Vulnerability Summary for the Week of April 23, 2007

Released
Apr 30, 2007
Document ID
SB07-120

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ABC-View -- ABC-View ManagerBuffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
unknown
2007-04-26
8.0CVE-2007-2284
MILW0RM
BID
FRSIRT
SECUNIA
XF
ACDSee -- ACDSee
ACDSee -- Photo Editor
ACDSee -- ACDSee Pro		Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
unknown
2007-04-24
8.0CVE-2007-2193
MILW0RM
FRSIRT
SECUNIA
BID
XF
Adobe -- PhotoshopMultiple buffer overflows in Adobe Photoshop CS2 and CS3 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
unknown
2007-04-25
8.0CVE-2007-2244
MILW0RM
BID
FRSIRT
SECUNIA
XF
Advanced Webhost Billing System -- Advanced Webhost Billing SystemPHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.
unknown
2007-04-25
7.0CVE-2007-2272
MILW0RM
BID
XF
AimStats -- AimStatsStatic code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.
unknown
2007-04-22
7.0CVE-2007-2167
MILW0RM
FRSIRT
OTHER-REF
BID
SECUNIA
XF
Alessandro Lulli -- wavewooPHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.
unknown
2007-04-25
7.0CVE-2007-2273
MILW0RM
SECUNIA
BID
FRSIRT
Alexscriptengine -- Download-EngineMultiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459. NOTE: vector 3 might be an issue in SPAW.
unknown
2007-04-25
7.0CVE-2007-2255
BUGTRAQ
XF
Alexscriptengine -- Download-EnginePHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255. NOTE: this may be an issue in SPAW.
unknown
2007-04-26
7.0CVE-2007-2289
BUGTRAQ
Antonio Da Cruz -- Photofiltre StudioBuffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.
unknown
2007-04-24
8.0CVE-2007-2192
MILW0RM
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X		Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
unknown
2007-04-24
7.0CVE-2007-0725
OTHER-REF
APPLE
FRSIRT
BID
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
unknown
2007-04-24
7.0CVE-2007-0729
OTHER-REF
APPLE
CERT-VN
FRSIRT
BID
SECTRACK
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."
unknown
2007-04-24
7.0CVE-2007-0732
OTHER-REF
APPLE
FRSIRT
BID
SECTRACK
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
unknown
2007-04-24
8.0CVE-2007-0735
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
unknown
2007-04-24
8.0CVE-2007-0736
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS XBuffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
unknown
2007-04-24
7.0CVE-2007-0741
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.
unknown
2007-04-24
7.0CVE-2007-0744
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
unknown
2007-04-24
10.0CVE-2007-0746
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X		load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
unknown
2007-04-24
7.0CVE-2007-0747
OTHER-REF
APPLE
BID
FRSIRT
CERT-VN
SECTRACK
SECUNIA
Apple -- SafariUnspecified vulnerability in Apple QuickTime, as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
unknown
2007-04-24
10.0CVE-2007-2175
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
XF
Apple -- QuicktimeHeap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and earlier allows remote attackers to execute arbitrary code via a crafted MOV file.
unknown
2007-04-26
8.0CVE-2007-2295
OTHER-REF
BID
Apple -- QuicktimeInteger overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5 and earlier allows remote attackers to execute arbitrary code via a crafted MP4 file.
unknown
2007-04-26
8.0CVE-2007-2296
OTHER-REF
BID
Arash -- AudioCMSMultiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.
unknown
2007-04-26
7.0CVE-2007-2301
MILW0RM
BID
FRSIRT
Asterisk -- AsteriskMultiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.
unknown
2007-04-26
8.0CVE-2007-2293
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
Autostand Category -- Autostand CategoryPHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.
unknown
2007-04-26
7.0CVE-2007-2319
MILW0RM
BID
FRSIRT
XF
Bibtex -- MaseMultiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.
unknown
2007-04-25
7.0CVE-2007-2260
BUGTRAQ
BloofoxCMS -- BloofoxCMS** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before use.
unknown
2007-04-26
7.0CVE-2007-2311
BUGTRAQ
VIM
Built2Go -- PHP Link PortalPHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.
unknown
2007-04-26
7.0CVE-2007-2286
BUGTRAQ
BID
CA -- CleverPath PortalSQL injection vulnerability in CA Clever Path Portal allows remote attackers to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possiby other vectors.
