Vulnerability Summary for the Week of March 19, 2007
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
">
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Asterisk -- Asterisk | The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. |
| 7.0 | CVE-2007-1595 OTHER-REF OTHER-REF | ||
Atrium Software -- MERCUR Messaging 2005 Atrium Software -- Mercur IMAPD | Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. NOTE: As of 20070321, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. |
| 7.0 | CVE-2007-1579 OTHER-REF OTHER-REF BID | ||
Avant Force -- Avant Browser | Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header. |
| 8.0 | CVE-2007-1501 MILW0RM BID | ||
Carbonize -- Lazarus Guestbook | PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. |
| 10.0 | CVE-2007-1486 BUGTRAQ BUGTRAQ OTHER-REF VIM FRSIRT | ||
Computer Associates -- BrightStor ARCServe Backup | The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076. |
| 10.0 | CVE-2007-1447 OTHER-REF OTHER-REF OSVDB | ||
DaanSystems -- NewsReactor | Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. |
| 10.0 | CVE-2007-1568 MILW0RM MILW0RM FRSIRT SECUNIA | ||
F-Secure -- F-Secure Anti-Virus Client Security | Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. |
| 7.0 | CVE-2007-1557 BUGTRAQ OTHER-REF BID | ||
file -- file | Integer underflow in the file_printf function in file before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. |
| 8.0 | CVE-2007-1536 MLIST OTHER-REF SECUNIA | ||
IBM -- WebSphere Application Server | CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. |
| 7.0 | CVE-2007-1608 AIXAPAR BID SECUNIA | ||
inkscape -- inkscape | Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. |
| 8.0 | CVE-2007-1463 BID OTHER-REF UBUNTU | ||
InterVations -- FileCOPA | Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third party information. NOTE: As of 20070322, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. |
| 8.0 | CVE-2007-1598 OTHER-REF OTHER-REF BID | ||
Katalog Plyt Audio -- Katalog Plyt Audio | SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. |
| 7.0 | CVE-2007-1612 MILW0RM SECUNIA | ||
Koan Software -- Mega Mall | Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. |
| 7.0 | CVE-2006-7170 BUGTRAQ BID XF | ||
Lasse Laaksonen -- MPM Chat | Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the logi parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2007-1613 BID | ||
lbstone -- Active PHP Bookmark Notes | PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be related to CVE-2003-1254. |
| 10.0 | CVE-2007-1621 MILW0RM BID FRSIRT | ||
Linux -- Kernel | nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. |
| 7.0 | CVE-2007-1497 OTHER-REF SECUNIA | ||
McAfee -- ePolicy Orchestrator McAfee -- ProtectionPilot | Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. |
| 10.0 | CVE-2007-1498 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
McAfee -- VirusScan Enterprise | ** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. NOTE: this issue has been disputed by third-party researchers, stating that the default permissions for HKEY_LOCAL_MACHINE\SOFTWARE does not allow for write access and the product does not modify the inherited permissions. There might be an interaction error with another product. |
| 7.0 | CVE-2007-1538 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF SECTRACK | ||
MetaForum -- MetaForum | Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php. |
| 7.0 | CVE-2007-1552 BUGTRAQ OTHER-REF BID | ||
Microsoft -- Visual Studio .NET | Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. |
| 10.0 | CVE-2007-1512 BUGTRAQ | ||
Microsoft -- Windows Vista | DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port. |
| 7.0 | CVE-2007-1534 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. |
| 7.0 | CVE-2007-1535 BUGTRAQ OTHER-REF | ||
Minerva -- Minerva | SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. |
| 7.0 | CVE-2007-1555 MILW0RM BID | ||
myServer -- myServer | server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges. |
| 7.0 | CVE-2007-1588 MLIST OTHER-REF | ||
