Vulnerability Summary for the Week of February 12, 2007

Released
Feb 19, 2007
Document ID
SB07-050

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- ColdFusion MXCross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
unknown
2007-02-13
7.0CVE-2006-5859
OTHER-REF
Adobe -- ColdFusion Server MX Enterprise
Adobe -- ColdFusion MX Enterprise Multi-Server Edition
Adobe -- JRun
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
unknown
2007-02-13
7.0CVE-2006-5860
OTHER-REF
BID
Allons_voter -- Allons_voterAllons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.
unknown
2007-02-12
7.0CVE-2007-0874
BUGTRAQ
OTHER-REF
BID
Apache Stats -- Apache StatsVariable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
unknown
2007-02-14
7.0CVE-2007-0930
OTHER-REF
BID
FRSIRT
Aruba -- Mobility Controller
OmniAccess -- OmniAccess Wireless
Buffer overflow in the management interface for Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long credential strings.
unknown
2007-02-14
7.0CVE-2007-0931
BUGTRAQ
FULLDISC
CERT-VN
Aruba -- Mobility Controller
OmniAccess -- OmniAccess Wireless
Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, and 6000, and OmniAccess Wireless 43xx and 6000, running software after 2.0, allows remote attackers to gain access to the WLAN or administration interface by using the guest logon name without a password.
unknown
2007-02-14
7.0CVE-2007-0932
FULLDISC
CERT-VN
BloggIT -- BloggITadmin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.
unknown
2007-02-14
7.0CVE-2006-7014
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- IOSThe Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.
unknown
2007-02-13
7.0CVE-2007-0917
CISCO
SECTRACK
Develooping -- Flash Chat** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value.
unknown
2007-02-14
7.0CVE-2006-7011
VIM
BID
XF
eXtremePow -- eXtreme File HostingUnrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.
unknown
2007-02-12
7.0CVE-2007-0871
BUGTRAQ
BID
Fullaspsite -- ASP Hosting SiteCross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
unknown
2007-02-14
7.0CVE-2007-0950
BUGTRAQ
BID
Fullaspsite -- ASP Hosting SiteSQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-02-14
7.0CVE-2007-0951
BUGTRAQ
BID
FusionPhp -- Fusion PollsPHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
unknown
2007-02-12
7.0CVE-2006-7003
BUGTRAQ
BUGTRAQ
fx-APP -- fx-APPThe Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.
unknown
2007-02-14
10.0CVE-2006-7022
BUGTRAQ
BID
XF
Gecad Technologies -- Axigen Mail ServerHeap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
unknown
2007-02-12
10.0CVE-2007-0886
FULLDISC
OTHER-REF
BID
XF
GraphicsMagick -- GraphicsMagick
ImageMagick -- ImageMagick
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
unknown
2007-02-12
8.0CVE-2007-0770
BUGTRAQ
OTHER-REF
MANDRIVA
Harpia -- Harpia CMSMultiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.
unknown
2007-02-14
7.0CVE-2006-7024
MILW0RM
BID
XF
HP -- HP-UXDistributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
unknown
2007-02-13
10.0CVE-2007-0915
HP
BID
SECTRACK
iTinySoft Studio -- Total Video PlayerStack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-14
10.0CVE-2007-0949
BID
SECUNIA
Jobline -- Jobline** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.
unknown
2007-02-14
10.0CVE-2006-7015
BUGTRAQ
VIM
XF
Joomla! -- Joomla!Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
unknown
2007-02-12
7.0CVE-2006-7008
OTHER-REF
OSVDB
SECUNIA
Joomla! -- Joomla!Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
unknown
2007-02-12
7.0CVE-2006-7009
OTHER-REF
SECUNIA
Joomla! -- Joomla!The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
unknown
2007-02-12
7.0CVE-2006-7010
OTHER-REF
SECUNIA
JPortal -- JPortal Web ServerCross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
unknown
2007-02-13
8.0CVE-2007-0912
BUGTRAQ
Jupiter CMS -- Jupiter CMSDirectory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.
unknown
2007-02-16
7.0CVE-2007-0987
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
KvGuestbook -- KvGuestbookThe dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.
unknown
2007-02-14
7.0CVE-2007-0926
BUGTRAQ
LightRO -- LightRO CMSSQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
unknown
2007-02-13
7.0CVE-2007-0904
OTHER-REF
FRSIRT
XF
LizardTech -- DjVu Browser Plug-inMultiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-02-15
7.0CVE-2007-0324
BUGTRAQ
OTHER-REF
CERT-VN
BID
SECUNIA
Matthieu Aubry -- phpMyVisitesCRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".
