U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-071)

Vulnerability Summary for the Week of March 5, 2007

Original release date: March 12, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Admin Phorum -- Admin PhorumPHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2007-03-02
7.0CVE-2007-1219
MILW0RM
BID
FRSIRT
AJ Forum -- AJ ForumSQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
unknown
2007-03-06
7.0CVE-2007-1295
MILW0RM
BID
SECUNIA
AJ Square -- AJ ClassifiedsSQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
unknown
2007-03-06
7.0CVE-2007-1296
MILW0RM
BID
AJ Square -- AJDatingSQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
unknown
2007-03-06
7.0CVE-2007-1297
MILW0RM
BID
AJ Square -- AJAuctionSQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
unknown
2007-03-06
7.0CVE-2007-1298
MILW0RM
BID
Angel Learning -- Learning Management SuiteSQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-03-03
7.0CVE-2007-1250
BUGTRAQ
BUGTRAQ
MILW0RM
BID
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
unknown
2007-03-05
8.0CVE-2007-0711
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
unknown
2007-03-05
8.0CVE-2007-0712
APPLE
OTHER-REF
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie, related to UDTA atoms.
unknown
2007-03-05
8.0CVE-2007-0714
APPLE
OTHER-REF
Apple -- AirPort ExtremeThe default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
unknown
2007-03-08
7.0CVE-2007-1338
OTHER-REF
Aspindir -- HazirSiteSQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
unknown
2007-03-07
7.0CVE-2006-7161
BUGTRAQ
BID
XF
Audins Audiens -- Audins AudiensSQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1242
BID
Audins Audiens -- Audins AudiensAudins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1243
BID
SECUNIA
XF
Bell Labs -- Plan 9Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
unknown
2007-03-02
7.0CVE-2007-1189
MILW0RM
MLIST
OTHER-REF
BID
BJ Sintay -- SiteXMultiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.
unknown
2007-03-03
7.0CVE-2007-1234
BUGTRAQ
BJ Sintay -- SiteXUnrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
unknown
2007-03-03
7.0CVE-2007-1235
BUGTRAQ
BJ Sintay -- SiteXsitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
unknown
2007-03-03
7.0CVE-2007-1237
BUGTRAQ
Call-Center-Software -- Call-Center-SoftwareSQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.
unknown
2007-03-07
7.0CVE-2006-7144
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
Cisco -- Catalyst 7600
Cisco -- Catalyst 6000
Cisco -- Catalyst 6500
Cisco -- Network Analysis Module
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
unknown
2007-03-03
10.0CVE-2007-1257
CISCO
Cisco -- Catalyst 6500Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
unknown
2007-03-03
7.0CVE-2007-1258
CISCO
Citrix -- Presentation Server ClientUnspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
unknown
2007-03-02
8.0CVE-2007-1196
Citrix
FRSIRT
Coalescent Systems -- freePBXPHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
unknown
2007-03-03
7.0CVE-2006-7107
MILW0RM
BID
XF
Cuttlefish Multimedia Ltd. -- Leicestershire communityPortals** DISPUTED ** PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions.
unknown
2007-03-07
8.0CVE-2006-7146
BUGTRAQ
BID
Cynux Softwares -- PHPMyDeskDirectory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
unknown
2007-03-05
10.0CVE-2006-7132
MILW0RM
XF
DBScripts -- DBImageGalleryMultiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.
unknown
2007-03-02
7.0CVE-2007-1164
MILW0RM
BID
DBScripts -- DBGuestbookMultiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.
unknown
2007-03-02
7.0CVE-2007-1165
MILW0RM
BID
Delmaa.com -- arabhostPHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
unknown
2007-03-02
7.0CVE-2007-1146
BUGTRAQ
VIM
dmxReady -- Site Engine ManagerSQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
unknown
2007-03-05
8.0CVE-2006-7118
BUGTRAQ
BID
XF
Docebo -- DoceboMultiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1240
OTHER-REF
BID
Dxmsoft -- XM Easy Personal FTP ServerMultiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
unknown
2007-03-02
7.0CVE-2007-1195
OTHER-REF
BID
Epiware -- EpiwareMultiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
unknown
2007-03-02
7.0CVE-2007-1197
OTHER-REF
Futomi's CGI Cafe -- KMail CGIUnspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.
unknown
2007-03-05
7.0CVE-2006-7111
OTHER-REF
BID
SECUNIA
XF
Gnu -- libtool-ltdlUntrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
unknown
2007-03-07
8.0CVE-2006-7151
BUGTRAQ
OTHER-REF
BID
Grok Developments -- NetProxyThe connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
unknown
2007-03-02
10.0CVE-2007-1225
MILW0RM
BID
FRSIRT
XF
Hitachi -- OSASUnspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".
unknown
2007-03-02
7.0CVE-2007-1223
OTHER-REF
XF
Icecast -- EzstreamMultiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
unknown
2007-03-08
8.0CVE-2007-1344
OTHER-REF
SECUNIA
JBoss -- JBossCross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
unknown
2007-03-02
8.0CVE-2007-1157
BUGTRAQ
BUGTRAQ
Jelsoft -- vBulletinSQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
unknown
2007-03-06
7.0CVE-2007-1292
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Jinzora -- JinzoraPHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
unknown
2007-03-05
10.0CVE-2006-7130
BUGTRAQ
MILW0RM
BID
XF
Jinzora -- JinzoraPHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
unknown
2007-03-05
10.0CVE-2006-7131
BUGTRAQ
MILW0RM
XF
Joomla! -- BSQ SitestatsCross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.
unknown
2007-03-05
7.0CVE-2006-7122
BUGTRAQ
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsMultiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
unknown
2007-03-05
7.0CVE-2006-7123
BUGTRAQ
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsPHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
2006-09-14
2007-03-05
7.0CVE-2006-7124
BUGTRAQ
OTHER-REF
OTHER-REF
BID
OSVDB
XF
KDE -- K-MailKmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
unknown
2007-03-07
7.0CVE-2006-7139
BUGTRAQ
BUGTRAQ
FULLDISC
BID
XF
Kubix -- KubixSQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
unknown
2007-03-05
10.0CVE-2006-7116
MILW0RM
BID
XF
Kubix -- KubixMultiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
unknown
2007-03-05
10.0CVE-2006-7117
MILW0RM
BID
XF
XF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
unknown
2007-03-07
10.0CVE-2007-1329
BUGTRAQ
SECTRACK
XF
Linux -- KernelBuffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
unknown
2007-03-02
7.0CVE-2007-1217
OTHER-REF
OTHER-REF
Mambo -- MostlyCEPHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-03-03
7.0CVE-2006-7104
BUGTRAQ
BID
XF
Mambo -- Mambo Open SourceMultiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
unknown
2007-03-07
7.0CVE-2006-7150
BUGTRAQ
OTHER-REF
BID
XF
Man Machine Systems -- JBrowserJBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
unknown
2007-03-02
7.0CVE-2007-1156
BUGTRAQ
OTHER-REF
Mani Stats Reader -- Mani Stats ReaderPHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
unknown
2007-03-06
7.0CVE-2007-1299
MILW0RM
BID
XF
Microsoft -- Xbox 360 kernelThe Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
unknown
2007-03-02
7.0CVE-2007-1221
BUGTRAQ
BID
MiniBB -- ForumPHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
unknown
2007-03-07
7.0CVE-2006-7153
BUGTRAQ
XF
MiniBB -- Keyword ReplacerPHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
unknown
2007-03-07
7.0CVE-2006-7156
MILW0RM
VIM
BID
FRSIRT
OSVDB
SECUNIA
Monitor-Line -- Links ManagementSQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
unknown
2007-03-08
7.0CVE-2007-1339
MILW0RM
BID
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.