2007-01-18
2007-04-25
7.0CVE-2007-2230
FULLDISC
OTHER-REF
CafeLog -- b2Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. NOTE: this may overlap CVE-2002-1466.
unknown
2007-04-26
7.0CVE-2007-2290
BUGTRAQ
BID
Check Point Software -- ZoneAlarmThe IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.
unknown
2007-04-24
7.0CVE-2007-2174
IDEFENSE
BID
SECTRACK
SECUNIA
BUGTRAQ
FRSIRT
XF
Cisco -- Netflow Collection EngineCisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
unknown
2007-04-26
10.0CVE-2007-2282
CISCO
BID
FRSIRT
SECTRACK
XF
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Server Protection Suite
Computer Associates -- Business Protection Suite		Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
unknown
2007-04-25
10.0CVE-2007-2139
BUGTRAQ
OTHER-REF
OTHER-REF
BID
CERT-VN
FRSIRT
SECUNIA
XF
Comus -- ComusPHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
unknown
2007-04-26
7.0CVE-2007-2287
BUGTRAQ
BID
CoSign -- CoSignThe CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.
unknown
2007-04-25
7.0CVE-2007-2232
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
DCP-Portal -- DCP-PortalMultiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php.
unknown
2007-04-25
7.0CVE-2007-2278
BUGTRAQ
DeltaScripts -- PHP ClassifiedsPHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this product was referred to as "Allfaclassfieds" in the original disclosure.
unknown
2007-04-25
7.0CVE-2007-2254
BUGTRAQ
VIM
XF
DmCMS -- DmCMSUnrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer.
unknown
2007-04-24
7.0CVE-2007-2214
BUGTRAQ
BID
FRSIRT
Doruk100.net -- Doruk100netPHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
unknown
2007-04-26
7.0CVE-2007-2288
BUGTRAQ
BID
Double Precision Incorporated -- Courier-IMAPEval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
unknown
2007-04-24
10.0CVE-2007-2173
OTHER-REF
GENTOO
SECUNIA
BID
XF
DynaTracker -- DynaTrackerPHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
unknown
2007-04-26
7.0CVE-2007-2330
BUGTRAQ
EsForum -- EsForumSQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.
unknown
2007-04-25
7.0CVE-2007-2259
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Expow -- ExpowPHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.
unknown
2007-04-26
7.0CVE-2007-2302
MILW0RM
BID
XF
eXtremail -- eXtremailStack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.
unknown
2007-04-24
10.0CVE-2007-2187
FULLDISC
MILW0RM
OTHER-REF
BID
eXtremail -- eXtremaileXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.
unknown
2007-04-24
10.0CVE-2007-2188
FULLDISC
BID
Extreme phpBB -- Extreme phpBBMultiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.
unknown
2007-04-24
7.0CVE-2007-2208
BUGTRAQ
XF
FileZilla -- FileZillaMultiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.
unknown
2007-04-26
10.0CVE-2007-2318
OTHER-REF
BID
SECUNIA
FreshDevices -- FreshViewBuffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
unknown
2007-04-26
8.0CVE-2007-2283
MILW0RM
BID
FRSIRT
Frogss -- Frogss CMSMultiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.
unknown
2007-04-26
7.0CVE-2007-2299
MILW0RM
BID
FRSIRT
XF
Fully Modded phpBB -- Fully Modded phpBB2PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-04-25
7.0CVE-2007-2257
BUGTRAQ
BID
XF
Gentoo -- XnViewStack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
unknown
2007-04-24
10.0CVE-2007-2194
MILW0RM
FRSIRT
SECUNIA
BID
XF
GForge -- GarennesMultiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.
unknown
2007-04-26
7.0CVE-2007-2298
MILW0RM
BID
FRSIRT
GoldCoders -- HYIP Manager ProMultiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files. NOTE: (1) and (2) might be incorrectly reported vectors in Smarty.
unknown
2007-04-26
7.0CVE-2007-2326
BUGTRAQ
GPL PHP Board -- GPL PHP BoardMultiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.