unknown
2007-02-12
7.0CVE-2007-0892
FULLDISC
McRefer -- McReferSQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-02-12
7.0CVE-2007-0875
BUGTRAQ
OTHER-REF
BID
Microsoft -- Office 2004 for Mac
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Office 2000
Microsoft -- Office 2003
Microsoft -- Windows XP
Microsoft -- Office XP
Microsoft -- Learning Essentials
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
unknown
2007-02-13
8.0CVE-2006-1311
MS
Microsoft -- Step-by-Step Interactive TrainingThe Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via crafted bookmark link files, a different issue than CVE-2005-1212.
unknown
2007-02-13
8.0CVE-2006-3448
MS
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
unknown
2007-02-13
10.0CVE-2006-4697
MS
Microsoft -- Windows Defender
Microsoft -- Malware Protection Engine
Microsoft -- Windows Antigen
Microsoft -- Windows Live OneCare
Microsoft -- Windows Forefront Security
Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.
unknown
2007-02-13
8.0CVE-2006-5270
MS
Microsoft -- Visual Studio .NET
Microsoft -- Windows Server 2003
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2000 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
unknown
2007-02-13
8.0CVE-2007-0025
MS
Microsoft -- Windows 2003
Microsoft -- Windows 2000
Microsoft -- Windows XP
The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
unknown
2007-02-13
8.0CVE-2007-0026
MS
Microsoft -- WordMicrosoft Word 2002, 2003, and 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
unknown
2007-02-13
8.0CVE-2007-0208
MS
Microsoft -- WordMicrosoft Word 2000, 2002, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
unknown
2007-02-13
8.0CVE-2007-0209
MS
Microsoft -- Windows XPThe Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.
unknown
2007-02-13
7.0CVE-2007-0210
MS
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
unknown
2007-02-13
7.0CVE-2007-0211
MS
Microsoft -- XP
Microsoft -- Windows 2000
Microsoft -- Windows XP
Microsoft -- Windows 2003
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
unknown
2007-02-13
8.0CVE-2007-0214
MS
Microsoft -- Internet ExplorerThe wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
unknown
2007-02-13
10.0CVE-2007-0217
MS
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
unknown
2007-02-13
10.0CVE-2007-0219
MS
Microsoft -- WordUnspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
unknown
2007-02-11
8.0CVE-2007-0870
OTHER-REF
Microsoft -- PowerpointUnspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
unknown
2007-02-13
8.0CVE-2007-0913
OTHER-REF
NaboCorp Softwares -- NaboPollnabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.
unknown
2007-02-12
7.0CVE-2007-0873
BUGTRAQ
OTHER-REF
BID
Nicecoder -- indexuMultiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php,! (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_ad! d.php, (77) user_delete.php, (78) user_edit.php, (79) user_sea! rch.php, and (80) whos.php.
unknown
2007-02-14
7.0CVE-2006-7017
BUGTRAQ
SECTRACK
SECUNIA
XF
Oliver Georgi -- phpwcmsphpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
unknown
2007-02-14
10.0CVE-2006-7018
OTHER-REF
FRSIRT
SECUNIA
XF
Philboard -- PhilboardSQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
unknown
2007-02-14
7.0CVE-2007-0920
OTHER-REF
BID
XF
PHP -- PHP
Trustix -- Secure Linux
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
unknown
2007-02-13
7.0CVE-2007-0905
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHP
Trustix -- Secure Linux
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.
unknown
2007-02-13
7.0CVE-2007-0906
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHP
Trustix -- Secure Linux
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
unknown
2007-02-13
10.0CVE-2007-0909
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP Script Tools -- PSY AuctionSQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-12
7.0CVE-2006-7005
OTHER-REF
BID
phpjobboard -- phpjobboardphpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.
unknown
2007-02-14
7.0CVE-2006-7016
BUGTRAQ
VIM
OSVDB
XF
phpwcms -- phpwcmsphpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-14
7.0CVE-2006-7019
OTHER-REF
FRSIRT
SECUNIA
XF
Plume CMS -- Plume CMSPHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.
unknown
2007-02-14
7.0CVE-2006-7021
OTHER-REF
OTHER-REF
BID
SECTRACK
XF
Radical Technologies -- Portal SearchCross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.