NetBSD -- NetBSD | Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. NOTE: this information is based upon a vague pre-advisory with no actionable information. Details will be updated after 20070329. |
| 7.0 | CVE-2007-1523 OTHER-REF OTHER-REF BID | ||
NetVIOS -- NetVIOS | SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954. |
| 7.0 | CVE-2007-1566 MILW0RM BID XF | ||
NETxAutomation -- NETxEIB | NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors that allow access of arbitrary memory. NOTE: the vectors might be limited to attackers with physical access. |
| 8.0 | CVE-2007-1313 OTHER-REF CERT-VN BID FRSIRT SECUNIA | ||
NewsBin Pro -- NewsBin Pro | Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information. |
| 10.0 | CVE-2007-1569 MILW0RM BID FRSIRT SECUNIA | ||
NukeScripts -- NukeSentinel | nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172. |
| 7.0 | CVE-2007-1493 BUGTRAQ VIM | ||
NukeScripts -- NukeSentinel | Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". |
| 7.0 | CVE-2007-1494 OTHER-REF | ||
OpenAFS -- OpenAFS | The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges. |
| 7.0 | CVE-2007-1507 MLIST MLIST | ||
OpenOffice -- OpenOffice | Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. |
| 8.0 | CVE-2007-0238 DEBIAN FRSIRT SECTRACK | ||
OpenOffice -- OpenOffice | OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. |
| 8.0 | CVE-2007-0239 DEBIAN FRSIRT SECTRACK | ||
Particle Blogger -- Particle Blogger | SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. |
| 7.0 | CVE-2007-1510 BUGTRAQ BID | ||
Paul Knierim -- WSN Guest | SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-1517 BUGTRAQ BID | ||
PHP DB Designer -- PHP DB Designer | Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. |
| 10.0 | CVE-2007-1620 MILW0RM FRSIRT XF | ||
PHP-Stats -- PHP-Stats | Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. |
| 7.0 | CVE-2006-7172 MILW0RM MILW0RM FRSIRT SECUNIA XF | ||
PHP-Stats -- PHP-Stats | Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. |
| 10.0 | CVE-2006-7173 MILW0RM FRSIRT SECUNIA | ||
phpBB -- Dimension | PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235. |
| 10.0 | CVE-2006-7174 BUGTRAQ BUGTRAQ | ||
PHProjekt -- PHProjekt | Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out. |
| 7.0 | CVE-2007-1575 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
PHPX -- PHPX | Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php. |
| 7.0 | CVE-2007-1550 BUGTRAQ BID | ||
ProRat -- Server | Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 7.0 | CVE-2006-7167 BID | ||
Radscan -- Network Audio System | Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. |
| 10.0 | CVE-2007-1543 OTHER-REF BID FRSIRT SECUNIA XF | ||
Rhapsody IRC -- Rhapsody IRC | Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands. |
| 7.0 | CVE-2007-1503 BUGTRAQ BID | ||
Roxio -- CinePlayer InterActual Technologies -- InterActual Player | Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in InterActual Player 2.60.12.0717 and Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long ApplicationType property. |
| 8.0 | CVE-2007-0348 OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA | ||
ScriptMagix -- Scriptmagix Jokes | SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-1615 MILW0RM SECUNIA | ||
ScriptMagix -- ScriptMagix Lyrics | SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter. |
| 7.0 | CVE-2007-1616 MILW0RM SECUNIA | ||
ScriptMagix -- ScriptMagix Recipes | SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-1617 MILW0RM FRSIRT SECUNIA | ||
ScriptMagix -- ScriptMagix FAQ Builder | SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2007-1618 MILW0RM FRSIRT | ||
ScriptMagix -- ScriptMagix Photo Rating | SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. |
| 7.0 | CVE-2007-1619 MILW0RM FRSIRT | ||
SQL-Ledger -- SQL-Ledger | Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter. |
| 7.0 | CVE-2007-1541 BUGTRAQ OTHER-REF BID SECUNIA | ||
Sun -- Java System Web Server | Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving direct requests for certain URLs. |
| 7.0 | CVE-2007-1488 SUNALERT BID FRSIRT SECUNIA | ||
Takebishi Corporation -- DeviceXPlorer OPC Server | Unspecified vulnerability in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. |