unknown
2007-04-24
7.0CVE-2007-2204
MILW0RM
BID
FRSIRT
XF
GraceNote -- CDDBControl ActiveX ControlMultiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.
unknown
2007-04-24
8.0CVE-2007-0443
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
BUGTRAQ
FRSIRT
XF
InterVideo -- Home TheaterMultiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-26
10.0CVE-2007-2323
SECUNIA
Labs4 -- htmlEditboxPHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.
unknown
2007-04-26
7.0CVE-2007-2327
BUGTRAQ
LAN Management System -- LAN Management SystemPHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.
unknown
2007-04-24
7.0CVE-2007-2205
BUGTRAQ
BID
VIM
XF
Microsoft -- Internet ExplorerCRLF injection vulnerability in the Digest Authentication in Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
unknown
2007-04-26
7.0CVE-2007-2291
BUGTRAQ
OTHER-REF
BID
MiniBB -- MiniBB
TOSMO Mambo -- TOSMO Mambo		Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690.
unknown
2007-04-26
7.0CVE-2007-2317
MILW0RM
VIM
BID
FRSIRT
XF
Mozilla -- FirefoxUnspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
unknown
2007-04-24
10.0CVE-2007-2176
OTHER-REF
mxBB -- MX ShotcastPHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
unknown
2007-04-26
7.0CVE-2007-2313
MILW0RM
BID
FRSIRT
XF
MyBB -- MyBBMultiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-24
7.0CVE-2007-2212
XF
MyBulletinBoard -- MyBulletinBoardSQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.
unknown
2007-04-24
7.0CVE-2007-2211
MILW0RM
BID
XF
FRSIRT
SECUNIA
MyNewsGroup -- MyNewsGroupPHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
unknown
2007-04-26
10.0CVE-2007-2325
BUGTRAQ
Novell -- GroupwiseStack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.
unknown
2007-04-24
10.0CVE-2007-2171
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Pagode -- PagodeDirectory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a .. (dot dot) in the asolute parameter.
unknown
2007-04-24
10.0CVE-2007-2200
MILW0RM
BID
FRSIRT
SECUNIA
XF
Papoo -- PapooSQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478.
unknown
2007-04-26
7.0CVE-2007-2320
MILW0RM
BID
PHP-Ring -- Webring SystemSQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.
unknown
2007-04-24
7.0CVE-2007-2183
MILW0RM
BID
XF
PHPee -- YA BookCross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.
unknown
2007-04-25
7.0CVE-2007-2265
BUGTRAQ
BID
phpMyAdmin -- phpMyAdminMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
unknown
2007-04-25
7.0CVE-2007-2245
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
PHPmybibli -- PHPmybibliPHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.
unknown
2007-04-25
7.0CVE-2007-2258
BUGTRAQ
BID
XF
PHPMySpace -- PHPMySpaceSQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
unknown
2007-04-25
7.0CVE-2007-2247
BUGTRAQ
BID
FRSIRT
XF
phpMYTGP -- phpMYTGPPHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.
unknown
2007-04-26
7.0CVE-2007-2328
BUGTRAQ
Plogger -- PloggerSession fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
unknown
2007-04-25
7.0CVE-2007-2277
BUGTRAQ
OTHER-REF
Post Revolution -- Post RevolutionMultiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
unknown
2007-04-24
7.0CVE-2007-2201
BUGTRAQ
MILW0RM
BID
FRSIRT
SECUNIA
XF
ProFTPD Project -- ProFTPDThe Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
unknown
2007-04-22
7.0CVE-2007-2165
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Progress -- WebSpeedProgress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.
unknown
2007-04-25
10.0CVE-2007-2266
BUGTRAQ
BID
PunBB -- PunBBinclude/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.
unknown
2007-04-25
7.0CVE-2007-2234
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
PunBB -- PunBBfooter.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
unknown
2007-04-25
7.0CVE-2007-2236
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
QDBlog -- QDBlogMultiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.
unknown
2007-04-26
7.0CVE-2007-2304
MILW0RM
BID
FRSIRT
XF
QDBlog -- QDBlogMultiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
unknown
2007-04-26
7.0CVE-2007-2305
MILW0RM
BID
FRSIRT
XF
Realink -- C-ArbrePHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.
