U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-078)

Vulnerability Summary for the Week of March 12, 2007

Original release date: March 19, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
unknown
2007-03-13
8.0CVE-2007-0731
APPLE
Apple -- ImageIOUnspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
unknown
2007-03-13
8.0CVE-2007-0733
APPLE
betaparticle -- betaparticle blogSQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
unknown
2007-03-13
7.0CVE-2007-1445
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
Bitesser -- MySQL CommanderPHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
unknown
2007-03-13
8.0CVE-2007-1439
BUGTRAQ
MILW0RM
OTHER-REF
BID
CARE2X -- CARE2XMultiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.
unknown
2007-03-14
10.0CVE-2007-1458
OTHER-REF
BID
Christian Scheurer -- URARFileLib
Christian Scheurer -- unrarlib
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via unspecified vectors in applications linked with this library. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-14
10.0CVE-2007-1457
BID
Clip-Share -- ClipSharePHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.
unknown
2007-03-12
7.0CVE-2007-1430
BUGTRAQ
Coppermine -- Coppermine Photo GalleryMultiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
unknown
2007-03-12
10.0CVE-2007-1414
BUGTRAQ
BID
XF
D-Link -- TFTP ServerBuffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-13
10.0CVE-2007-1435
BID
SECUNIA
Duyuru Scripti -- Duyuru ScriptiSQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
unknown
2007-03-12
7.0CVE-2007-1422
BUGTRAQ
BID
Dynaliens -- Dynaliensdynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.
unknown
2007-03-10
7.0CVE-2007-1389
BUGTRAQ
OTHER-REF
BID
Edgewall Software -- TracTrac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
unknown
2007-03-10
7.0CVE-2007-1406
OTHER-REF
Fish -- FishMultiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
unknown
2007-03-10
10.0CVE-2007-1397
OTHER-REF
BID
Flat Chat -- Flat ChatDirect static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
unknown
2007-03-10
10.0CVE-2007-1394
MILW0RM
BID
FRSIRT
SECUNIA
GaziYapBoz -- Game PortalSQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
unknown
2007-03-10
7.0CVE-2007-1410
MILW0RM
BID
FRSIRT
Geo Soft -- Magic CMSPHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-03-10
10.0CVE-2007-1393
MILW0RM
BID
FRSIRT
GNOME -- EkigaFormat string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
unknown
2007-03-10
8.0CVE-2007-0999
MANDRIVA
UBUNTU
Grayscale -- Grayscale BlogGrayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
unknown
2007-03-13
7.0CVE-2007-1432
BUGTRAQ
BID
FRSIRT
Grayscale -- Grayscale BlogSQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
unknown
2007-03-13
7.0CVE-2007-1434
BUGTRAQ
BID
FRSIRT
HC Design -- NewsSystemSQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
unknown
2007-03-12
7.0CVE-2007-1417
BUGTRAQ
BID
JCcorp -- URLshrinkPHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
unknown
2007-03-12
10.0CVE-2007-1416
BUGTRAQ
BID
JGBBS -- JGBBSSQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
unknown
2007-03-13
7.0CVE-2007-1440
BUGTRAQ
MILW0RM
BID
Joris Guisson -- KTorrentchunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
unknown
2007-03-10
7.0CVE-2007-1385
MLIST
OTHER-REF
OTHER-REF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
unknown
2007-03-13
7.0CVE-2007-1436
BUGTRAQ
BID
SECUNIA
SECUNIA
Linux -- KernelThe ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
unknown
2007-03-12
7.0CVE-2007-1000
OTHER-REF
OTHER-REF
BID
Macromedia -- ShockwaveMultiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
unknown
2007-03-10
7.0CVE-2007-1403
MILW0RM
Mercury -- Mail Transport SystemStack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
unknown
2007-03-09
10.0CVE-2007-1373
FULLDISC
SECUNIA
XF
Moodle -- moodleMultiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
unknown
2007-03-12
7.0CVE-2007-1429
BUGTRAQ
Open Education System -- Open Education SystemMultiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/.