unknown
2007-03-05
10.0CVE-2007-1282
REDHAT
OTHER-REF
OTHER-REF
Mplayer -- MplayerThe DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
unknown
2007-03-03
8.0CVE-2007-1246
OTHER-REF
OTHER-REF
FRSIRT
XF
Nabocorp -- nabopollSQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
unknown
2007-03-02
7.0CVE-2007-1166
BUGTRAQ
MILW0RM
BID
Noah Spurrier -- Upload Tool for PHPUnrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-05
10.0CVE-2006-7134
BID
FRSIRT
SECUNIA
XF
Novell -- BorderManagerNovell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286.
unknown
2007-03-07
7.0CVE-2006-7155
OTHER-REF
VIM
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Oracle -- Application ExpressCross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
unknown
2007-03-07
8.0CVE-2006-7158
BUGTRAQ
OTHER-REF
SECUNIA
XF
OrangeHRM -- OrangeHRMMultiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1193
OTHER-REF
BID
FRSIRT
OSU Open Source Lab -- Maintain** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php.
unknown
2007-03-05
10.0CVE-2006-7120
BUGTRAQ
BID
XF
Parallels -- Parallels DesktopParallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
unknown
2007-03-02
7.0CVE-2007-1222
MLIST
SECUNIA
PHP Poll Creator -- PHP Poll CreatorPHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
7.0CVE-2006-7135
SECUNIA
XF
phpBB -- Import ToolsPHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-03-07
7.0CVE-2006-7147
MILW0RM
BID
XF
phpBB -- maluinfoPHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
unknown
2007-03-07
7.0CVE-2006-7148
BUGTRAQ
BID
XF
PHPGiggle -- PHPGigglePHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
unknown
2007-03-05
7.0CVE-2006-7119
MILW0RM
XF
PHPKIT -- PHPKITSQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
unknown
2007-03-05
7.0CVE-2006-7115
BUGTRAQ
OTHER-REF
BID
OSVDB
SECUNIA
XF
phpMyAdmin -- phpMyAdminThe PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
unknown
2007-03-07
8.0CVE-2007-1325
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
phpPC -- PHP Poll CreatorMultiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.
unknown
2007-03-06
10.0CVE-2006-7136
MILW0RM
BID
SECUNIA
XF
Planerd.net -- P-NewsUnrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-05
10.0CVE-2006-7113
BID
FRSIRT
SECUNIA
XF
Planerd.net -- P-NewsP-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.
unknown
2007-03-05
10.0CVE-2006-7114
FRSIRT
SECUNIA
XF
PowerPhlogger -- PowerPhloggerPHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earllier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
unknown
2007-03-03
7.0CVE-2006-7106
MILW0RM
BID
BID
XF
Salims Softhouse -- JAF CMSMultiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
unknown
2007-03-05
7.0CVE-2006-7127
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Salims Softhouse -- JAF CMSPHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
unknown
2007-03-05
7.0CVE-2006-7128
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Sava's Place -- Sava's GuestbookMultiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
unknown
2007-03-06
7.0CVE-2007-1305
BUGTRAQ
BID
Serendipity -- SerendipitySQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
unknown
2007-03-07
7.0CVE-2007-1326
BUGTRAQ
XF
Smarty -- Smarty** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect.
unknown
2007-03-03
10.0CVE-2006-7105
FULLDISC
FULLDISC
BID
XF
SourceForge -- phpBurningPortalMultiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
unknown
2007-03-03
10.0CVE-2006-7102
MILW0RM
BID
XF
SQLite Manager -- SQLite ManagerDirectory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
unknown
2007-03-03
10.0CVE-2007-1232
BUGTRAQ
BID
STWC-Counter -- STWC-CounterPHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.
unknown
2007-03-03
10.0CVE-2007-1233
MILW0RM
BID
XF
TCPDump -- TCPDumpOff-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
unknown
2007-03-02
7.0CVE-2007-1218
FULDISC
OTHER-REF
OTHER-REF
TKS Banking Solutions -- ePortfolioMultiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.
unknown
2007-03-07
8.0CVE-2007-1332
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Trend Micro -- ServerProtectTrend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
unknown
2007-03-02
7.0CVE-2007-1168
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Tyger -- Bug Tracking SystemSQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
7.0CVE-2007-1290
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1178
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1183
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPThe default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
unknown
2007-03-02
7.0CVE-2007-1184
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
unknown
2007-03-02
7.0CVE-2007-1188
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPMultiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-03-03
8.0CVE-2007-1259
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
WebCalendar -- WebCalendarincludes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
unknown
2007-03-08
7.0CVE-2007-1343
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
WebMobo -- WBNewsMultiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
unknown
2007-03-06
10.0CVE-2007-1288
BUGTRAQ
XF
WebMod -- WebModStack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.
unknown
2007-03-03
7.0CVE-2007-1260
OTHER-REF
SECUNIA
webSPELL -- webSPELLwebSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
unknown
2007-03-02
10.0CVE-2007-1160
BUGTRAQ
webSPELL -- webSPELLSQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
unknown
2007-03-02
7.0CVE-2007-1163
MILW0RM
BID
Weltennetz -- News-LettermanPHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.
unknown
2007-03-08
7.0CVE-2007-1340
MILW0RM
BID
XF
WordPress -- WordPressWordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
unknown
2007-03-05
7.0CVE-2007-1277
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Tomcat JK Web Server ConnectorStack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
unknown
2007-03-04
5.6CVE-2007-0774
OTHER-REF
OTHER-REF
ASP-Nuke -- ASP-Nukedefault.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
unknown
2007-03-07
4.8CVE-2006-7152
MILW0RM
BID
XF
Audins Audiens -- Audins AudiensCross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
4.7CVE-2007-1241
OTHER-REF
BID
aWeb Labs -- aWebNewsMultiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
unknown
2007-03-03
5.6CVE-2007-1247
BUGTRAQ
BUGTRAQ
BID
SECUNIA
Blender Foundation -- BlenderEval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
unknown
2007-03-03
5.6CVE-2007-1253
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
Bsalsa -- EmbeddedWB Web BrowserUnspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-02
5.6CVE-2007-1190
BID
BtitTracker -- BtitTrackerDirectory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
unknown
2007-03-07
4.7CVE-2006-7159
BUGTRAQ
BID
SECUNIA
Connectix -- Connectix BoardsSQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
unknown
2007-03-03
4.2CVE-2007-1254
BUGTRAQ
MILW0RM
SECUNIA
Contelligent -- C1 Financial ServicesMoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
unknown
2007-03-03
5.6CVE-2007-1249
OTHER-REF
BID
SECUNIA
Drupal -- IMCE moduleUnrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
unknown
2007-03-05
4.2CVE-2006-7109
OTHER-REF
FRSIRT
SECUNIA
XF
EZOnlineGallery -- EZOnlineGalleryMultiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
unknown
2007-03-03
4.7CVE-2006-7103
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsCross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.
unknown
2007-03-05
5.6CVE-2006-7125
BUGTRAQ
OTHER-REF
BID
FRSIRT
XF
Joomla! -- BSQ SitestatsSQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.
