimedia -- Curium CMSSQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.
unknown
2007-02-05
7.0CVE-2007-0765
OTHER-REF
BID
XF
Epistemon -- EpistemonPHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
unknown
2007-02-03
7.0CVE-2007-0701
Milw0rm
VIM
BID
FRSIRT
EQdkp -- EQdkpEQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.
unknown
2007-02-05
10.0CVE-2007-0760
OTHER-REF
BID
F3Site -- F3SiteCross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.
unknown
2007-02-05
7.0CVE-2007-0763
OTHER-REF
BID
FCKeditor -- FCKeditorCross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
unknown
2007-02-08
7.0CVE-2006-6978
BUGTRAQ
OTHER-REF
XF
Fenrir -- Darksky RSS barCross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
7.0CVE-2007-0706
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
Fenrir & Co -- Portable Sleipnir
Fenrir & Co -- Sleipnir
Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
7.0CVE-2007-0705
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Flipsource -- FlipPHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
unknown
2007-02-06
7.0CVE-2007-0785
OTHER-REF
BID
FRSIRT
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net PortalMultiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protections chemes, not the vulnerable functions.
unknown
2007-02-03
7.0CVE-2007-0695
OTHER-REF
VIM
FRSIRT
XF
Geeklog -- GeeklogPHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. NOTE: this might be a vulnerability in MVCnPHP rather than a vulnerability in GeekLog.
unknown
2007-02-07
7.0CVE-2007-0810
OTHER-REF
GGCMS -- GGCMSDirectory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
unknown
2007-02-07
7.0CVE-2007-0804
OTHER-REF
BID
FRSIRT
XF
GlobalMegaCorp -- DvddbPHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.
unknown
2007-02-06
7.0CVE-2007-0793
BUGTRAQ
GlobalMegaCorp -- DvddbSQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2007-02-06
7.0CVE-2007-0794
BUGTRAQ
Headstart Solutions -- DeskPROHeadstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.
unknown
2007-02-07
7.0CVE-2006-6973
OTHER-REF
Headstart Solutions -- DeskPROHeadstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.
unknown
2007-02-07
7.0CVE-2006-6974
OTHER-REF
HP -- Network Node Manager Remote ConsoleHP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.
unknown
2007-02-08
7.0CVE-2007-0819
FULLDISC
OTHER-REF
Hunkaray Duyuru -- ScriptiSQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-02
7.0CVE-2007-0688
OTHER-REF
Kisisel Site 2007 -- Kisisel Site forum.aspSQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
unknown
2007-02-07
7.0CVE-2007-0826
OTHER-REF
Les News -- Les NewsLes News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.
unknown
2007-02-07
7.0CVE-2007-0806
BUGTRAQ
OTHER-REF
LightRO -- Light RO CMSPHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.
unknown
2007-02-07
7.0CVE-2007-0824
OTHER-REF
BID
Maian Recipe -- Maian RecipePHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
unknown
2007-02-08
7.0CVE-2007-0848
OTHER-REF
VIM
SECUNIA
Mambo -- MamboSQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via the unspecified vectors in cancel edit functions, possibly related to the id parameter.
unknown
2007-02-06
7.0CVE-2007-0789
OTHER-REF
FRSIRT
SECUNIA
Miguel Nunes -- Call of Duty 2 DreamStats SystemPHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
unknown
2007-02-05
7.0CVE-2007-0757
OTHER-REF
VIM
BID
Mina Ajans -- Mina Ajans ScriptPHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.
unknown
2007-02-07
7.0CVE-2007-0808
BUGTRAQ
Mozilla -- BugzillaThe mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
unknown
2007-02-06
7.0CVE-2007-0792
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
MySQLNewsEngine -- MySQLNewsEnginePHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.
unknown
2007-02-07
7.0CVE-2007-0828
BUGTRAQ
BID
Noname Media -- Photo Galerie StandardSQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-02-06
7.0CVE-2007-0786
OTHER-REF
BID
FRSIRT
Omegaboard -- OmegaboardPHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-02
7.0CVE-2007-0683
Milw0rm
OTHER-REF
OTHER-REF
Open Tibia Server CMS -- Open Tibia Server CMSSQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.
unknown
2007-02-08
7.0CVE-2007-0847
OTHER-REF
BID
Phorum -- PhorumCross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-05
7.0CVE-2007-0767
OTHER-REF
FRSIRT
Phorum -- Phorum** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly."