unknown
2007-04-25
7.0CVE-2007-2261
BUGTRAQ
XF
Ripe Website Manager -- Ripe Website ManagerCross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.
unknown
2007-04-24
7.0CVE-2007-2206
BUGTRAQ
BID
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
Ripe Website Manager -- Ripe Website ManagerSQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.
unknown
2007-04-24
7.0CVE-2007-2207
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECUNIA
XF
Searchactivity -- SearchactivityPHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-04-26
7.0CVE-2007-2329
BUGTRAQ
Shop-Script -- Shop-ScriptPHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter.
unknown
2007-04-26
7.0CVE-2007-2331
BUGTRAQ
SilverStripe -- SilverStripeUnspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
unknown
2007-04-26
7.0CVE-2007-2321
OTHER-REF
SECUNIA
Sinato -- File117Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117".
unknown
2007-04-25
7.0CVE-2007-2262
BUGTRAQ
BID
BID
FRSIRT
XF
VWar -- Virtual WarMultiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/. NOTE: this might be same vulnerability as CVE-2006-4142; however, there is an intervening vendor fix announcement.
unknown
2007-04-26
7.0CVE-2007-2312
BUGTRAQ
OTHER-REF
VIM
BID
XF
WebKalk2 -- WebKalk2PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
unknown
2007-04-26
7.0CVE-2007-2307
MILW0RM
BID
FRSIRT
XF
Xaraya -- XarayaUnspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.
unknown
2007-04-25
7.0CVE-2007-2251
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ACVSWS -- ACVSWS_PHP5PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.
unknown
2007-04-24
5.6CVE-2007-2202
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XThe Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.
unknown
2007-04-24
4.9CVE-2007-0737
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS XThe Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.
unknown
2007-04-24
4.9CVE-2007-0738
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS XThe Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.
unknown
2007-04-24
4.9CVE-2007-0739
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Corel -- Paint Shop Pro PhotoBuffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file. NOTE: some details were obtained from third party sources.
unknown
2007-04-24
5.6CVE-2007-2209
MILW0RM
BID
FRSIRT
SECUNIA
SECUNIA
XF
CoSign -- CoSigncosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGING and REGISTER commands with the desired username.
unknown
2007-04-25
4.2CVE-2007-2233
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Crea-Book -- Crea-BookMultiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-26
5.6CVE-2007-2314
SECUNIA
Eba News -- Eba NewsPHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.
unknown
2007-04-24
5.6CVE-2007-2190
BUGTRAQ
OTHER-REF
XF
freePBX -- freePBXMultiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.
unknown
2007-04-24
5.6CVE-2007-2191
FULLDISC
BID
XF
HP -- StorageWorks XP Replication Monitor
HP -- StorageWorks Command View XP
HP -- HP StorageWorks XP Tiered Storage Manager		Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users.
unknown
2007-04-25
4.9CVE-2007-2275
HP
BID
FRSIRT
SECUNIA
IncrediMail -- IMMenuShellExt ActiveX controlStack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-26
5.6CVE-2007-1683
CERT-VN
Joomla! -- Jambook
Mambo -- Jambook		PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-04-24
5.6CVE-2007-2196
BUGTRAQ
Joomla! -- Joomla!PHP remote file inclusion vulnerability in libraries/pcl/pcltar.php in Joomla! 1.5.0 Beta allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
unknown
2007-04-24
5.6CVE-2007-2199
MILW0RM
OTHER-REF
BID
BUGTRAQ
FRSIRT
XF
Maran -- PHP ForumUnrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.
unknown
2007-04-24
5.6CVE-2007-2182
MILW0RM
BID
FRSIRT
SECUNIA
XF
Microgaming -- Download Helper ActiveX ControlStack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-04-24
5.6CVE-2007-2177
CERT-VN
BID
FRSIRT
SECUNIA
MX Smartor -- Full Album PackPHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-04-24
5.6CVE-2007-2189
MILW0RM
BID
XF
News Manager Deluxe -- News Manager DeluxeDirectory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
unknown
2007-04-26
5.6CVE-2007-2303
MILW0RM
FRSIRT
SECUNIA
Nortel -- VPN RouterNortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
unknown
2007-04-27
6.0CVE-2007-2332
OTHER-REF
BID
FRSIRT
SECUNIA
Open Business Management -- Open Business ManagementUnspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."