unknown
2007-03-05
5.6CVE-2006-7126
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Lenovo -- ThinkPad
Intel -- PRO 1000 LAN Adapter
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
unknown
2007-03-06
4.9CVE-2007-1307
OTHER-REF
BID
FRSIRT
SECUNIA
LI-Scripts -- LI-GuestbookSQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
unknown
2007-03-06
5.6CVE-2007-1302
BUGTRAQ
OTHER-REF
MailEnable -- MailEnableStack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
unknown
2007-03-06
6.0CVE-2007-1301
MILW0RM
BID
FRSIRT
SECUNIA
MAXdev -- MDProDirectory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
unknown
2007-03-05
4.8CVE-2006-7112
MILW0RM
BID
XF
Microsoft -- Xbox 360 kernelThe Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
unknown
2007-03-02
5.6CVE-2007-1220
BUGTRAQ
BID
mod_security -- mod_securityInterpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
unknown
2007-03-08
5.6CVE-2007-1359
OTHER-REF
BID
SECUNIA
Mozilla -- FirefoxMozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
unknown
2007-03-03
5.6CVE-2007-1256
BUGTRAQ
FULLDISC
FULLDISC
Norman -- Norman Sandbox AnalyzerNorman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
unknown
2007-03-02
4.9CVE-2007-1194
BUGTRAQ
OTHER-REF
Novell -- Access ManagerNovell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
unknown
2007-03-06
6.0CVE-2007-1309
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Novell -- NetMailStack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
unknown
2007-03-08
5.6CVE-2007-1350
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
NukeScripts -- NukeSentinelSQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
unknown
2007-03-02
4.7CVE-2007-1171
BUGTRAQ
MILW0RM
BID
XF
NukeScripts -- NukeSentinelSQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
unknown
2007-03-02
4.7CVE-2007-1172
BUGTRAQ
MILW0RM
Nullsoft -- SHOUTcast serverCross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
unknown
2007-03-02
5.6CVE-2007-1229
BUGTRAQ
BID
FRSIRT
SECUNIA
Oracle -- Oracle10g Database ServerOracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
unknown
2007-03-02
4.8CVE-2006-7067
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
Oracle -- APEX HTMLDBSQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
unknown
2007-03-07
4.8CVE-2006-7138
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
XF
PHP -- PHPInteger overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
unknown
2007-03-06
5.6CVE-2007-1286
OTHER-REF
Red Hat -- Red Hat thunderbirdMozilla Thunderbird allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
unknown
2007-03-05
5.6CVE-2007-0994
OTHER-REF
Sava's Place -- Sava's GuestbookMultiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
unknown
2007-03-06
5.6CVE-2007-1304
BUGTRAQ
BID
sitex -- sitexsitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
unknown
2007-03-03
4.7CVE-2007-1236
BUGTRAQ
SourceForge -- WatchtowerUnspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
unknown
2007-03-02
5.6CVE-2007-1134
OTHER-REF
FRSIRT
SourceForge -- Netrek Vanilla ServerFormat string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.
unknown
2007-03-03
5.6CVE-2007-1251
OTHER-REF
OTHER-REF
BID
SECUNIA
SQLite Manager -- SQLite ManagerMultiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
unknown
2007-03-03
5.6CVE-2007-1231
BUGTRAQ
BID
Symantec -- Symantec Mail Security for SMTPBuffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
unknown
2007-03-03
5.6CVE-2007-1252
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Tyger -- Bug Tracking SystemSQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
unknown
2007-03-06
4.7CVE-2007-1289
BUGTRAQ
BID
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
unknown
2007-03-02
4.7CVE-2007-1177
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
unknown
2007-03-02
4.7CVE-2007-1182
OTHER-REF
BID
FRSIRT
SECUNIA
Webmin -- WebminMultiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin 1.320 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-03-05
4.7CVE-2007-1276
OTHER-REF
FRSIRT
webSPELL -- webSPELLUnrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
unknown
2007-03-02
5.6CVE-2007-1155
BUGTRAQ
WordPress -- WordPressMultiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
unknown
2007-03-02
4.7CVE-2007-1230
OTHER-REF
OTHER-REF
FRSIRT
WordPress -- WordPressCross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
unknown
2007-03-03
5.6CVE-2007-1244
BUGTRAQ
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat ReaderAdobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <>, a different issue than CVE-2007-0045.
unknown
2007-03-02
1.9CVE-2007-1199
OTHER-REF
BID
Agnitum -- Outpost Firewall PROThe Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey,, (3) NtCreateThread,, (4) NtDeleteFile,, (5) NtLoadDriver,, (6) NtOpenProcess,, (7) NtProtectVirtualMemory,, (8) NtReplaceKey,, (9) NtTerminateProcess,, (10) NtTerminateThread,, (11) NtUnloadDriver, and , (12) NtWriteVirtualMemory functions.
unknown
2007-03-07
2.3CVE-2006-7160
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
unknown
2007-03-05
3.7CVE-2007-0713
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
unknown
2007-03-05
3.7CVE-2007-0715
APPLE
OTHER-REF
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0716
APPLE
OTHER-REF
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0717
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0718
APPLE
OTHER-REF
Bernard Joly -- BJ WebringCross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.
unknown
2007-03-07
1.9CVE-2007-1328
BUGTRAQ
OTHER-REF
Built2Go -- News Manager BlogMultiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.
unknown
2007-03-03
1.9CVE-2007-1248
BUGTRAQ
BID
CA -- eTrust Intrusion DetectionHeap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
2007-01-16
2007-03-02
3.3CVE-2007-1005
IDEFENSE
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
Call Center Software -- Call Center SoftwareCross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
unknown
2007-03-02
1.9CVE-2007-1161
BUGTRAQ
VIM
Call-Center-Software -- Call-Center-SoftwareCross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.
unknown
2007-03-07
3.7CVE-2006-7143
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
Call-Center-Software -- Call-Center-Softwareedit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter.
unknown
2007-03-07
2.8CVE-2006-7145
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
XF
Common Controls Replacement Project -- BrowseDialog ServerA certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.
unknown
2007-03-02
3.3CVE-2007-1162
OTHER-REF
BID
Comodo -- Comodo Firewall ProComodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times.
unknown
2007-03-07
3.9CVE-2007-1330
BUGTRAQ
OTHER-REF
BID
XF
Connectix -- Connectix BoardsUnrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
unknown
2007-03-03
3.4CVE-2007-1255
BUGTRAQ
MILW0RM
SECUNIA
Debian -- ApacheThe Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
unknown
2007-03-03
3.4CVE-2006-7098
OTHER-REF
BID
SECUNIA
Digium -- AsteriskUnspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) via crafted Session Initiation Protocol (SIP) packets.
unknown
2007-03-06
3.3CVE-2007-1306
OTHER-REF
OTHER-REF
CERT-VN
SECTRACK
DivX -- DivX Web PlayerA certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.
unknown
2007-03-06
3.3CVE-2007-1294
MILW0RM
BID
XF
Douran Software Technologies -- ISPUtilDOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
3.3CVE-2007-1300
SECUNIA
Drupal -- IMCE moduleDirectory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.
unknown
2007-03-05
2.8CVE-2006-7110
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- NodefamilyUnspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.
unknown
2007-03-08
3.4CVE-2007-1360
OTHER-REF
BID
FRSIRT
SECUNIA
DZCP -- Clanportalinc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
unknown
2007-03-02
2.3CVE-2007-1167
MILW0RM
OTHER-REF
BID
SECUNIA
Enigmail -- EnigmailEnigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1264
BUGTRAQ
OTHER-REF
BID
GNOME -- EvolutionEvolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1266
BUGTRAQ
OTHER-REF
BID
Gnu -- GPGME
GnuPG -- GnuPG
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1263
BUGTRAQ
OTHER-REF
BID
Gnu -- GNUMailGNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1269
BUGTRAQ
OTHER-REF
BID
Google -- Google EarthBuffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
unknown
2007-03-07
1.9CVE-2006-7157
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Grok Developments -- NetProxyGrok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
unknown
2007-03-02
2.3CVE-2007-1224
MILW0RM
BID
FRSIRT
XF
HyperBook -- GuestbookThomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
unknown
2007-03-02
2.3CVE-2007-1192
OTHER-REF
BID
IBM -- DB2IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
unknown
2007-03-02
2.3CVE-2007-1228
AIXAPAR
AIXAPAR
BID
Internet Security Systems -- BlackICE PC ProtectionISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
unknown
2007-03-05
1.6CVE-2006-7129
BUGTRAQ
FULLDISC
OTHER-REF
BID
OSVDB
XF
Iono -- IonoIono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/.