unknown
2007-02-05
7.0CVE-2007-0769
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
phpBB -- ezBoard ConverterPHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.
unknown
2007-02-05
7.0CVE-2007-0761
OTHER-REF
OTHER-REF
VIM
XF
phpBB++ -- phpBB++PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-05
7.0CVE-2007-0762
OTHER-REF
VIM
phpEventMan -- phpEventManMultiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.
unknown
2007-02-03
7.0CVE-2007-0702
OTHER-REF
VIM
BID
FRSIRT
SECUNIA
phpGraphy -- phpGraphyphpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.
unknown
2007-02-03
7.0CVE-2006-6966
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
PHPProbid -- PHPProbidPHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-05
7.0CVE-2007-0758
BID
Portail Web Php -- Portail Web PhpPHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
unknown
2007-02-03
7.0CVE-2007-0699
BUGTRAQ
VIM
BID
FRSIRT
Ptirhiikmods -- mod-CHPHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-02-07
7.0CVE-2007-0809
OTHER-REF
RBL -- tPasswordSQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.
unknown
2007-02-06
7.0CVE-2007-0784
BUGTRAQ
BUGTRAQ
OTHER-REF
VIM
Remotesoft -- .NET ExplorerStack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
unknown
2007-02-05
8.0CVE-2007-0766
OTHER-REF
BID
SmartFTP -- SmartFTPHeap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-06
7.0CVE-2007-0790
SECUNIA
Somery -- SomeryPHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.
unknown
2007-02-03
7.0CVE-2007-0704
OTHER-REF
VIM
SysCP Team -- SysCPscripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.
unknown
2007-02-08
7.0CVE-2007-0850
BUGTRAQ
BID
TechExcel Inc. -- DevTrackCross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-08
7.0CVE-2007-0852
SECUNIA
TechExcel Inc. -- DevTrackSQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-08
7.0CVE-2007-0853
SECUNIA
Uapplication -- UblogSQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-02-06
7.0CVE-2007-0799
BUGTRAQ
OTHER-REF
BID
Umberto Caldera -- EasyMoblogMultiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.
unknown
2007-02-05
7.0CVE-2007-0759
OTHER-REF
OTHER-REF
BID
SECUNIA
Valarsoft -- WebMaticMultiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.
unknown
2007-02-07
7.0CVE-2007-0839
OTHER-REF
VIM
BID
vbDrupal -- vbDrupalMultiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
unknown
2007-02-07
7.0CVE-2007-0841
OTHER-REF
FRSIRT
SECUNIA
Wap -- Wap Portal ServerMultiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.
unknown
2007-02-06
7.0CVE-2007-0795
BUGTRAQ
WebBuilder -- WebBuilderPHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.
unknown
2007-02-03
7.0CVE-2007-0703
OTHER-REF
VIM
FRSIRT
Woltlab -- Burning Board LiteSQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
unknown
2007-02-07
7.0CVE-2007-0812
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amarok -- AmarokThe ruby handlers in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.
unknown
2007-02-08
5.6CVE-2006-6979
OTHER-REF
SUSE
SECUNIA
CentiPaid -- CentiPaid** DISPUTED ** PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement.
unknown
2007-02-08
5.6CVE-2006-6975
BUGTRAQ
BUGTRAQ
BUGTRAQ
OSVDB
Coppermine -- Coppermine Photo Galleryadmin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
4.2CVE-2007-0835
BID
SECUNIA
XF
F3Site -- F3SiteUnrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
unknown
2007-02-05
4.2CVE-2007-0764
OTHER-REF
Free LAN In(tra|ter)net Portal -- Free LAN In(tra|ter)net PortalCross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
unknown
2007-02-03
5.6CVE-2007-0696
OTHER-REF
FRSIRT
XF
FreeTextBox -- FreeTextBoxCross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
unknown
2007-02-08
5.6CVE-2006-6977
BUGTRAQ
OTHER-REF
XF
GOM Player -- GOM PlayerStack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-03
5.6CVE-2007-0707
OTHER-REF
SECUNIA
HLstats -- HLstatsCross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.
unknown
2007-02-07
5.6CVE-2007-0840
OTHER-REF
BID
SECUNIA
Jelsoft -- VBulletin** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Manager, (2) User Rank Manager, (3) User Title Manager, (4) BB Code Manager, (5) Attachment Manager, (6) Calendar Manager, and (7) Forums & Moderators functions. NOTE: the vendor disputes this issue, stating that modifying HTML is an intended privilege of an administrator. NOTE: it is possible that this issue overlaps CVE-2006-6040.