unknown
2007-03-13
10.0CVE-2007-1446
BUGTRAQ
OTHER-REF
BID
FRSIRT
Open Solution -- Quick.CartUnspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
unknown
2007-03-10
7.0CVE-2007-1407
OTHER-REF
OTHER-REF
OpenBSD -- OpenBSDUnspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 has unspecified impact and remote attack vectors related to "Incorrect mbuf handling for ICMP6 packets."
unknown
2007-03-10
7.0CVE-2007-1365
MLIST
OPENBSD
OPENBSD
SECTRACK
Oracle -- Oracle10g Database ServerOracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
unknown
2007-03-13
7.0CVE-2007-1442
OTHER-REF
BID
SECUNIA
PECL Zip -- 1.8.3
PHP -- PHP
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
unknown
2007-03-10
10.0CVE-2007-1399
OTHER-REF
BID
PHP -- PHPThe shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
unknown
2007-03-09
7.0CVE-2007-1376
MILW0RM
MILW0RM
OTHER-REF
BID
PHP -- PHPThe ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.
unknown
2007-03-09
10.0CVE-2007-1378
OTHER-REF
BID
PHP -- PHPThe ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
unknown
2007-03-09
10.0CVE-2007-1379
OTHER-REF
BID
PHP -- CVSThe wddx_deserialize function in wddx.c in PHP CVS as of 20070304 calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
unknown
2007-03-09
8.0CVE-2007-1381
OTHER-REF
PHP -- PHPInteger overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
unknown
2007-03-09
8.0CVE-2007-1383
OTHER-REF
PHP -- PHPThe import_request_variables function in PHP 4.0.7 through 5.2.1, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE.
unknown
2007-03-10
10.0CVE-2007-1396
BUGTRAQ
PHP -- PHPBuffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
unknown
2007-03-10
10.0CVE-2007-1411
BUGTRAQ
OTHER-REF
BID
PHP -- PHPBuffer overflow in the snmpget function in the snmp extension in PHP 4.4.6 allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
unknown
2007-03-12
10.0CVE-2007-1413
MILW0RM
BID
PHP -- PHPBuffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
unknown
2007-03-14
7.0CVE-2007-1453
OTHER-REF
OTHER-REF
BID
PHP Labs -- JobSiteProSQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
unknown
2007-03-12
7.0CVE-2007-1428
MILW0RM
BID
SECUNIA
PHP-Nuke -- PHP-NukeSQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
unknown
2007-03-14
7.0CVE-2007-1450
BUGTRAQ
BID
phpAlbum.net -- phpalbum** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file.
unknown
2007-03-14
10.0CVE-2007-1456
BUGTRAQ
VIM
PMB Services -- PMB ServicesMultiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php! , or (z) edit.php.
unknown
2007-03-12
10.0CVE-2007-1415
MILW0RM
OTHER-REF
BID
XF
PostGuestbook -- PostGuestbookPHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.
unknown
2007-03-09
10.0CVE-2007-1372
MILW0RM
BID
XF
Premod SubDog -- Premod SubDogMultiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.
unknown
2007-03-12
10.0CVE-2007-1421
BUGTRAQ
BID
Rediff -- ToolbarThe Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
unknown
2007-03-10
7.0CVE-2007-1402
OTHER-REF
BID
Softnews Media Group -- DataLife EngineMultiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.
unknown
2007-03-12
7.0CVE-2007-1424
BUGTRAQ
BID
Triexa -- SonicMailer ProSQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
unknown
2007-03-12
7.0CVE-2007-1425
MILW0RM
BID
SECUNIA
Vallheru -- VallheruMultiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.
unknown
2007-03-10
7.0CVE-2007-1408
OTHER-REF
OTHER-REF
OTHER-REF
WebCreator -- WebCreatorMultiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
unknown
2007-03-14
10.0CVE-2007-1459
OTHER-REF
BID
Webo -- WeboPHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
unknown
2007-03-10
10.0CVE-2007-1391
MILW0RM
OTHER-REF
BID
FRSIRT
XF
WORK system e-commerce -- WORK system e-commerceMultiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
unknown
2007-03-12
8.0CVE-2007-1423
MILW0RM
BID
SECUNIA
X-Ice -- X-Ice News SystemSQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-03-13
7.0CVE-2007-1438
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
unknown
2007-03-13
5.6CVE-2007-0719
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
unknown
2007-03-13
5.6CVE-2007-0721
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
unknown
2007-03-13
5.6CVE-2007-0722
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.