| 7.0 | CVE-2007-1319 OTHER-REF CERT-VN | ||
thecreativeheads.de -- Creative Files | SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. |
| 7.0 | CVE-2007-1556 MILW0RM BID XF | ||
Tim Soderstrom -- StatsDawg | templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter. |
| 10.0 | CVE-2007-1587 OTHER-REF | ||
War FTP Daemon -- War FTP Daemon | Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. NOTE: this might be the same issue as CVE-1999-0256, CVE-2000-0131, or CVE-2006-2171, but due to Immunity's lack of details, this cannot be certain. |
| 10.0 | CVE-2007-1567 OTHER-REF BID FRSIRT SECUNIA | ||
Web Wiz Forums -- Web Wiz Forums | SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters being used in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (slash double-quote quote) sequences, which are collapsed into \', as demonstrated via the name parameter to forum/pop_up_member_search.asp. |
| 7.0 | CVE-2007-1548 BUGTRAQ OTHER-REF OTHER-REF BID | ||
Weekly Drawing Contest -- Weekly Drawing Contest | SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| 7.0 | CVE-2007-1602 BUGTRAQ | ||
Weekly Drawing Contest -- Weekly Drawing Contest | admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. |
| 7.0 | CVE-2007-1603 BUGTRAQ | ||
Woltlab -- Burning Board | SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array. |
| 7.0 | CVE-2007-1518 BUGTRAQ BID | ||
X MultiMedia System -- X MultiMedia System | Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. |
| 8.0 | CVE-2007-0653 OTHER-REF BID FRSIRT SECUNIA | ||
X MultiMedia System -- X MultiMedia System | Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. |
| 8.0 | CVE-2007-0654 OTHER-REF BID FRSIRT SECUNIA | ||
X-Ice -- Haber Sistemi X-Ice -- News System | SQL injection vulnerability in devami.asp in X-ice Haber Sistemi (aka News System) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2007-1570 MILW0RM FRSIRT SECUNIA | ||
ZZipLib -- ZZipLib | Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. |
| 8.0 | CVE-2007-1614 OTHER-REF OTHER-REF FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Atrium Software -- Mercur IMAPD | Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. |
| 5.6 | CVE-2007-1578 FULLDISC MILW0RM OTHER-REF BID SECTRACK | ||
Avaya -- S8700 Series Avaya -- SIP Enablement Services Avaya -- S8300 Avaya -- S8500 | Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. |
| 4.2 | CVE-2007-1491 OTHER-REF SECUNIA | ||
Cicoandcico -- CcMail | PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. |
| 5.6 | CVE-2007-1516 MILW0RM BID | ||
Dayfox Designs -- Dayfox Blog | Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. |
| 5.6 | CVE-2007-1525 MILW0RM | ||
Digital Eye Gallery -- Digital Eye Gallery | PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. |
| 5.6 | CVE-2007-1600 MILW0RM BID | ||
Evolution -- Shared Memo | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. |
| 5.6 | CVE-2007-1002 OTHER-REF SECUNIA XF | ||
FrontBase -- Relational Database Server | Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name. |
| 4.8 | CVE-2007-1511 BUGTRAQ BID | ||
GraFX -- Company Website Builder Pro | PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. |
| 5.6 | CVE-2007-1513 BUGTRAQ MILW0RM OTHER-REF BID | ||
Guestbara -- Guestbara | Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-1554 FRSIRT | ||
inkscape -- inkscape | Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. |
| 5.6 | CVE-2007-1464 OTHER-REF | ||
KDE -- Konqueror | The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. |
| 5.6 | CVE-2007-1564 OTHER-REF | ||
Lookup -- Lookup | The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| 4.9 | CVE-2007-0237 DEBIAN SECUNIA SECUNIA | ||
Mambo -- NFN Address Book Joomla! -- NFN Address Book | Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. |
| 5.6 | CVE-2007-1596 MILW0RM BID | ||
Microsoft -- Windows Vista | The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. |
| 4.7 | CVE-2007-1532 BUGTRAQ OTHER-REF | ||
Mozilla -- Firefox | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. |
| 5.6 | CVE-2007-1562 OTHER-REF OTHER-REF OTHER-REF FRSIRT | ||