unknown
2007-03-07
2.3CVE-2006-7154
BUGTRAQ
OSVDB
OSVDB
OSVDB
IrfanView -- IrfanViewIrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.
unknown
2007-03-03
2.3CVE-2007-1245
BUGTRAQ
OTHER-REF
OTHER-REF
Kaspersky Lab -- Kaspersky Antivirus EngineKaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
unknown
2007-03-05
2.3CVE-2007-1281
IDEFENSE
BID
SECTRACK
KDE -- K-MailKMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
3.3CVE-2007-1265
BUGTRAQ
OTHER-REF
BID
KDE -- Konquerorecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
unknown
2007-03-06
1.9CVE-2007-1308
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
Linksys -- SPA921The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
unknown
2007-03-05
3.3CVE-2006-7121
FULLDISC
BID
OSVDB
SECUNIA
XF
Mambo -- MamboMultiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
unknown
2007-03-07
3.7CVE-2006-7149
BUGTRAQ
OTHER-REF
BID
McAfee -- VirexMcAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
unknown
2007-03-02
3.4CVE-2007-1226
BUGTRAQ
McAfee
BID
FRSIRT
SECUNIA
McAfee -- VirexVShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
unknown
2007-03-02
2.3CVE-2007-1227
BUGTRAQ
McAfee
BID
FRSIRT
SECUNIA
Microsoft -- Office 2003Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
unknown
2007-03-03
3.4CVE-2007-1238
BUGTRAQ
OTHER-REF
Microsoft -- ExcelMicrosoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
unknown
2007-03-03
1.9CVE-2007-1239
BUGTRAQ
OTHER-REF
Microsoft -- Windows ExplorerMicrosoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (crash) and trigger memory corruption via an Office file with crafted document summary information.
unknown
2007-03-08
2.7CVE-2007-1347
MILW0RM
CERT-VN
Mutt -- MuttMutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1268
BUGTRAQ
OTHER-REF
BID
Oracle -- Database Server** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability.
unknown
2007-03-07
3.4CVE-2006-7141
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
PHP -- PHPA regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
unknown
2007-03-06
1.9CVE-2007-1287
OTHER-REF
PHP Upload Tool -- PHP Upload ToolDirectory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter.
unknown
2007-03-05
2.3CVE-2006-7133
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PostNuke Software Foundation -- PagesetterDirectory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
2007-02-08
2007-03-02
2.3CVE-2007-1158
BUGTRAQ
FULLDISC
FULLDISC
OTHER-REF
BID
SECUNIA
Pyrophobia -- PyrophobiaCross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-02
1.9CVE-2007-1159
BID
Quicksilver -- Del.icio.us ModuleThe Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
unknown
2007-03-02
1.6CVE-2007-1191
FULLDISC
BID
XF
Red Hat -- Red Hat Enterprise Linuxlogin in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
unknown
2007-03-04
3.4CVE-2006-7108
OTHER-REF
Rigter Portal System -- Rigter Portal SystemSQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.
unknown
2007-03-06
3.7CVE-2007-1293
MILW0RM
FRSIRT
SECUNIA
RRDBrowse -- RRDBrowseDirectory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-03-06
3.3CVE-2007-1303
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SILC -- SILC-ServerThe SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.
unknown
2007-03-07
3.3CVE-2007-1327
FULLDISC
BID
SimBin -- GTR - FIA GET Racing Game
SimBin -- Race - The WTCC Game
SimBin -- GTR 2
SimBin -- GT Legends
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.
unknown
2007-03-02
2.3CVE-2007-1170
BUGTRAQ
BID
Simon Tatham -- PuTTYPuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
unknown
2007-03-07
1.3CVE-2006-7162
OTHER-REF
SECUNIA
Simple Invoices -- Simple Invoicesinclude/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
unknown
2007-03-08
2.3CVE-2007-1341
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
SnapGear -- FirmwareSnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613.
unknown
2007-03-07
2.3CVE-2007-1324
OTHER-REF
BID
SECUNIA
SourceForge -- OpenBiblioUnspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.
unknown
2007-03-03
3.4CVE-2007-1261
OTHER-REF
FRSIRT
Sun -- SolarisThe libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
unknown
2007-03-07
3.7CVE-2006-7140
SUNALERT
FRSIRT
SECUNIA
Sun -- Sun FireUnspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.
unknown
2007-03-08
3.4CVE-2007-1346
SUNALERT
BID
Sylpheed -- SylpheedSylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1267
BUGTRAQ
OTHER-REF
BID
TaskFreak! -- TaskFreak!Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.
unknown
2007-03-02
2.3CVE-2007-1198
OTHER-REF
Tiny Portal -- Tiny PortalCross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.
unknown
2007-03-06
1.9CVE-2006-7137
BUGTRAQ
BUGTRAQ
BID
TKS Banking Solutions -- ePortfolioMultiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.
unknown
2007-03-07
1.9CVE-2007-1331
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Trend Micro -- ServerProtectThe web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.
unknown
2007-03-02
2.3CVE-2007-1169
OTHER-REF
Tyger -- Bug Tracking SystemMultiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
unknown
2007-03-06
3.7CVE-2007-1291
BUGTRAQ
BID
SECUNIA
Utimaco Safeware -- SafeGuard EasyThe centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
unknown
2007-03-07
2.3CVE-2006-7142
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
vBulletin -- vBulletinCross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
unknown
2007-03-08
1.9CVE-2007-1342
BUGTRAQ
BID
XF
Virtuemart -- VirtuemartCross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
unknown
2007-03-08
1.9CVE-2007-1361
OTHER-REF
FRSIRT
SECUNIA
WebAPP -- WebAPPMultiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
unknown
2007-03-02
1.9CVE-2007-1174
OTHER-REF
BID
FRSIRT
XF
WebAPP -- WebAPPCross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-03-02
1.9CVE-2007-1175
OTHER-REF
BID
FRSIRT
WebAPP -- WebAPPMultiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.
unknown
2007-03-02
1.9CVE-2007-1176
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
XF
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.
unknown
2007-03-02
2.3CVE-2007-1179
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
unknown
2007-03-02
1.9CVE-2007-1180
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
unknown
2007-03-02
2.3CVE-2007-1181
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPThe (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
unknown
2007-03-02
2.3CVE-2007-1185
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
unknown
2007-03-02
2.3CVE-2007-1186
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
unknown
2007-03-02
2.8CVE-2007-1187
OTHER-REF
BID
FRSIRT
SECUNIA
Zend -- EngineThe Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
unknown
2007-03-06
2.3CVE-2007-1285
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Admin Phorum -- Admin PhorumPHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2007-03-02
7.0CVE-2007-1219
MILW0RM
BID
FRSIRT
AJ Forum -- AJ ForumSQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
unknown
2007-03-06
7.0CVE-2007-1295
MILW0RM
BID
SECUNIA
AJ Square -- AJ ClassifiedsSQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
unknown
2007-03-06
7.0CVE-2007-1296
MILW0RM
BID
AJ Square -- AJDatingSQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
unknown
2007-03-06
7.0CVE-2007-1297
MILW0RM
BID
AJ Square -- AJAuctionSQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
unknown
2007-03-06
7.0CVE-2007-1298
MILW0RM
BID
Angel Learning -- Learning Management SuiteSQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-03-03
7.0CVE-2007-1250
BUGTRAQ
BUGTRAQ
MILW0RM
BID
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
unknown
2007-03-05
8.0CVE-2007-0711
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
unknown
2007-03-05
8.0CVE-2007-0712
APPLE
OTHER-REF
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie, related to UDTA atoms.