unknown
2007-03-13
4.8CVE-2007-0723
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
unknown
2007-03-13
5.6CVE-2007-0724
APPLE
Apple -- Server ManagerServer Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.
unknown
2007-03-13
5.6CVE-2007-0730
APPLE
cPanel-Host -- Fantastico De LuxeMultiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
unknown
2007-03-14
6.0CVE-2007-1455
BUGTRAQ
dreameesoft -- Password MasterDreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-09
5.6CVE-2006-7163
BID
GuppY -- GuppYGuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).
unknown
2007-03-14
4.7CVE-2007-1451
BUGTRAQ
OTHER-REF
Joris Guisson -- KTorrentDirectory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
unknown
2007-03-10
4.7CVE-2007-1384
MLIST
OTHER-REF
OTHER-REF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
unknown
2007-03-13
6.0CVE-2007-1437
BUGTRAQ
SECUNIA
SECUNIA
Linux -- Omnikey CardmanMultiple buffer overflows in the (1) read and (2) write functions in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
unknown
2007-03-09
5.6CVE-2007-0005
OTHER-REF
Mplayer -- MplayerThe DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.
unknown
2007-03-13
4.8CVE-2007-1387
OTHER-REF
OTHER-REF
UBUNTU
SECUNIA
Navision -- Financials ServerInteger overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 aand 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.
unknown
2007-03-10
5.6CVE-2007-1273
NETBSD
BID
PHP -- COM extensionsThe PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
unknown
2007-03-09
4.2CVE-2007-1382
MILW0RM
PHP -- PHPBuffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
unknown
2007-03-10
5.6CVE-2007-1401
BUGTRAQ
MILW0RM
OTHER-REF
Plesh -- PleshPlash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.
unknown
2007-03-10
5.6CVE-2007-1400
MLIST
OTHER-REF
OSVDB
ProSysInfo -- TFTP Server TFTPDWINtftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
unknown
2007-03-10
5.3CVE-2007-1404
MILW0RM
SECUNIA
Radscan -- ConquestMultiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.
unknown
2007-03-09
5.6CVE-2007-1371
BUGTRAQ
MLIST
BID
FRSIRT
SECUNIA
XF
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader
Mozilla -- Firefox
Netscape -- Netscape
Opera Software -- Opera
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
unknown
2007-03-09
2.3CVE-2007-1377
OTHER-REF
BID
Apple -- Mac OS X Server
Apple -- Mac OS X
The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
unknown
2007-03-13
2.3CVE-2007-0720
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
unknown
2007-03-13
2.3CVE-2007-0726
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.
unknown
2007-03-13
3.9CVE-2007-0728
APPLE
AssetMan -- AssetManDirectory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
unknown
2007-03-12
2.3CVE-2007-1427
BUGTRAQ
MILW0RM
BID
AstroCam -- AstroCamAstroCam before 2.6.6 allows remote attackers to cause a denial of service (daemon shutdown) via certain requests to the web interface.
unknown
2007-03-12
3.3CVE-2007-1426
OTHER-REF
FRSIRT
SECUNIA
Avaya -- S8700
Avaya -- S8300
Avaya -- S8710
Avaya -- S8500
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
unknown
2007-03-09
1.9CVE-2007-1367
OTHER-REF
BID
SECUNIA
Computer Associates -- eTrust AdminUnspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.
unknown
2007-03-10
2.3CVE-2007-1345
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Drupal -- Drupal Project Issue TrackingThe Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.
unknown
2007-03-09
1.1CVE-2007-1368
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Dynaliens -- DynaliensMultiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.