Opera Software -- Opera | The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command. |
| 5.6 | CVE-2007-1563 OTHER-REF | ||
PHP -- PHP | PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 5.6 | CVE-2006-7168 BUGTRAQ BID XF | ||
PHP -- PHP | Double free vulnerability in PHP 5.2.1 and earlier allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. |
| 5.6 | CVE-2007-1521 OTHER-REF BID | ||
PHP -- PHP | Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. |
| 5.6 | CVE-2007-1522 OTHER-REF | ||
PHP -- PHP | The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. |
| 5.6 | CVE-2007-1581 MILW0RM OTHER-REF BID | ||
PHP -- PHP | The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. |
| 5.6 | CVE-2007-1582 MILW0RM OTHER-REF BID | ||
PHP -- PHP | The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. |
| 5.6 | CVE-2007-1583 OTHER-REF BID | ||
PHP -- PHP | Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. |
| 5.6 | CVE-2007-1584 MILW0RM OTHER-REF | ||
PHPX -- PHPX | Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory. |
| 5.6 | CVE-2007-1549 BUGTRAQ BID | ||
Radical Designs -- Activist Mobilization Platform | PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. |
| 5.6 | CVE-2007-1571 MILW0RM OTHER-REF FRSIRT | ||
Rhapsody IRC -- Rhapsody IRC | Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands. |
| 5.6 | CVE-2007-1502 BUGTRAQ BID | ||
SourceForge -- JGBBS | SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 5.6 | CVE-2007-1572 FRSIRT | ||
Ultimate PHP Board -- Ultimate PHP Board | PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. |
| 5.6 | CVE-2006-7169 MILW0RM BID XF | ||
ViperWeb -- Portal | PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. |
| 5.6 | CVE-2007-1514 BUGTRAQ BID | ||
W-Agora -- W-Agora | Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. |
| 5.6 | CVE-2007-1604 BUGTRAQ BID SECUNIA | ||
WebAPP -- WebAPP | Unspecified vulnerability in WebAPP 0.9.9.6 before 20070312 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. |
| 5.6 | CVE-2007-1489 OTHER-REF SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Apache Software Foundation -- Apache HTTP Server Apache Software Foundation -- Tomcat | Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache. |
| 3.3 | CVE-2007-0450 BID BUGTRAQ OTHER-REF OTHER-REF | ||
Asterisk -- Asterisk | Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address. |
| 3.3 | CVE-2007-1561 FULLDISC BID FRSIRT SECTRACK XF | ||
Asterisk -- Asterisk | The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. |
| 2.3 | CVE-2007-1594 BUGTRAQ MLIST OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Avaya -- Communication Manager | Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). |
| 3.4 | CVE-2007-1490 OTHER-REF SECUNIA | ||
CARE2X -- CARE2X | CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-1574 SECUNIA | ||
Cisco -- Security Device Manager Cisco -- Call Manager Cisco -- Network Analysis Module Cisco -- Unified MeetingPlace Cisco -- Wireless LAN Solution Engine Cisco -- MeetingPlace Cisco -- Unified Videoconferencing Manager Cisco -- ACS Solution Engine Cisco -- Unified MeetingPlace Express Cisco -- Unified Video Advantage Cisco -- 2006 Wireless LAN Controllers Cisco -- WAN Manager Cisco -- VPN Client Cisco -- Unified Personal Communicator Cisco -- CiscoWorks Cisco -- Wireless Control System Cisco -- IP Communicator Cisco -- Unified Videoconferencing | Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. |
| 1.1 | CVE-2007-1467 BUGTRAQ BUGTRAQ CISCO BID | ||
Cisco -- 7960 Cisco -- 7940 | Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2007-1542 BID FRSIRT SECUNIA | ||
Cyber Inside -- WebLog Sascha Schroeder -- WebLog CyberTeddy -- WebLog | Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a showarticles action. |
| 2.3 | CVE-2007-1487 MILW0RM FRSIRT SECUNIA | ||
FTPDMIN -- FTPDMIN | FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a long LIST command. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-1580 MILW0RM BID XF | ||
Fujitsu -- Interstage Apworks Fujitsu -- Interstage Application Server | Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. |