unknown
2007-03-05
8.0CVE-2007-0714
APPLE
OTHER-REF
Apple -- AirPort ExtremeThe default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.
unknown
2007-03-08
7.0CVE-2007-1338
OTHER-REF
Aspindir -- HazirSiteSQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
unknown
2007-03-07
7.0CVE-2006-7161
BUGTRAQ
BID
XF
Audins Audiens -- Audins AudiensSQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1242
BID
Audins Audiens -- Audins AudiensAudins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1243
BID
SECUNIA
XF
Bell Labs -- Plan 9Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
unknown
2007-03-02
7.0CVE-2007-1189
MILW0RM
MLIST
OTHER-REF
BID
BJ Sintay -- SiteXMultiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php.
unknown
2007-03-03
7.0CVE-2007-1234
BUGTRAQ
BJ Sintay -- SiteXUnrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file.
unknown
2007-03-03
7.0CVE-2007-1235
BUGTRAQ
BJ Sintay -- SiteXsitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.
unknown
2007-03-03
7.0CVE-2007-1237
BUGTRAQ
Call-Center-Software -- Call-Center-SoftwareSQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.
unknown
2007-03-07
7.0CVE-2006-7144
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
Cisco -- Catalyst 7600
Cisco -- Catalyst 6000
Cisco -- Catalyst 6500
Cisco -- Network Analysis Module
The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
unknown
2007-03-03
10.0CVE-2007-1257
CISCO
Cisco -- Catalyst 6500Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
unknown
2007-03-03
7.0CVE-2007-1258
CISCO
Citrix -- Presentation Server ClientUnspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
unknown
2007-03-02
8.0CVE-2007-1196
Citrix
FRSIRT
Coalescent Systems -- freePBXPHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter.
unknown
2007-03-03
7.0CVE-2006-7107
MILW0RM
BID
XF
Cuttlefish Multimedia Ltd. -- Leicestershire communityPortals** DISPUTED ** PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions.
unknown
2007-03-07
8.0CVE-2006-7146
BUGTRAQ
BID
Cynux Softwares -- PHPMyDeskDirectory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
unknown
2007-03-05
10.0CVE-2006-7132
MILW0RM
XF
DBScripts -- DBImageGalleryMultiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.
unknown
2007-03-02
7.0CVE-2007-1164
MILW0RM
BID
DBScripts -- DBGuestbookMultiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.
unknown
2007-03-02
7.0CVE-2007-1165
MILW0RM
BID
Delmaa.com -- arabhostPHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.
unknown
2007-03-02
7.0CVE-2007-1146
BUGTRAQ
VIM
dmxReady -- Site Engine ManagerSQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
unknown
2007-03-05
8.0CVE-2006-7118
BUGTRAQ
BID
XF
Docebo -- DoceboMultiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
7.0CVE-2007-1240
OTHER-REF
BID
Dxmsoft -- XM Easy Personal FTP ServerMultiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
unknown
2007-03-02
7.0CVE-2007-1195
OTHER-REF
BID
Epiware -- EpiwareMultiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
unknown
2007-03-02
7.0CVE-2007-1197
OTHER-REF
Futomi's CGI Cafe -- KMail CGIUnspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.
unknown
2007-03-05
7.0CVE-2006-7111
OTHER-REF
BID
SECUNIA
XF
Gnu -- libtool-ltdlUntrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.
unknown
2007-03-07
8.0CVE-2006-7151
BUGTRAQ
OTHER-REF
BID
Grok Developments -- NetProxyThe connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
unknown
2007-03-02
10.0CVE-2007-1225
MILW0RM
BID
FRSIRT
XF
Hitachi -- OSASUnspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".
unknown
2007-03-02
7.0CVE-2007-1223
OTHER-REF
XF
Icecast -- EzstreamMultiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
unknown
2007-03-08
8.0CVE-2007-1344
OTHER-REF
SECUNIA
JBoss -- JBossCross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.
unknown
2007-03-02
8.0CVE-2007-1157
BUGTRAQ
BUGTRAQ
Jelsoft -- vBulletinSQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
unknown
2007-03-06
7.0CVE-2007-1292
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Jinzora -- JinzoraPHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.
unknown
2007-03-05
10.0CVE-2006-7130
BUGTRAQ
MILW0RM
BID
XF
Jinzora -- JinzoraPHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
unknown
2007-03-05
10.0CVE-2006-7131
BUGTRAQ
MILW0RM
XF
Joomla! -- BSQ SitestatsCross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.
unknown
2007-03-05
7.0CVE-2006-7122
BUGTRAQ
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsMultiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
unknown
2007-03-05
7.0CVE-2006-7123
BUGTRAQ
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsPHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.
2006-09-14
2007-03-05
7.0CVE-2006-7124
BUGTRAQ
OTHER-REF
OTHER-REF
BID
OSVDB
XF
KDE -- K-MailKmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
unknown
2007-03-07
7.0CVE-2006-7139
BUGTRAQ
BUGTRAQ
FULLDISC
BID
XF
Kubix -- KubixSQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
unknown
2007-03-05
10.0CVE-2006-7116
MILW0RM
BID
XF
Kubix -- KubixMultiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
unknown
2007-03-05
10.0CVE-2006-7117
MILW0RM
BID
XF
XF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
unknown
2007-03-07
10.0CVE-2007-1329
BUGTRAQ
SECTRACK
XF
Linux -- KernelBuffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet.
unknown
2007-03-02
7.0CVE-2007-1217
OTHER-REF
OTHER-REF
Mambo -- MostlyCEPHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-03-03
7.0CVE-2006-7104
BUGTRAQ
BID
XF
Mambo -- Mambo Open SourceMultiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
unknown
2007-03-07
7.0CVE-2006-7150
BUGTRAQ
OTHER-REF
BID
XF
Man Machine Systems -- JBrowserJBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.
unknown
2007-03-02
7.0CVE-2007-1156
BUGTRAQ
OTHER-REF
Mani Stats Reader -- Mani Stats ReaderPHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.
unknown
2007-03-06
7.0CVE-2007-1299
MILW0RM
BID
XF
Microsoft -- Xbox 360 kernelThe Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
unknown
2007-03-02
7.0CVE-2007-1221
BUGTRAQ
BID
MiniBB -- ForumPHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
unknown
2007-03-07
7.0CVE-2006-7153
BUGTRAQ
XF
MiniBB -- Keyword ReplacerPHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
unknown
2007-03-07
7.0CVE-2006-7156
MILW0RM
VIM
BID
FRSIRT
OSVDB
SECUNIA
Monitor-Line -- Links ManagementSQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
unknown
2007-03-08
7.0CVE-2007-1339
MILW0RM
BID
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.
unknown
2007-03-05
10.0CVE-2007-1282
REDHAT
OTHER-REF
OTHER-REF
Mplayer -- MplayerThe DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
unknown
2007-03-03
8.0CVE-2007-1246
OTHER-REF
OTHER-REF
FRSIRT
XF
Nabocorp -- nabopollSQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
unknown
2007-03-02
7.0CVE-2007-1166
BUGTRAQ
MILW0RM
BID
Noah Spurrier -- Upload Tool for PHPUnrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-05
10.0CVE-2006-7134
BID
FRSIRT
SECUNIA
XF
Novell -- BorderManagerNovell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286.