unknown
2007-03-10
1.9CVE-2007-1390
BUGTRAQ
OTHER-REF
BID
Edgewall Software -- TracCross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
unknown
2007-03-10
1.9CVE-2007-1405
OTHER-REF
SECUNIA
Grayscale -- Grayscale BlogCross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
unknown
2007-03-13
1.9CVE-2007-1433
BUGTRAQ
BID
FRSIRT
Linux -- KernelThe do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel 2.6.17, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.
unknown
2007-03-10
1.1CVE-2007-1388
OTHER-REF
Linux -- CongaThe luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
unknown
2007-03-15
1.9CVE-2007-1462
OTHER-REF
Mindtouch -- DekiWikiCross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
unknown
2007-03-12
1.9CVE-2007-1418
OTHER-REF
BID
SECUNIA
XF
MySQL -- MySQLMySQL 5.x before 5.0.37 allows local users to cause a denial of service (database crash) by using a combination of certain string functions, information_schema table subselects, and ORDER BY result sorting, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
unknown
2007-03-12
2.3CVE-2007-1420
BUGTRAQ
OTHER-REF
BID
netForo! -- netForo!Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter.
unknown
2007-03-10
2.3CVE-2007-1392
MILW0RM
BID
FRSIRT
XF
Netperf -- Netperfnetserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.
unknown
2007-03-13
3.9CVE-2007-1444
OTHER-REF
BID
FRSIRT
SECUNIA
PennMUSH -- PennMUSHMultiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.
unknown
2007-03-13
3.3CVE-2007-1431
MLIST
BID
FRSIRT
SECUNIA
PHP -- PHPInteger overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
unknown
2007-03-09
2.3CVE-2007-1375
MILW0RM
OTHER-REF
BID
PHP -- PHPThe php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
unknown
2007-03-09
3.3CVE-2007-1380
MILW0RM
OTHER-REF
PHP -- PHPThe cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
unknown
2007-03-12
3.3CVE-2007-1412
MILW0RM
BID
PHP -- PHPThe FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
unknown
2007-03-14
2.3CVE-2007-1452
OTHER-REF
BID
PHP -- PHPext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
unknown
2007-03-14
1.9CVE-2007-1454
OTHER-REF
PHP -- PHPThe zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 and 5.2.1 does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
unknown
2007-03-14
2.3CVE-2007-1460
OTHER-REF
PHP -- PHPThe compress.bzip2:// URL wrapper provided by the bz2 extension in PHP 5.2.1 and earlier does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
unknown
2007-03-14
3.3CVE-2007-1461
OTHER-REF
PHP-Nuke -- PHP-NukeDirectory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
unknown
2007-03-14
1.9CVE-2007-1449
BUGTRAQ
BUGTRAQ
BID
SECUNIA
phpMyAdmin -- phpMyAdminIncomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase .
unknown
2007-03-10
1.9CVE-2007-1395
BUGTRAQ
OTHER-REF
XF
RIM -- BlackberryThe 4thPass browser on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.
unknown
2007-03-13
2.3CVE-2007-1441
BUGTRAQ
Snitz Communications -- Snitz Forums 2000Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-09
1.9CVE-2007-1374
BID
SECUNIA
XF
Snort -- SnortThe frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.
unknown
2007-03-10
2.7CVE-2007-1398
MILW0RM
BID
Sun -- Java Dynamic Management KitThe Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.
unknown
2007-03-12
2.9CVE-2007-1419
SUNALERT
Woltlab -- Burning Board
Woltlab -- Burning Board Lite
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-part! y researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected.
unknown
2007-03-13
1.9CVE-2007-1443
BUGTRAQ
BUGTRAQ
FRSIRT
SECUNIA
SECUNIA
WordPress -- WordPressWordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
unknown
2007-03-10
2.3CVE-2007-1409
BUGTRAQ
BUGTRAQ
Zend -- Zend Platformini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
unknown
2007-03-09
3.9CVE-2007-1369
OTHER-REF
OTHER-REF
BID
FRSIRT
XF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
unknown
2007-03-13
8.0CVE-2007-0731
APPLE
Apple -- ImageIOUnspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
unknown
2007-03-13
8.0CVE-2007-0733
APPLE
betaparticle -- betaparticle blogSQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
unknown
2007-03-13
7.0CVE-2007-1445
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
Bitesser -- MySQL CommanderPHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.