unknown
2007-02-07
4.2CVE-2007-0830
BUGTRAQ
BUGTRAQ
XF
Jetty -- Jetty HTTP ServerJetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.
unknown
2007-02-07
5.6CVE-2006-6969
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
MandrakeSoft -- Mandrake LinuxSoft
Debian -- Debian Linux
Samba -- Samba
MandrakeSoft -- Mandrake Corporate Server
Format string vulnerability in the afsacl.so VFS module Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
unknown
2007-02-05
4.9CVE-2007-0454
BUGTRAQ
BID
Mentiss ACGV -- ACGVannuindex2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information.
unknown
2007-02-03
4.7CVE-2007-0697
OTHER-REF
BID
FRSIRT
XF
Mentiss ACGV -- ACGVannuMultiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-03
5.6CVE-2007-0698
FRSIRT
Michelle -- L2J DropCalcSQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.
unknown
2007-02-02
4.2CVE-2007-0687
OTHER-REF
BID
XF
Mozilla -- Firefox
Opera Software -- Opera
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
unknown
2007-02-07
4.9CVE-2006-6970
BUGTRAQ
OTHER-REF
Mozilla -- FirefoxMozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.
unknown
2007-02-07
4.9CVE-2006-6971
OTHER-REF
OTHER-REF
Mozilla -- Firefox
Opera Software -- Opera
Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.
unknown
2007-02-07
4.9CVE-2007-0802
BUGTRAQ
OTHER-REF
OTHER-REF
Open Tibia Server CMS -- Open Tibia Server CMSCross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.
unknown
2007-02-08
5.6CVE-2007-0846
OTHER-REF
BID
pam_ssh -- pam_sshThe auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.
unknown
2007-02-08
4.7CVE-2007-0844
OTHER-REF
FRSIRT
SECUNIA
PostgreSQL -- PostgreSQLPostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content.
unknown
2007-02-05
4.0CVE-2007-0555
OTHER-REF
UBUNTU
FRSIRT
SECUNIA
Samba -- SambaBuffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
unknown
2007-02-05
4.9CVE-2007-0453
BUGTRAQ
Simple Invoices -- Simple InvoicesPHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-02-06
5.6CVE-2007-0787
OTHER-REF
SECUNIA
STLport -- STLportMultiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."
unknown
2007-02-07
5.6CVE-2007-0803
OTHER-REF
BID
SECUNIA
Trend Micro -- Scan EngineBuffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before virus pattern file 4.245.00, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
unknown
2007-02-08
5.6CVE-2007-0851
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Yahoo! -- MessengerMultiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. NOTE: some of these details are obtained from third party information.
unknown
2007-02-05
5.6CVE-2007-0768
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3proxy -- 3proxy3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.
unknown
2007-02-08
2.3CVE-2006-6981
OTHER-REF
3proxy -- 3proxy3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.
unknown
2007-02-08
2.3CVE-2006-6982
OTHER-REF
Adobe -- ColdFusion MXCross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.
unknown
2007-02-07
1.9CVE-2007-0817
BUGTRAQ
BID
Adrenalin Labs -- Adrenalin's ASP ChatMultiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.
unknown
2007-02-07
1.9CVE-2007-0814
BUGTRAQ
OTHER-REF
BID
ALWIL -- Avast! Antivirus Server Editionavast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.
unknown
2007-02-07
3.9CVE-2007-0829
OTHER-REF
BID
FRSIRT
SECUNIA
Cedric -- CLAIRE PortailPhpMultiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. (dot dot) in the chemin parameter to (1) mod_news/index.php or (2) mod_news/goodies.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
2.3CVE-2007-0821
BID
Check Point Software -- Firewall-1Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).
unknown
2007-02-03
3.3CVE-2006-6967
OTHER-REF
OSVDB
Chicken of the VNC -- Chicken of the VNCChicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
unknown
2007-02-05
3.3CVE-2007-0756
BUGTRAQ
BID
Computer Associates -- BrightStor ARCServe BackupCA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup r11.5 SP2 allows remote attackers to cause a denial of service (crash) via a crafted TADDR2UADDR that triggers a null pointer dereference, possibly related to null credentials or verifier fields.
unknown
2007-02-07
2.3CVE-2007-0816
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Coppermine -- Coppermine Photo Galleryadmin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-07
1.4CVE-2007-0836
BID
SECUNIA
XF
FlashFXP -- FlashFXPFlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.