unknown
2007-03-07
7.0CVE-2006-7155
OTHER-REF
VIM
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Oracle -- Application ExpressCross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
unknown
2007-03-07
8.0CVE-2006-7158
BUGTRAQ
OTHER-REF
SECUNIA
XF
OrangeHRM -- OrangeHRMMultiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1193
OTHER-REF
BID
FRSIRT
OSU Open Source Lab -- Maintain** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php.
unknown
2007-03-05
10.0CVE-2006-7120
BUGTRAQ
BID
XF
Parallels -- Parallels DesktopParallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.
unknown
2007-03-02
7.0CVE-2007-1222
MLIST
SECUNIA
PHP Poll Creator -- PHP Poll CreatorPHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
7.0CVE-2006-7135
SECUNIA
XF
phpBB -- Import ToolsPHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-03-07
7.0CVE-2006-7147
MILW0RM
BID
XF
phpBB -- maluinfoPHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
unknown
2007-03-07
7.0CVE-2006-7148
BUGTRAQ
BID
XF
PHPGiggle -- PHPGigglePHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.
unknown
2007-03-05
7.0CVE-2006-7119
MILW0RM
XF
PHPKIT -- PHPKITSQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.
unknown
2007-03-05
7.0CVE-2006-7115
BUGTRAQ
OTHER-REF
BID
OSVDB
SECUNIA
XF
phpMyAdmin -- phpMyAdminThe PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.
unknown
2007-03-07
8.0CVE-2007-1325
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
phpPC -- PHP Poll CreatorMultiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.
unknown
2007-03-06
10.0CVE-2006-7136
MILW0RM
BID
SECUNIA
XF
Planerd.net -- P-NewsUnrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-05
10.0CVE-2006-7113
BID
FRSIRT
SECUNIA
XF
Planerd.net -- P-NewsP-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.
unknown
2007-03-05
10.0CVE-2006-7114
FRSIRT
SECUNIA
XF
PowerPhlogger -- PowerPhloggerPHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earllier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
unknown
2007-03-03
7.0CVE-2006-7106
MILW0RM
BID
BID
XF
Salims Softhouse -- JAF CMSMultiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.
unknown
2007-03-05
7.0CVE-2006-7127
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Salims Softhouse -- JAF CMSPHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.
unknown
2007-03-05
7.0CVE-2006-7128
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Sava's Place -- Sava's GuestbookMultiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.
unknown
2007-03-06
7.0CVE-2007-1305
BUGTRAQ
BID
Serendipity -- SerendipitySQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
unknown
2007-03-07
7.0CVE-2007-1326
BUGTRAQ
XF
Smarty -- Smarty** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect.
unknown
2007-03-03
10.0CVE-2006-7105
FULLDISC
FULLDISC
BID
XF
SourceForge -- phpBurningPortalMultiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
unknown
2007-03-03
10.0CVE-2006-7102
MILW0RM
BID
XF
SQLite Manager -- SQLite ManagerDirectory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
unknown
2007-03-03
10.0CVE-2007-1232
BUGTRAQ
BID
STWC-Counter -- STWC-CounterPHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.
unknown
2007-03-03
10.0CVE-2007-1233
MILW0RM
BID
XF
TCPDump -- TCPDumpOff-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
unknown
2007-03-02
7.0CVE-2007-1218
FULDISC
OTHER-REF
OTHER-REF
TKS Banking Solutions -- ePortfolioMultiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.
unknown
2007-03-07
8.0CVE-2007-1332
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Trend Micro -- ServerProtectTrend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).
unknown
2007-03-02
7.0CVE-2007-1168
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Tyger -- Bug Tracking SystemSQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
7.0CVE-2007-1290
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1178
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors.
unknown
2007-03-02
7.0CVE-2007-1183
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPThe default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.
unknown
2007-03-02
7.0CVE-2007-1184
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking".
unknown
2007-03-02
7.0CVE-2007-1188
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPMultiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2007-03-03
8.0CVE-2007-1259
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
WebCalendar -- WebCalendarincludes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.
unknown
2007-03-08
7.0CVE-2007-1343
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
WebMobo -- WBNewsMultiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.
unknown
2007-03-06
10.0CVE-2007-1288
BUGTRAQ
XF
WebMod -- WebModStack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.
unknown
2007-03-03
7.0CVE-2007-1260
OTHER-REF
SECUNIA
webSPELL -- webSPELLwebSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
unknown
2007-03-02
10.0CVE-2007-1160
BUGTRAQ
webSPELL -- webSPELLSQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
unknown
2007-03-02
7.0CVE-2007-1163
MILW0RM
BID
Weltennetz -- News-LettermanPHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.
unknown
2007-03-08
7.0CVE-2007-1340
MILW0RM
BID
XF
WordPress -- WordPressWordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
unknown
2007-03-05
7.0CVE-2007-1277
OTHER-REF
OTHER-REF
CERT-VN
CERT-VN

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Tomcat JK Web Server ConnectorStack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
unknown
2007-03-04
5.6CVE-2007-0774
OTHER-REF
OTHER-REF
ASP-Nuke -- ASP-Nukedefault.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
unknown
2007-03-07
4.8CVE-2006-7152
MILW0RM
BID
XF
Audins Audiens -- Audins AudiensCross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-03
4.7CVE-2007-1241
OTHER-REF
BID
aWeb Labs -- aWebNewsMultiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
unknown
2007-03-03
5.6CVE-2007-1247
BUGTRAQ
BUGTRAQ
BID
SECUNIA
Blender Foundation -- BlenderEval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
unknown
2007-03-03
5.6CVE-2007-1253
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
Bsalsa -- EmbeddedWB Web BrowserUnspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-02
5.6CVE-2007-1190
BID
BtitTracker -- BtitTrackerDirectory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
unknown
2007-03-07
4.7CVE-2006-7159
BUGTRAQ
BID
SECUNIA
Connectix -- Connectix BoardsSQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.
unknown
2007-03-03
4.2CVE-2007-1254
BUGTRAQ
MILW0RM
SECUNIA
Contelligent -- C1 Financial ServicesMoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components.
unknown
2007-03-03
5.6CVE-2007-1249
OTHER-REF
BID
SECUNIA
Drupal -- IMCE moduleUnrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.
unknown
2007-03-05
4.2CVE-2006-7109
OTHER-REF
FRSIRT
SECUNIA
XF
EZOnlineGallery -- EZOnlineGalleryMultiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
unknown
2007-03-03
4.7CVE-2006-7103
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
Joomla! -- BSQ SitestatsCross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.
unknown
2007-03-05
5.6CVE-2006-7125
BUGTRAQ
OTHER-REF
BID
FRSIRT
XF
Joomla! -- BSQ SitestatsSQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.
unknown
2007-03-05
5.6CVE-2006-7126
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Lenovo -- ThinkPad
Intel -- PRO 1000 LAN Adapter
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
unknown
2007-03-06
4.9CVE-2007-1307
OTHER-REF
BID
FRSIRT
SECUNIA
LI-Scripts -- LI-GuestbookSQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
unknown
2007-03-06
5.6CVE-2007-1302
BUGTRAQ
OTHER-REF
MailEnable -- MailEnableStack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
unknown
2007-03-06
6.0CVE-2007-1301
MILW0RM
BID
FRSIRT
SECUNIA
MAXdev -- MDProDirectory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
unknown
2007-03-05
4.8CVE-2006-7112
MILW0RM
BID
XF
Microsoft -- Xbox 360 kernelThe Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code.