unknown
2007-03-13
8.0CVE-2007-1439
BUGTRAQ
MILW0RM
OTHER-REF
BID
CARE2X -- CARE2XMultiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.
unknown
2007-03-14
10.0CVE-2007-1458
OTHER-REF
BID
Christian Scheurer -- URARFileLib
Christian Scheurer -- unrarlib
Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via unspecified vectors in applications linked with this library. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-14
10.0CVE-2007-1457
BID
Clip-Share -- ClipSharePHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.
unknown
2007-03-12
7.0CVE-2007-1430
BUGTRAQ
Coppermine -- Coppermine Photo GalleryMultiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.
unknown
2007-03-12
10.0CVE-2007-1414
BUGTRAQ
BID
XF
D-Link -- TFTP ServerBuffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-13
10.0CVE-2007-1435
BID
SECUNIA
Duyuru Scripti -- Duyuru ScriptiSQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
unknown
2007-03-12
7.0CVE-2007-1422
BUGTRAQ
BID
Dynaliens -- Dynaliensdynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.
unknown
2007-03-10
7.0CVE-2007-1389
BUGTRAQ
OTHER-REF
BID
Edgewall Software -- TracTrac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
unknown
2007-03-10
7.0CVE-2007-1406
OTHER-REF
Fish -- FishMultiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.
unknown
2007-03-10
10.0CVE-2007-1397
OTHER-REF
BID
Flat Chat -- Flat ChatDirect static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
unknown
2007-03-10
10.0CVE-2007-1394
MILW0RM
BID
FRSIRT
SECUNIA
GaziYapBoz -- Game PortalSQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
unknown
2007-03-10
7.0CVE-2007-1410
MILW0RM
BID
FRSIRT
Geo Soft -- Magic CMSPHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-03-10
10.0CVE-2007-1393
MILW0RM
BID
FRSIRT
GNOME -- EkigaFormat string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
unknown
2007-03-10
8.0CVE-2007-0999
MANDRIVA
UBUNTU
Grayscale -- Grayscale BlogGrayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.
unknown
2007-03-13
7.0CVE-2007-1432
BUGTRAQ
BID
FRSIRT
Grayscale -- Grayscale BlogSQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.
unknown
2007-03-13
7.0CVE-2007-1434
BUGTRAQ
BID
FRSIRT
HC Design -- NewsSystemSQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
unknown
2007-03-12
7.0CVE-2007-1417
BUGTRAQ
BID
JCcorp -- URLshrinkPHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.
unknown
2007-03-12
10.0CVE-2007-1416
BUGTRAQ
BID
JGBBS -- JGBBSSQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
unknown
2007-03-13
7.0CVE-2007-1440
BUGTRAQ
MILW0RM
BID
Joris Guisson -- KTorrentchunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
unknown
2007-03-10
7.0CVE-2007-1385
MLIST
OTHER-REF
OTHER-REF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
unknown
2007-03-13
7.0CVE-2007-1436
BUGTRAQ
BID
SECUNIA
SECUNIA
Linux -- KernelThe ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
unknown
2007-03-12
7.0CVE-2007-1000
OTHER-REF
OTHER-REF
BID
Macromedia -- ShockwaveMultiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.
unknown
2007-03-10
7.0CVE-2007-1403
MILW0RM
Mercury -- Mail Transport SystemStack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
unknown
2007-03-09
10.0CVE-2007-1373
FULLDISC
SECUNIA
XF
Moodle -- moodleMultiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
unknown
2007-03-12
7.0CVE-2007-1429
BUGTRAQ
Open Education System -- Open Education SystemMultiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/.
unknown
2007-03-13
10.0CVE-2007-1446
BUGTRAQ
OTHER-REF
BID
FRSIRT
Open Solution -- Quick.CartUnspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."
unknown
2007-03-10
7.0CVE-2007-1407
OTHER-REF
OTHER-REF
OpenBSD -- OpenBSDUnspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 has unspecified impact and remote attack vectors related to "Incorrect mbuf handling for ICMP6 packets."