unknown
2007-04-26
4.9CVE-2007-2316
OTHER-REF
BID
FRSIRT
SECUNIA
OpenSurveyPilot -- OpenSurveyPilotPHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.
unknown
2007-04-22
5.6CVE-2007-2166
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Oracle -- E-Business SuiteThe APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
unknown
2007-04-24
6.7CVE-2007-2170
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Phorum -- Phoruminclude/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
unknown
2007-04-25
4.2CVE-2007-2249
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Rajneel Lal TotaRam -- USP Foss DistributionDirectory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
unknown
2007-04-25
6.7CVE-2007-2271
MILW0RM
BID
FRSIRT
SECUNIA
Supasite -- SupasiteMultiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.
unknown
2007-04-24
5.6CVE-2007-2185
MILW0RM
BID
FRSIRT
XF
SWsoft -- PleskMultiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.
unknown
2007-04-25
6.7CVE-2007-2268
OTHER-REF
OTHER-REF
OSVDB
OSVDB
WEBInsta -- FM ManagerPHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.
unknown
2007-04-24
5.6CVE-2007-2181
MILW0RM
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3com -- TippingPoint IPS3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop."
unknown
2007-04-25
3.3CVE-2007-2276
BUGTRAQ
BUGTRAQ
BID
Alvaro -- Alvaro's MessengeraMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
unknown
2007-04-24
2.3CVE-2007-2195
OTHER-REF
BID
Apache -- TomcatThe AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
unknown
2007-04-25
3.3CVE-2006-7197
OTHER-REF
Apple -- Mac OS XThe WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
unknown
2007-04-24
3.3CVE-2007-0742
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- Mac OS XURLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.
unknown
2007-04-24
2.3CVE-2007-0743
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Apple -- SafariApple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
unknown
2007-04-22
2.3CVE-2007-2163
BUGTRAQ
BUGTRAQ
Asterisk -- AsteriskThe Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.
unknown
2007-04-26
3.3CVE-2007-2294
BUGTRAQ
OTHER-REF
SECTRACK
SECUNIA
Asterisk -- AsteriskThe SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).
unknown
2007-04-26
3.3CVE-2007-2297
BUGTRAQ
OTHER-REF
OTHER-REF
SECTRACK
Big Blue -- GuestbookCross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.
unknown
2007-04-24
1.9CVE-2007-2203
BUGTRAQ
BID
FRSIRT
SECUNIA
BloofoxCMS -- BloofoxCMSCross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.
unknown
2007-04-26
1.9CVE-2007-2310
BUGTRAQ
BID
Brettle Development -- NeatUploadRace condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.
unknown
2007-04-24
1.9CVE-2007-2197
BUGTRAQ
BID
SECUNIA
XF
Dovecot -- DovecotDirectory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
unknown
2007-04-25
1.9CVE-2007-2231
BUGTRAQ
MLIST
MLIST
OTHER-REF
BID
FRSIRT
Exponent -- Exponent CMSDirectory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter.
unknown
2007-04-25
2.3CVE-2007-2252
OTHER-REF
BID
SECUNIA
Exponent -- Exponent CMSExponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.
unknown
2007-04-25
2.3CVE-2007-2253
OTHER-REF
FloweRS -- FloweRSCross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.
unknown
2007-04-26
1.9CVE-2007-2308
BUGTRAQ
BID
FRSIRT
FloweRS -- FloweRSCross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-26
1.9CVE-2007-2309
FRSIRT
Foxit -- PDF ReaderFoxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
unknown
2007-04-24
2.3CVE-2007-2186
MILW0RM
BID
XF
IETF -- IPv6The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
unknown
2007-04-25
3.3CVE-2007-2242
OTHER-REF
OPENBSD
OPENBSD
BID
SECUNIA
XF
Ipswitch -- WS_FTPUnspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."