unknown
2007-02-07
3.3CVE-2007-0825
OTHER-REF
BID
FreeProxy -- FreeProxyFreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.
unknown
2007-02-07
2.3CVE-2007-0838
BUGTRAQ
FULLDISC
OTHER-REF
FRSIRT
Home production -- MySearchEngineCross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-07
1.9CVE-2007-0813
BUGTRAQ
OTHER-REF
BID
HP -- Tru64 UNIXThe ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.
unknown
2007-02-07
1.6CVE-2007-0805
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
SECUNIA
HP -- HP-UXUnspecified vulnerability in HP-UX B.11.23, when running IPFilter with PHNE_34474 applied, allows remote attackers to cause an unknown denial of service via unknown vectors.
unknown
2007-02-07
1.9CVE-2007-0818
HP
Intel -- 2200BG PROSet/WirelessThe Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
unknown
2007-02-02
2.7CVE-2007-0686
OTHER-REF
Linux -- Linux kernelThe key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows remote attackers to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion."
unknown
2007-02-06
1.3CVE-2007-0006
OTHER-REF
OTHER-REF
Linux -- Linux kernelumount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.
unknown
2007-02-07
1.3CVE-2007-0822
FULLDISC
OTHER-REF
magnatune.com -- album browserThe magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.
unknown
2007-02-08
1.9CVE-2006-6980
SUSE
SECUNIA
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."
unknown
2007-02-06
1.9CVE-2007-0788
OTHER-REF
SECUNIA
Microsoft -- Windows MobileInternet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.
unknown
2007-02-02
1.9CVE-2007-0685
OTHER-REF
BID
FRSIRT
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
unknown
2007-02-07
1.9CVE-2007-0811
OTHER-REF
OTHER-REF
Mozilla -- BugzillaCross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-06
2.3CVE-2007-0791
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Mozilla -- FirefoxCross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
unknown
2007-02-07
1.9CVE-2007-0800
BUGTRAQ
BUGTRAQ
BID
Mozilla -- FirefoxThe nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.
unknown
2007-02-07
1.9CVE-2007-0801
BUGTRAQ
BUGTRAQ
BID
Phorum -- PhorumCross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-02-05
3.7CVE-2006-6968
OTHER-REF
FRSIRT
phpBB Group -- phpBBphpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
unknown
2007-02-08
2.3CVE-2006-2219
BUGTRAQ
BUGTRAQ
FULLDISC
XF
phpBB Group -- phpBBphpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
unknown
2007-02-08
2.3CVE-2006-2220
BUGTRAQ
BUGTRAQ
FULLDISC
XF
Portail Web Php -- Portail Web PhpDirectory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
unknown
2007-02-03
2.3CVE-2007-0700
BUGTRAQ
VIM
VIM
VIM
BID
PostgreSQL -- PostgreSQLThe query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.
unknown
2007-02-05
3.2CVE-2007-0556
OTHER-REF
UBUNTU
FRSIRT
SECUNIA
Samba -- Sambasmbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.
unknown
2007-02-05
2.0CVE-2007-0452
BUGTRAQ
SGI -- ProPackSGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information.
unknown
2007-02-06
1.3CVE-2006-1167
SGI
OSVDB
Slackware -- Slackware Linuxxterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.
unknown
2007-02-07
1.3CVE-2007-0823
FULLDISC
OTHER-REF
Smb4k -- Smb4kMultiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
unknown
2007-02-03
3.9CVE-2007-0472
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kThe writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
unknown
2007-02-03
1.3CVE-2007-0473
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kSmb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
unknown
2007-02-03
2.6CVE-2007-0474
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Smb4k -- Smb4kMultiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
unknown
2007-02-03
3.9CVE-2007-0475
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Uapplication -- Ublog ReloadMultiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.
unknown
2007-02-06
1.9CVE-2007-0798
BUGTRAQ
OTHER-REF
BID
XF
Uapplication -- uPhotoGalleryCross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
unknown
2007-02-07
1.9CVE-2007-0815
BUGTRAQ
BID
VMWare -- VMWare WorkstationVMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.
unknown
2007-02-07
1.3CVE-2007-0832
BUGTRAQ
BID
VMWare -- VMWare WorkstationVMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.
unknown
2007-02-07
1.3CVE-2007-0833
BUGTRAQ
BID

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top