| 1.9 | CVE-2007-1504 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Fujitsu -- Systemwalker Desktop Encryption Fujitsu -- FENCE-Pro | Fujistu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. |
| 1.6 | CVE-2007-1505 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA SECUNIA | ||
Geblog -- Geblog | Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. |
| 2.3 | CVE-2007-1577 MILW0RM BID XF | ||
Gentoo -- Linux | The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. |
| 2.9 | CVE-2007-1500 OTHER-REF GENTOO SECUNIA | ||
Glue Software -- NewsGlue | Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. |
| 1.9 | CVE-2007-1610 OTHER-REF OTHER-REF | ||
Grandstream -- BudgeTone 200 | The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. |
| 2.3 | CVE-2007-1590 FULLDISC FRSIRT SECUNIA | ||
Guestbara -- Guestbara | admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. |
| 2.3 | CVE-2007-1553 MILW0RM | ||
Holtstraeter -- ROT 13 | Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter. |
| 1.9 | CVE-2007-1509 BUGTRAQ BID | ||
Horde -- IMP | Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-1515 BUGTRAQ FULLDISC MLIST BID SECUNIA | ||
IBM -- Websphere Application Server | SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. |
| 1.9 | CVE-2006-7164 AIXAPAR | ||
IBM -- WebSphere Application Server | IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." |
| 1.9 | CVE-2006-7165 OTHER-REF AIXAPAR BID FRSIRT SECUNIA | ||
IBM -- WebSphere Application Server | IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." |
| 2.3 | CVE-2006-7166 OTHER-REF AIXAPAR BID FRSIRT SECUNIA | ||
JBMC Software -- DirectAdmin | Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. |
| 1.9 | CVE-2007-1508 BUGTRAQ BID | ||
Jelsoft -- vBulletin | SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 3.4 | CVE-2007-1573 SECUNIA | ||
KDE -- Konqueror | Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. |
| 3.3 | CVE-2007-1565 OTHER-REF | ||
Koan Software -- Mega Mall | product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. |
| 2.3 | CVE-2006-7171 BUGTRAQ XF | ||
LedgerSMB -- LedgerSMB SQL-Ledger -- SQL-Ledger | Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and earlier, and LedgerSMB before 1.2.0 allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated. |
| 1.9 | CVE-2007-1540 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA SECUNIA | ||
Linksys -- WAG200G | The Linksys WAG200G with firmware 1.01.01 allows remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. |
| 2.3 | CVE-2007-1585 BUGTRAQ BID | ||
Linux -- Kernel | nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. |
| 3.3 | CVE-2007-1496 OTHER-REF BID SECUNIA | ||
Linux -- Kernel | net/ipv6/tcp_ipv6.c in Linux kernel 2.4 and 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double-free by opening a listeing IPv6 socket, attaching a flow label, and connecting to that socket. |
| 2.3 | CVE-2007-1592 MLIST | ||
Microsoft -- Windows XP | winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. |
| 2.7 | CVE-2007-1492 VULNWATCH BID | ||
Microsoft -- Internet Explorer | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks via a res: URI to navcancl.htm page with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link. |
| 1.9 | CVE-2007-1499 BUGTRAQ OTHER-REF OTHER-REF | ||
Microsoft -- Windows Vista | The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. |
| 2.3 | CVE-2007-1527 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. |
| 2.3 | CVE-2007-1528 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. |
| 1.9 | CVE-2007-1529 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. |
| 2.3 | CVE-2007-1530 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | Microsoft Windows Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. |
| 2.3 | CVE-2007-1531 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows Vista | The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. |
| 2.3 | CVE-2007-1533 BUGTRAQ OTHER-REF | ||
Microsoft -- Windows 2003 Microsoft -- Windows XP | \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP2 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. |
| 3.3 | CVE-2007-1537 BUGTRAQ OTHER-REF BID | ||