unknown
2007-02-14
7.0CVE-2007-0922
BUGTRAQ
BID
Rainbow Portal -- Rainbow with the Zen
Rainbow Portal -- Rainbow.Zen
Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2007-02-12
7.0CVE-2007-0885
BUGTRAQ
Roaring Penguin -- MIMEDefangBuffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
unknown
2007-02-12
10.0CVE-2007-0884
MLIST
SECUNIA
Robin de Graff -- Somery** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals.
unknown
2007-02-12
7.0CVE-2006-7006
BUGTRAQ
OTHER-REF
OTHER-REF
VIM
BID
OSVDB
S.H.Mohanjith -- MOHA ChatMOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.
unknown
2007-02-14
7.0CVE-2007-0954
OTHER-REF
FRSIRT
Sage -- Sage++
Sage -- Sage
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/='SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
unknown
2007-02-13
7.0CVE-2007-0896
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
SCart -- SCartscart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
unknown
2007-02-14
10.0CVE-2006-7012
BUGTRAQ
MILW0RM
OTHER-REF
XF
Scriptsez.net -- Virtual CalendarMultiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.
unknown
2007-02-14
7.0CVE-2007-0952
BID
SECUNIA
XF
Simple Machines -- Simple Machines Forum** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue.
unknown
2007-02-14
7.0CVE-2006-7013
BUGTRAQ
SmidgeonSoft -- PEBrowseBuffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-12
8.0CVE-2007-0879
BID
Sun -- Solaris
Sun -- SunOS
The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
unknown
2007-02-12
10.0CVE-2007-0882
OTHER-REF
Milw0rm
TagIt! -- TagboardMultiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.
unknown
2007-02-13
7.0CVE-2007-0900
OTHER-REF
FRSIRT
Till Gerken -- phpPollsTill Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. NOTE: this issue might subsume CVE-2006-3764.
unknown
2007-02-14
7.0CVE-2007-0924
BUGTRAQ
BID
uTorrent -- uTorrentHeap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.
unknown
2007-02-14
7.0CVE-2007-0927
OTHER-REF
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Kiwi Enterprises -- Kiwi CatToolsDirectory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
unknown
2007-02-12
4.7CVE-2007-0888
BUGTRAQ
Kiwi Enterprises -- Kiwi CatToolsKiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.
unknown
2007-02-12
4.9CVE-2007-0889
BUGTRAQ
MailEnable -- MailEnable ProfessionalCross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
unknown
2007-02-15
5.6CVE-2007-0652
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
OPENi-CMS Group -- OPENi-CMSPHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. NOTE: vector 2 might be the same as CVE-2006-4750.
unknown
2007-02-12
5.6CVE-2007-0881
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHP
Trustix -- Secure Linux
Unspecified vulnerability PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
unknown
2007-02-13
4.9CVE-2007-0910
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP Script Tools -- PSY AuctionCross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-12
4.9CVE-2006-7004
OTHER-REF
BID
Process-one -- ejabberdUnspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
unknown
2007-02-13
4.9CVE-2007-0903
OTHER-REF
SECUNIA
Radical Technologies -- Portal SearchPortal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.
unknown
2007-02-14
6.7CVE-2007-0921
BUGTRAQ
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@mail -- @mailCross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
unknown
2007-02-14
1.9CVE-2007-0953
OTHER-REF
BID
FRSIRT
SECUNIA
Capital Request Forms -- Capital Request FormsCapital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.
unknown
2007-02-12
3.3CVE-2007-0880
BUGTRAQ
Cisco -- IOSThe ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (traffic loss) use regular expressions via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.
unknown
2007-02-13
2.3CVE-2007-0918
CISCO
SECTRACK
CommunityServer.org -- Community ServerCross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.
unknown
2007-02-14
1.9CVE-2007-0925
BUGTRAQ
BID
cPanel -- WebHost ManagerCross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
unknown
2007-02-12
2.3CVE-2007-0890
BUGTRAQ
OTHER-REF
BID
fx-APP -- fx-APPMultiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.
unknown
2007-02-14
1.9CVE-2006-7023
BUGTRAQ
BID
XF
Gecad Technologies -- Axigen Mail Serveraxigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
unknown
2007-02-12
3.3CVE-2007-0887
FULLDISC
OTHER-REF
BID
XF
Guillaume Fontaine -- PHP RRD BrowserDirectory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.