unknown
2007-04-24
3.3CVE-2007-2213
BUGTRAQ
BUGTRAQ
BID
XF
Jack Slocum -- Ext JSDirectory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a .. (dot dot) in the feed parameter. NOTE: analysis by third party researchers indicates that this issue might be platform dependent.
unknown
2007-04-26
3.3CVE-2007-2285
MILW0RM
VIM
VIM
VIM
BID
jchit -- counterDirectory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.
unknown
2007-04-24
2.3CVE-2007-2184
MILW0RM
BID
XF
Julmajanne -- JulmaCMSDirectory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-04-26
3.3CVE-2007-2324
MILW0RM
BID
KDE -- KonquerorKonqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
unknown
2007-04-22
2.3CVE-2007-2164
BUGTRAQ
BUGTRAQ
LAN Management System -- LAN Management SystemCross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.
unknown
2007-04-24
1.9CVE-2007-2198
OTHER-REF
OTHER-REF
Linksys -- SPA941The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.
unknown
2007-04-25
3.3CVE-2007-2270
MILW0RM
MILW0RM
BID
FRSIRT
XF
Linux -- KernelThe setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.
unknown
2007-04-24
3.3CVE-2007-1353
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Internet Explorer
Mozilla -- Firefox		CRLF injection vulnerability in the Digest Authentication in Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.
unknown
2007-04-26
3.3CVE-2007-2292
BUGTRAQ
OTHER-REF
BID
MiniShare -- Minimal HTTP ServerMiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.
unknown
2007-04-26
3.3CVE-2007-2315
OTHER-REF
OTHER-REF
SECUNIA
Nero -- MediaHome CE
Nero -- MediaHome		NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-04-26
3.3CVE-2007-2322
SECUNIA
Netsprint -- Ask IE ToolbarA certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.
unknown
2007-04-24
3.3CVE-2007-2210
BUGTRAQ
BID
Nullsoft -- WinAmpBuffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.
unknown
2007-04-24
2.7CVE-2007-2180
BUGTRAQ
BID
MILW0RM
XF
Objective Development -- SharityMultiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
unknown
2007-04-24
3.3CVE-2007-2178
OTHER-REF
BID
SECUNIA
XF
OpenBSD -- OpenSSH Portable
OpenBSD -- OpenSSH		OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.
unknown
2007-04-25
1.9CVE-2007-2243
FULLDISC
FULLDISC
BID
XF
Opera Software -- OperaThe BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file. NOTE: the original disclosure refers to this to as a memory leak, but it is not certain.
unknown
2007-04-25
3.3CVE-2007-2274
MILW0RM
Oracle -- E-Business SuiteThe ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
unknown
2007-04-24
3.3CVE-2007-2135
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Phorum -- PhorumMultiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
unknown
2007-04-25
1.9CVE-2007-2248
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Phorum -- Phorumadmin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
unknown
2007-04-25
2.3CVE-2007-2250
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
PostgreSQL -- PostgreSQLUntrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
unknown
2007-04-24
3.4CVE-2007-2138
OTHER-REF
OTHER-REF
SECUNIA
OTHER-REF
MANDRIVA
BID
FRSIRT
SECUNIA
SECUNIA
XF
PunBB -- PunBBMultiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.
unknown
2007-04-25
1.9CVE-2007-2235
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Raiden Professional Servers -- RaidenFTPDMultiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.
unknown
2007-04-24
3.3CVE-2007-2179
BUGTRAQ
BID
XF
Sendmail Consortium -- SendmailUnspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-443.
unknown
2007-04-25
3.3CVE-2007-2246
HP
BID
FRSIRT
SECUNIA
Sun -- Sun ClusterUnspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.
unknown
2007-04-25
2.0CVE-2007-2267
SUNALERT
FRSIRT
XF
Surat kabar -- phpwebnewsMultiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.
unknown
2007-04-26
1.9CVE-2007-2300
BUGTRAQ
BID
XF
SWsoft -- PleskDirectory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
unknown
2007-04-25
2.3CVE-2007-2269
OTHER-REF
TJSChat -- TJSChatCross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-04-25
1.9CVE-2007-2256
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
VWar -- Virtual WarMultiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.
unknown
2007-04-26
1.9CVE-2007-2306
BUGTRAQ
OTHER-REF
BID
XF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.