unknown
2007-03-10
7.0CVE-2007-1365
MLIST
OPENBSD
OPENBSD
SECTRACK
Oracle -- Oracle10g Database ServerOracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
unknown
2007-03-13
7.0CVE-2007-1442
OTHER-REF
BID
SECUNIA
PECL Zip -- 1.8.3
PHP -- PHP
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
unknown
2007-03-10
10.0CVE-2007-1399
OTHER-REF
BID
PHP -- PHPThe shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.
unknown
2007-03-09
7.0CVE-2007-1376
MILW0RM
MILW0RM
OTHER-REF
BID
PHP -- PHPThe ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.
unknown
2007-03-09
10.0CVE-2007-1378
OTHER-REF
BID
PHP -- PHPThe ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
unknown
2007-03-09
10.0CVE-2007-1379
OTHER-REF
BID
PHP -- CVSThe wddx_deserialize function in wddx.c in PHP CVS as of 20070304 calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.
unknown
2007-03-09
8.0CVE-2007-1381
OTHER-REF
PHP -- PHPInteger overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
unknown
2007-03-09
8.0CVE-2007-1383
OTHER-REF
PHP -- PHPThe import_request_variables function in PHP 4.0.7 through 5.2.1, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE.
unknown
2007-03-10
10.0CVE-2007-1396
BUGTRAQ
PHP -- PHPBuffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
unknown
2007-03-10
10.0CVE-2007-1411
BUGTRAQ
OTHER-REF
BID
PHP -- PHPBuffer overflow in the snmpget function in the snmp extension in PHP 4.4.6 allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
unknown
2007-03-12
10.0CVE-2007-1413
MILW0RM
BID
PHP -- PHPBuffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.
unknown
2007-03-14
7.0CVE-2007-1453
OTHER-REF
OTHER-REF
BID
PHP Labs -- JobSiteProSQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
unknown
2007-03-12
7.0CVE-2007-1428
MILW0RM
BID
SECUNIA
PHP-Nuke -- PHP-NukeSQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
unknown
2007-03-14
7.0CVE-2007-1450
BUGTRAQ
BID
phpAlbum.net -- phpalbum** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file.
unknown
2007-03-14
10.0CVE-2007-1456
BUGTRAQ
VIM
PMB Services -- PMB ServicesMultiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php! , or (z) edit.php.
unknown
2007-03-12
10.0CVE-2007-1415
MILW0RM
OTHER-REF
BID
XF
PostGuestbook -- PostGuestbookPHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.
unknown
2007-03-09
10.0CVE-2007-1372
MILW0RM
BID
XF
Premod SubDog -- Premod SubDogMultiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.
unknown
2007-03-12
10.0CVE-2007-1421
BUGTRAQ
BID
Rediff -- ToolbarThe Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.
unknown
2007-03-10
7.0CVE-2007-1402
OTHER-REF
BID
Softnews Media Group -- DataLife EngineMultiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.
unknown
2007-03-12
7.0CVE-2007-1424
BUGTRAQ
BID
Triexa -- SonicMailer ProSQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
unknown
2007-03-12
7.0CVE-2007-1425
MILW0RM
BID
SECUNIA
Vallheru -- VallheruMultiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. NOTE: the original vendor report is for integer overflows, but this is probably an incorrect usage of the term.
unknown
2007-03-10
7.0CVE-2007-1408
OTHER-REF
OTHER-REF
OTHER-REF
WebCreator -- WebCreatorMultiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.
unknown
2007-03-14
10.0CVE-2007-1459
OTHER-REF
BID
Webo -- WeboPHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
unknown
2007-03-10
10.0CVE-2007-1391
MILW0RM
OTHER-REF
BID
FRSIRT
XF
WORK system e-commerce -- WORK system e-commerceMultiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.
unknown
2007-03-12
8.0CVE-2007-1423
MILW0RM
BID
SECUNIA
X-Ice -- X-Ice News SystemSQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-03-13
7.0CVE-2007-1438
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
unknown
2007-03-13
5.6CVE-2007-0719
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
unknown
2007-03-13
5.6CVE-2007-0721
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
unknown
2007-03-13
5.6CVE-2007-0722
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.