unknown
2007-03-02
5.6CVE-2007-1220
BUGTRAQ
BID
mod_security -- mod_securityInterpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.
unknown
2007-03-08
5.6CVE-2007-1359
OTHER-REF
BID
SECUNIA
Mozilla -- FirefoxMozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
unknown
2007-03-03
5.6CVE-2007-1256
BUGTRAQ
FULLDISC
FULLDISC
Norman -- Norman Sandbox AnalyzerNorman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
unknown
2007-03-02
4.9CVE-2007-1194
BUGTRAQ
OTHER-REF
Novell -- Access ManagerNovell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
unknown
2007-03-06
6.0CVE-2007-1309
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Novell -- NetMailStack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.
unknown
2007-03-08
5.6CVE-2007-1350
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
NukeScripts -- NukeSentinelSQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
unknown
2007-03-02
4.7CVE-2007-1171
BUGTRAQ
MILW0RM
BID
XF
NukeScripts -- NukeSentinelSQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."
unknown
2007-03-02
4.7CVE-2007-1172
BUGTRAQ
MILW0RM
Nullsoft -- SHOUTcast serverCross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
unknown
2007-03-02
5.6CVE-2007-1229
BUGTRAQ
BID
FRSIRT
SECUNIA
Oracle -- Oracle10g Database ServerOracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE: this issue was originally disputed by a third party, but the dispute was retracted. NOTE: this issue was called an "integer overflow" in the original source, but this might be incorrect.
unknown
2007-03-02
4.8CVE-2006-7067
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
Oracle -- APEX HTMLDBSQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
unknown
2007-03-07
4.8CVE-2006-7138
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
XF
PHP -- PHPInteger overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
unknown
2007-03-06
5.6CVE-2007-1286
OTHER-REF
Red Hat -- Red Hat thunderbirdMozilla Thunderbird allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
unknown
2007-03-05
5.6CVE-2007-0994
OTHER-REF
Sava's Place -- Sava's GuestbookMultiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.
unknown
2007-03-06
5.6CVE-2007-1304
BUGTRAQ
BID
sitex -- sitexsitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages.
unknown
2007-03-03
4.7CVE-2007-1236
BUGTRAQ
SourceForge -- WatchtowerUnspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
unknown
2007-03-02
5.6CVE-2007-1134
OTHER-REF
FRSIRT
SourceForge -- Netrek Vanilla ServerFormat string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling.
unknown
2007-03-03
5.6CVE-2007-1251
OTHER-REF
OTHER-REF
BID
SECUNIA
SQLite Manager -- SQLite ManagerMultiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.
unknown
2007-03-03
5.6CVE-2007-1231
BUGTRAQ
BID
Symantec -- Symantec Mail Security for SMTPBuffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
unknown
2007-03-03
5.6CVE-2007-1252
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Tyger -- Bug Tracking SystemSQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
unknown
2007-03-06
4.7CVE-2007-1289
BUGTRAQ
BID
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS).
unknown
2007-03-02
4.7CVE-2007-1177
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact.
unknown
2007-03-02
4.7CVE-2007-1182
OTHER-REF
BID
FRSIRT
SECUNIA
Webmin -- WebminMultiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin 1.320 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-03-05
4.7CVE-2007-1276
OTHER-REF
FRSIRT
webSPELL -- webSPELLUnrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.
unknown
2007-03-02
5.6CVE-2007-1155
BUGTRAQ
WordPress -- WordPressMultiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
unknown
2007-03-02
4.7CVE-2007-1230
OTHER-REF
OTHER-REF
FRSIRT
WordPress -- WordPressCross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
unknown
2007-03-03
5.6CVE-2007-1244
BUGTRAQ
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat ReaderAdobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <>, a different issue than CVE-2007-0045.
unknown
2007-03-02
1.9CVE-2007-1199
OTHER-REF
BID
Agnitum -- Outpost Firewall PROThe Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey,, (3) NtCreateThread,, (4) NtDeleteFile,, (5) NtLoadDriver,, (6) NtOpenProcess,, (7) NtProtectVirtualMemory,, (8) NtReplaceKey,, (9) NtTerminateProcess,, (10) NtTerminateThread,, (11) NtUnloadDriver, and , (12) NtWriteVirtualMemory functions.
unknown
2007-03-07
2.3CVE-2006-7160
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.
unknown
2007-03-05
3.7CVE-2007-0713
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.
unknown
2007-03-05
3.7CVE-2007-0715
APPLE
OTHER-REF
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0716
APPLE
OTHER-REF
Apple -- QuicktimeInteger overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0717
APPLE
OTHER-REF
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
unknown
2007-03-05
3.7CVE-2007-0718
APPLE
OTHER-REF
Bernard Joly -- BJ WebringCross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.
unknown
2007-03-07
1.9CVE-2007-1328
BUGTRAQ
OTHER-REF
Built2Go -- News Manager BlogMultiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.
unknown
2007-03-03
1.9CVE-2007-1248
BUGTRAQ
BID
CA -- eTrust Intrusion DetectionHeap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
2007-01-16
2007-03-02
3.3CVE-2007-1005
IDEFENSE
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
Call Center Software -- Call Center SoftwareCross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.
unknown
2007-03-02
1.9CVE-2007-1161
BUGTRAQ
VIM
Call-Center-Software -- Call-Center-SoftwareCross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.
unknown
2007-03-07
3.7CVE-2006-7143
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
Call-Center-Software -- Call-Center-Softwareedit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter.
unknown
2007-03-07
2.8CVE-2006-7145
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECUNIA
XF
Common Controls Replacement Project -- BrowseDialog ServerA certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.
unknown
2007-03-02
3.3CVE-2007-1162
OTHER-REF
BID
Comodo -- Comodo Firewall ProComodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times.
unknown
2007-03-07
3.9CVE-2007-1330
BUGTRAQ
OTHER-REF
BID
XF
Connectix -- Connectix BoardsUnrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.
unknown
2007-03-03
3.4CVE-2007-1255
BUGTRAQ
MILW0RM
SECUNIA
Debian -- ApacheThe Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
unknown
2007-03-03
3.4CVE-2006-7098
OTHER-REF
BID
SECUNIA
Digium -- AsteriskUnspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) via crafted Session Initiation Protocol (SIP) packets.
unknown
2007-03-06
3.3CVE-2007-1306
OTHER-REF
OTHER-REF
CERT-VN
SECTRACK
DivX -- DivX Web PlayerA certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.
unknown
2007-03-06
3.3CVE-2007-1294
MILW0RM
BID
XF
Douran Software Technologies -- ISPUtilDOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-06
3.3CVE-2007-1300
SECUNIA
Drupal -- IMCE moduleDirectory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.
unknown
2007-03-05
2.8CVE-2006-7110
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- NodefamilyUnspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.
unknown
2007-03-08
3.4CVE-2007-1360
OTHER-REF
BID
FRSIRT
SECUNIA
DZCP -- Clanportalinc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.
unknown
2007-03-02
2.3CVE-2007-1167
MILW0RM
OTHER-REF
BID
SECUNIA
Enigmail -- EnigmailEnigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1264
BUGTRAQ
OTHER-REF
BID
GNOME -- EvolutionEvolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1266
BUGTRAQ
OTHER-REF
BID
Gnu -- GPGME
GnuPG -- GnuPG
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1263
BUGTRAQ
OTHER-REF
BID
Gnu -- GNUMailGNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1269
BUGTRAQ
OTHER-REF
BID
Google -- Google EarthBuffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
unknown
2007-03-07
1.9CVE-2006-7157
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Grok Developments -- NetProxyGrok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
unknown
2007-03-02
2.3CVE-2007-1224
MILW0RM
BID
FRSIRT
XF
HyperBook -- GuestbookThomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.