unknown
2007-02-14
2.3CVE-2007-0929
BUGTRAQ
OTHER-REF
XF
H. Nomura -- Tiny FTPdBuffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.
unknown
2007-02-12
3.3CVE-2006-7007
MILW0RM
OTHER-REF
OTHER-REF
OSVDB
Headstart Solutions -- DeskPROHeadstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.
unknown
2007-02-12
2.3CVE-2006-7000
OTHER-REF
HP -- HP-UXUnspecified vulnerability in the ARPA transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
unknown
2007-02-13
2.3CVE-2007-0916
HP
BID
SECTRACK
Linux -- Linux kernelLinux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
unknown
2007-02-15
2.3CVE-2007-0958
OTHER-REF
OTHER-REF
MailEnable -- MailEnable ProfessionalMultiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.
2007-02-06
2007-02-15
1.9CVE-2007-0651
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
MailEnable -- MailEnableThe NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
unknown
2007-02-14
3.3CVE-2007-0955
FULLDISC
SECUNIA
March Networks -- 4210 DVR
March Networks -- 3108 DVR
March Networks -- 4410 DVR
March Networks -- 3204 DVR
March Networks -- 4310 DVR
Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-12
2.3CVE-2007-0877
BID
Matthieu Aubry -- phpMyVisitesCross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
unknown
2007-02-12
1.9CVE-2007-0891
FULLDISC
SECUNIA
Matthieu Aubry -- phpMyVisitesDirectory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
unknown
2007-02-12
2.3CVE-2007-0893
FULLDISC
MediaWiki -- MediaWikiMediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.
unknown
2007-02-12
2.3CVE-2007-0894
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Microsoft -- Visual C++The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions.
unknown
2007-02-13
3.3CVE-2007-0842
BUGTRAQ
Microsoft -- Internet ExplorerUnspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.
unknown
2007-02-12
3.3CVE-2007-0878
BUGTRAQ
BUGTRAQ
BUGTRAQ
FULLDISC
BID
XF
MoinMoin -- MoinMoinMultiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-13
2.3CVE-2007-0901
SECUNIA
MoinMoin -- MoinMoinUnspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-13
2.3CVE-2007-0902
SECUNIA
Nickolas Grigoriadis -- Mini Web serverDirectory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.
unknown
2007-02-14
3.3CVE-2007-0919
BUGTRAQ
VIM
BID
Oliver Georgi -- phpwcmsCRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
unknown
2007-02-14
3.3CVE-2006-7020
OTHER-REF
FRSIRT
SECUNIA
XF
Palm -- TreoThe Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.
2006-08-14
2007-02-15
1.6CVE-2007-0859
BUGTRAQ
OTHER-REF
BID
PHP -- PHP
Trustix -- Secure Linux
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
unknown
2007-02-13
2.3CVE-2007-0907
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHP
Trustix -- Secure Linux
The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors.
unknown
2007-02-13
3.3CVE-2007-0908
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHPOff-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
unknown
2007-02-13
2.3CVE-2007-0911
MLIST
MLIST
OTHER-REF
BID
PhpMyChat Plus -- PhpMyChat PlusDirectory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-02-12
2.7CVE-2006-7001
SECUNIA
Plain Old Webserver -- Plain Old WebserverDirectory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2007-02-12
2.3CVE-2007-0872
FULLDISC
FULLDISC
OTHER-REF
BID
Qdig -- QdigCross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.
unknown
2007-02-12
1.9CVE-2007-0876
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
Radical Technologies -- Portal Searchbuscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.
unknown
2007-02-14
3.3CVE-2007-0923
BUGTRAQ
BID
Second Rule LLC -- IP3 NetAccessDirectory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
unknown
2007-02-12
2.3CVE-2007-0883
OTHER-REF
OTHER-REF
Sun -- SolarisRace condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.
unknown
2007-02-12
2.6CVE-2007-0895
SUNALERT
FRSIRT
SECUNIA
Sun -- SolarisRace condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.
unknown
2007-02-13
2.7CVE-2007-0914
SUNALERT
BID
Virtual Calendar -- Virtual CalendarVirtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.
unknown
2007-02-14
2.3CVE-2007-0928
BUGTRAQ
Wheatblog -- WheatblogCross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.
unknown
2007-02-12
2.3CVE-2006-7002
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.