unknown
2007-03-13
4.8CVE-2007-0723
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
unknown
2007-03-13
5.6CVE-2007-0724
APPLE
Apple -- Server ManagerServer Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.
unknown
2007-03-13
5.6CVE-2007-0730
APPLE
cPanel-Host -- Fantastico De LuxeMultiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
unknown
2007-03-14
6.0CVE-2007-1455
BUGTRAQ
dreameesoft -- Password MasterDreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-09
5.6CVE-2006-7163
BID
GuppY -- GuppYGuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).
unknown
2007-03-14
4.7CVE-2007-1451
BUGTRAQ
OTHER-REF
Joris Guisson -- KTorrentDirectory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
unknown
2007-03-10
4.7CVE-2007-1384
MLIST
OTHER-REF
OTHER-REF
LedgerSMB -- LedgerSMB
SQL-Ledger -- SQL-Ledger
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
unknown
2007-03-13
6.0CVE-2007-1437
BUGTRAQ
SECUNIA
SECUNIA
Linux -- Omnikey CardmanMultiple buffer overflows in the (1) read and (2) write functions in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
unknown
2007-03-09
5.6CVE-2007-0005
OTHER-REF
Mplayer -- MplayerThe DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.
unknown
2007-03-13
4.8CVE-2007-1387
OTHER-REF
OTHER-REF
UBUNTU
SECUNIA
Navision -- Financials ServerInteger overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 aand 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.
unknown
2007-03-10
5.6CVE-2007-1273
NETBSD
BID
PHP -- COM extensionsThe PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
unknown
2007-03-09
4.2CVE-2007-1382
MILW0RM
PHP -- PHPBuffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
unknown
2007-03-10
5.6CVE-2007-1401
BUGTRAQ
MILW0RM
OTHER-REF
Plesh -- PleshPlash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.
unknown
2007-03-10
5.6CVE-2007-1400
MLIST
OTHER-REF
OSVDB
ProSysInfo -- TFTP Server TFTPDWINtftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.
unknown
2007-03-10
5.3CVE-2007-1404
MILW0RM
SECUNIA
Radscan -- ConquestMultiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.
unknown
2007-03-09
5.6CVE-2007-1371
BUGTRAQ
MLIST
BID
FRSIRT
SECUNIA
XF
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader
Mozilla -- Firefox
Netscape -- Netscape
Opera Software -- Opera
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.
unknown
2007-03-09
2.3CVE-2007-1377
OTHER-REF
BID
Apple -- Mac OS X Server
Apple -- Mac OS X
The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
unknown
2007-03-13
2.3CVE-2007-0720
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.
unknown
2007-03-13
2.3CVE-2007-0726
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.
unknown
2007-03-13
3.9CVE-2007-0728
APPLE
AssetMan -- AssetManDirectory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.
unknown
2007-03-12
2.3CVE-2007-1427
BUGTRAQ
MILW0RM
BID
AstroCam -- AstroCamAstroCam before 2.6.6 allows remote attackers to cause a denial of service (daemon shutdown) via certain requests to the web interface.
unknown
2007-03-12
3.3CVE-2007-1426
OTHER-REF
FRSIRT
SECUNIA
Avaya -- S8700
Avaya -- S8300
Avaya -- S8710
Avaya -- S8500
Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.
unknown
2007-03-09
1.9CVE-2007-1367
OTHER-REF
BID
SECUNIA
Computer Associates -- eTrust AdminUnspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.
unknown
2007-03-10
2.3CVE-2007-1345
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Drupal -- Drupal Project Issue TrackingThe Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.
unknown
2007-03-09
1.1CVE-2007-1368
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Dynaliens -- DynaliensMultiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.
unknown
2007-03-10
1.9CVE-2007-1390
BUGTRAQ
OTHER-REF
BID
Edgewall Software -- TracCross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
unknown
2007-03-10
1.9CVE-2007-1405
OTHER-REF
SECUNIA
Grayscale -- Grayscale BlogCross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.