unknown
2007-03-02
2.3CVE-2007-1192
OTHER-REF
BID
IBM -- DB2IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
unknown
2007-03-02
2.3CVE-2007-1228
AIXAPAR
AIXAPAR
BID
Internet Security Systems -- BlackICE PC ProtectionISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.
unknown
2007-03-05
1.6CVE-2006-7129
BUGTRAQ
FULLDISC
OTHER-REF
BID
OSVDB
XF
Iono -- IonoIono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/.
unknown
2007-03-07
2.3CVE-2006-7154
BUGTRAQ
OSVDB
OSVDB
OSVDB
IrfanView -- IrfanViewIrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.
unknown
2007-03-03
2.3CVE-2007-1245
BUGTRAQ
OTHER-REF
OTHER-REF
Kaspersky Lab -- Kaspersky Antivirus EngineKaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.
unknown
2007-03-05
2.3CVE-2007-1281
IDEFENSE
BID
SECTRACK
KDE -- K-MailKMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
3.3CVE-2007-1265
BUGTRAQ
OTHER-REF
BID
KDE -- Konquerorecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
unknown
2007-03-06
1.9CVE-2007-1308
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
Linksys -- SPA921The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.
unknown
2007-03-05
3.3CVE-2006-7121
FULLDISC
BID
OSVDB
SECUNIA
XF
Mambo -- MamboMultiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
unknown
2007-03-07
3.7CVE-2006-7149
BUGTRAQ
OTHER-REF
BID
McAfee -- VirexMcAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
unknown
2007-03-02
3.4CVE-2007-1226
BUGTRAQ
McAfee
BID
FRSIRT
SECUNIA
McAfee -- VirexVShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
unknown
2007-03-02
2.3CVE-2007-1227
BUGTRAQ
McAfee
BID
FRSIRT
SECUNIA
Microsoft -- Office 2003Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
unknown
2007-03-03
3.4CVE-2007-1238
BUGTRAQ
OTHER-REF
Microsoft -- ExcelMicrosoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
unknown
2007-03-03
1.9CVE-2007-1239
BUGTRAQ
OTHER-REF
Microsoft -- Windows ExplorerMicrosoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (crash) and trigger memory corruption via an Office file with crafted document summary information.
unknown
2007-03-08
2.7CVE-2007-1347
MILW0RM
CERT-VN
Mutt -- MuttMutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1268
BUGTRAQ
OTHER-REF
BID
Oracle -- Database Server** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or "CREATE ANY DIRECTORY to PUBLIC" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability.
unknown
2007-03-07
3.4CVE-2006-7141
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
PHP -- PHPA regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
unknown
2007-03-06
1.9CVE-2007-1287
OTHER-REF
PHP Upload Tool -- PHP Upload ToolDirectory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter.
unknown
2007-03-05
2.3CVE-2006-7133
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PostNuke Software Foundation -- PagesetterDirectory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
2007-02-08
2007-03-02
2.3CVE-2007-1158
BUGTRAQ
FULLDISC
FULLDISC
OTHER-REF
BID
SECUNIA
Pyrophobia -- PyrophobiaCross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-02
1.9CVE-2007-1159
BID
Quicksilver -- Del.icio.us ModuleThe Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
unknown
2007-03-02
1.6CVE-2007-1191
FULLDISC
BID
XF
Red Hat -- Red Hat Enterprise Linuxlogin in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
unknown
2007-03-04
3.4CVE-2006-7108
OTHER-REF
Rigter Portal System -- Rigter Portal SystemSQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.
unknown
2007-03-06
3.7CVE-2007-1293
MILW0RM
FRSIRT
SECUNIA
RRDBrowse -- RRDBrowseDirectory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-03-06
3.3CVE-2007-1303
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SILC -- SILC-ServerThe SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.
unknown
2007-03-07
3.3CVE-2007-1327
FULLDISC
BID
SimBin -- GTR - FIA GET Racing Game
SimBin -- Race - The WTCC Game
SimBin -- GTR 2
SimBin -- GT Legends
SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.
unknown
2007-03-02
2.3CVE-2007-1170
BUGTRAQ
BID
Simon Tatham -- PuTTYPuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
unknown
2007-03-07
1.3CVE-2006-7162
OTHER-REF
SECUNIA
Simple Invoices -- Simple Invoicesinclude/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.
unknown
2007-03-08
2.3CVE-2007-1341
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
SnapGear -- FirmwareSnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u5 firmware allow remote attackers to cause a denial of service (complete packet loss) via a packet flood, a different vulnerability than CVE-2006-4613.
unknown
2007-03-07
2.3CVE-2007-1324
OTHER-REF
BID
SECUNIA
SourceForge -- OpenBiblioUnspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.
unknown
2007-03-03
3.4CVE-2007-1261
OTHER-REF
FRSIRT
Sun -- SolarisThe libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
unknown
2007-03-07
3.7CVE-2006-7140
SUNALERT
FRSIRT
SECUNIA
Sun -- Sun FireUnspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.
unknown
2007-03-08
3.4CVE-2007-1346
SUNALERT
BID
Sylpheed -- SylpheedSylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
unknown
2007-03-06
2.3CVE-2007-1267
BUGTRAQ
OTHER-REF
BID
TaskFreak! -- TaskFreak!Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.
unknown
2007-03-02
2.3CVE-2007-1198
OTHER-REF
Tiny Portal -- Tiny PortalCross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.
unknown
2007-03-06
1.9CVE-2006-7137
BUGTRAQ
BUGTRAQ
BID
TKS Banking Solutions -- ePortfolioMultiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. NOTE: some of these details are obtained from third party information.
unknown
2007-03-07
1.9CVE-2007-1331
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Trend Micro -- ServerProtectThe web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.
unknown
2007-03-02
2.3CVE-2007-1169
OTHER-REF
Tyger -- Bug Tracking SystemMultiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.
unknown
2007-03-06
3.7CVE-2007-1291
BUGTRAQ
BID
SECUNIA
Utimaco Safeware -- SafeGuard EasyThe centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
unknown
2007-03-07
2.3CVE-2006-7142
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
vBulletin -- vBulletinCross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.
unknown
2007-03-08
1.9CVE-2007-1342
BUGTRAQ
BID
XF
Virtuemart -- VirtuemartCross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
unknown
2007-03-08
1.9CVE-2007-1361
OTHER-REF
FRSIRT
SECUNIA
WebAPP -- WebAPPMultiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information.
unknown
2007-03-02
1.9CVE-2007-1174
OTHER-REF
BID
FRSIRT
XF
WebAPP -- WebAPPCross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-03-02
1.9CVE-2007-1175
OTHER-REF
BID
FRSIRT
WebAPP -- WebAPPMultiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.
unknown
2007-03-02
1.9CVE-2007-1176
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
XF
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks.
unknown
2007-03-02
2.3CVE-2007-1179
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.
unknown
2007-03-02
1.9CVE-2007-1180
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors.
unknown
2007-03-02
2.3CVE-2007-1181
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPThe (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
unknown
2007-03-02
2.3CVE-2007-1185
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact.
unknown
2007-03-02
2.3CVE-2007-1186
OTHER-REF
BID
FRSIRT
SECUNIA
WebAPP -- WebAPPWebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches.
unknown
2007-03-02
2.8CVE-2007-1187
OTHER-REF
BID
FRSIRT
SECUNIA
Zend -- EngineThe Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
unknown
2007-03-06
2.3CVE-2007-1285
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top