Oracle -- Application Server Portal 10g | Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. |
| 1.9 | CVE-2007-1506 BUGTRAQ BID | ||
Oracle -- Oracle Application Server | Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. |
| 1.9 | CVE-2007-1609 BUGTRAQ | ||
PHP-Nuke -- PHP-Nuke | Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948. |
| 1.9 | CVE-2007-1519 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
PHP-Nuke -- PHP-Nuke | The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. |
| 1.9 | CVE-2007-1520 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF | ||
PHProjekt -- PHProjekt | Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. |
| 1.9 | CVE-2007-1576 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
PHPX -- PHPX | Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. |
| 1.9 | CVE-2007-1551 BUGTRAQ BID | ||
PragmaMX -- Landkarten | Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file. |
| 1.9 | CVE-2007-1539 MILW0RM SECUNIA | ||
Radscan -- Network Audio System | Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. |
| 2.3 | CVE-2007-1544 OTHER-REF BID FRSIRT SECUNIA XF | ||
Radscan -- Network Audio System | The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. |
| 2.3 | CVE-2007-1545 OTHER-REF BID FRSIRT SECUNIA XF | ||
Radscan -- Network Audio System | Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. |
| 2.3 | CVE-2007-1546 OTHER-REF BID FRSIRT SECUNIA XF | ||
Radscan -- Network Audio System | The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. |
| 3.3 | CVE-2007-1547 OTHER-REF BID FRSIRT SECUNIA XF | ||
SourceNext -- IKANARI JIJYOU | Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. |
| 1.9 | CVE-2007-1611 OTHER-REF OTHER-REF | ||
Squid -- Squid | The clientProcessRequest() function in squid/src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (system crash) via crafted TRACE requests that trigger an assertion error. |
| 3.3 | CVE-2007-1560 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
Sun -- Java System Web Server | Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. |
| 3.4 | CVE-2007-1526 SUNALERT | ||
Symantec -- Norton Personal Firewall | The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. |
| 2.3 | CVE-2007-1495 BUGTRAQ BID | ||
Trend Micro -- Trend Micro AntiVirus | VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. |
| 2.3 | CVE-2007-1591 IDEFENSE OTHER-REF | ||
TrueCrypt Foundation -- TrueCrypt | TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. |
| 1.6 | CVE-2007-1589 OTHER-REF | ||
Unclassified NewsBoard -- Unclassified NewsBoard | Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. |
| 2.3 | CVE-2007-1597 BUGTRAQ | ||
W-Agora -- W-Agora | w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. |
| 2.3 | CVE-2007-0606 BUGTRAQ OTHER-REF OSVDB OSVDB XF | ||
W-Agora -- W-Agora | W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. |
| 1.9 | CVE-2007-0607 BUGTRAQ OTHER-REF OSVDB | ||
W-Agora -- W-Agora | w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1. |
| 2.3 | CVE-2007-1605 BUGTRAQ BID SECUNIA | ||
W-Agora -- W-Agora | Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. |
| 1.9 | CVE-2007-1606 BUGTRAQ BID SECUNIA | ||
W-Agora -- W-Agora | search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. |
| 2.3 | CVE-2007-1607 BUGTRAQ BID SECUNIA | ||
Weekly Drawing Contest -- Weekly Drawing Contest | ** DISPUTED ** Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files. |
| 2.3 | CVE-2007-1601 BUGTRAQ BUGTRAQ | ||
WordPress -- WordPress | wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. |
| 1.4 | CVE-2007-1599 BUGTRAQ OTHER-REF | ||
Xen -- Qemu | The VNC server implementation in QEMU allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information. |
| 1.9 | CVE-2007-0998 REDHAT BID SECTRACK | ||
Zomplog -- Zomplog | Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then included via themes/default/. |
| 2.3 | CVE-2007-1524 MILW0RM BID | ||
Zope -- Zope | Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. |
| 1.9 | CVE-2007-0240 OTHER-REF FRSIRT | ||
ZyXEL -- ZyNOS | ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. |
| 2.3 | CVE-2007-1586 BUGTRAQ BID SECTRACK |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.