unknown
2007-03-13
1.9CVE-2007-1433
BUGTRAQ
BID
FRSIRT
Linux -- KernelThe do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel 2.6.17, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.
unknown
2007-03-10
1.1CVE-2007-1388
OTHER-REF
Linux -- CongaThe luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page. NOTE: there are limited circumstances under which such an attack is feasible.
unknown
2007-03-15
1.9CVE-2007-1462
OTHER-REF
Mindtouch -- DekiWikiCross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
unknown
2007-03-12
1.9CVE-2007-1418
OTHER-REF
BID
SECUNIA
XF
MySQL -- MySQLMySQL 5.x before 5.0.37 allows local users to cause a denial of service (database crash) by using a combination of certain string functions, information_schema table subselects, and ORDER BY result sorting, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
unknown
2007-03-12
2.3CVE-2007-1420
BUGTRAQ
OTHER-REF
BID
netForo! -- netForo!Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. (dot dot) in the file_to_download parameter.
unknown
2007-03-10
2.3CVE-2007-1392
MILW0RM
BID
FRSIRT
XF
Netperf -- Netperfnetserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.
unknown
2007-03-13
3.9CVE-2007-1444
OTHER-REF
BID
FRSIRT
SECUNIA
PennMUSH -- PennMUSHMultiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.
unknown
2007-03-13
3.3CVE-2007-1431
MLIST
BID
FRSIRT
SECUNIA
PHP -- PHPInteger overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
unknown
2007-03-09
2.3CVE-2007-1375
MILW0RM
OTHER-REF
BID
PHP -- PHPThe php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.
unknown
2007-03-09
3.3CVE-2007-1380
MILW0RM
OTHER-REF
PHP -- PHPThe cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
unknown
2007-03-12
3.3CVE-2007-1412
MILW0RM
BID
PHP -- PHPThe FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
unknown
2007-03-14
2.3CVE-2007-1452
OTHER-REF
BID
PHP -- PHPext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.
unknown
2007-03-14
1.9CVE-2007-1454
OTHER-REF
PHP -- PHPThe zip:// URL wrapper provided by the PECL zip extension in PHP 5.2.0 and 5.2.1 does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
unknown
2007-03-14
2.3CVE-2007-1460
OTHER-REF
PHP -- PHPThe compress.bzip2:// URL wrapper provided by the bz2 extension in PHP 5.2.1 and earlier does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.
unknown
2007-03-14
3.3CVE-2007-1461
OTHER-REF
PHP-Nuke -- PHP-NukeDirectory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
unknown
2007-03-14
1.9CVE-2007-1449
BUGTRAQ
BUGTRAQ
BID
SECUNIA
phpMyAdmin -- phpMyAdminIncomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase .
unknown
2007-03-10
1.9CVE-2007-1395
BUGTRAQ
OTHER-REF
XF
RIM -- BlackberryThe 4thPass browser on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.
unknown
2007-03-13
2.3CVE-2007-1441
BUGTRAQ
Snitz Communications -- Snitz Forums 2000Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-03-09
1.9CVE-2007-1374
BID
SECUNIA
XF
Snort -- SnortThe frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.
unknown
2007-03-10
2.7CVE-2007-1398
MILW0RM
BID
Sun -- Java Dynamic Management KitThe Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.
unknown
2007-03-12
2.9CVE-2007-1419
SUNALERT
Woltlab -- Burning Board
Woltlab -- Burning Board Lite
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. NOTE: a third-part! y researcher has disputed some of these vectors, stating that only the r_dateformat and r_timeformat parameters in Burning Board 2.3.6 are affected.
unknown
2007-03-13
1.9CVE-2007-1443
BUGTRAQ
BUGTRAQ
FRSIRT
SECUNIA
SECUNIA
WordPress -- WordPressWordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.
unknown
2007-03-10
2.3CVE-2007-1409
BUGTRAQ
BUGTRAQ
Zend -- Zend Platformini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
unknown
2007-03-09
3.9CVE-2007-1369
OTHER-REF
OTHER-REF
BID
FRSIRT
XF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top