U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-141)

Vulnerability Summary for the Week of May 14, 2007

Original release date: May 21, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- TippingPoint IMS 50
3Com -- TippingPoint IMS 2400E
3Com -- TippingPoint IMS 5000E
3Com -- TippingPoint IMS X505
3Com -- TippingPoint IMS 600E
3Com -- TippingPoint IMS 200
3Com -- TippingPoint IMS 200E
3Com -- TippingPoint IMS X506
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-16
7.0CVE-2007-2734
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Adobe -- Creative SuiteThe installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.
unknown
2007-05-18
7.0CVE-2007-2682
OTHER-REF
BID
SECTRACK
SECUNIA
Agner Fog -- aForumPHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
unknown
2007-05-11
7.0CVE-2007-2596
MILW0RM
BID
FRSIRT
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
unknown
2007-05-14
8.0CVE-2007-0754
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
b2evolution -- b2evolutionDirectory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
unknown
2007-05-14
7.0CVE-2007-2681
BUGTRAQ
XF
BEA Systems -- WebLogic ServerThe JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
unknown
2007-05-15
7.0CVE-2007-2696
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
unknown
2007-05-15
7.0CVE-2007-2697
BEA
FRSIRT
SECTRACK
SECUNIA
Beacon -- BeaconPHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.
unknown
2007-05-14
7.0CVE-2007-2663
MILW0RM
Censura -- CensuraSQL injection vulnerability in censura.php in Censura 1.15.04 allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action.
unknown
2007-05-14
7.0CVE-2007-2673
MILW0RM
BID
Centennial -- Discovery
Symantec -- Discovery
Numara -- Asset Manager
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
unknown
2007-05-16
10.0CVE-2007-1173
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Clever Components -- Clever Database ComparerStack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function.
unknown
2007-05-14
8.0CVE-2007-2648
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Comodo -- Comodo Personal Firewall
Comodo -- Comodo Firewall Pro
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
unknown
2007-05-16
7.0CVE-2007-2729
BUGTRAQ
OTHER-REF
Comodo -- Comodo Personal Firewall
Comodo -- Comodo Firewall Pro
Check Point Software -- ZoneAlarm
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
unknown
2007-05-16
7.0CVE-2007-2730
BUGTRAQ
OTHER-REF
Computer Associates -- eTrust Integrated Threat Management
Computer Associates -- eTrust PestPatrol
Computer Associates -- eTrust EZ Antivirus
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
unknown
2007-05-11
10.0CVE-2007-2522
OTHER-REF
BID
FRSIRT
BUGTRAQ
OTHER-REF
CERT-VN
SECTRACK
SECUNIA
Computer Associates -- Integrated Threat Management
Computer Associates -- Anti-Virus
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
unknown
2007-05-11
7.0CVE-2007-2523
IDEFENSE
OTHER-REF
BID
FRSIRT
BUGTRAQ
OTHER-REF
CERT-VN
SECTRACK
SECUNIA
DB Soft Lab -- VImp XBuffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.
unknown
2007-05-14
10.0CVE-2007-2667
MILW0RM
DB Soft Lab -- DeWizardXThe DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.
unknown
2007-05-16
10.0CVE-2007-2725
OTHER-REF
OTHER-REF
BID
DivX City -- GDivX Zenith PlayerBuffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.
unknown
2007-05-11
8.0CVE-2007-2601
MILW0RM
BID
Drumster -- BlogMeSQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.
unknown
2007-05-14
7.0CVE-2007-2661
MILW0RM
BID
XF
EfesTECH Haber -- EfesTECH HaberSQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.
unknown
2007-05-14
7.0CVE-2007-2662
MILW0RM
EQdkp -- EQdkpMultiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.
unknown
2007-05-16
7.0CVE-2007-2716
FULLDISC
FULLDISC
BID
SECUNIA
Feindt Computerservice -- News-ScriptPHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
unknown
2007-05-16
7.0CVE-2007-2708
MILW0RM
BID
FRSIRT
Fotolog -- FotologCross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-05-16
7.0CVE-2007-2724
BUGTRAQ
Free-SA -- Free-SAMultiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. NOTE: some of these details are obtained from third party information.
unknown
2007-05-14
7.0CVE-2007-2652
OTHER-REF
BID
FRSIRT
FreeType -- FreeTypeInteger signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
unknown
2007-05-17
10.0CVE-2007-2754
MLIST
OTHER-REF
OTHER-REF
Geeklog -- Media GalleryPHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
unknown
2007-05-16
7.0CVE-2007-2706
MILW0RM
Glossword -- GlosswordPHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
unknown
2007-05-17
7.0CVE-2007-2743
MILW0RM
BID
GNU Edu -- GNU EduMultiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
unknown
2007-05-11
7.0CVE-2007-2609
MILW0RM
BID
FRSIRT
XF
HP -- Systems Insight ManagerSession fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
unknown
2007-05-16
10.0CVE-2007-2719
OTHER-REF
HP
FRSIRT
SECUNIA
iFusionServices -- iFdateifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.
unknown
2007-05-16
7.0CVE-2007-2713
BUGTRAQ
OTHER-REF
BID
iGeneric -- iG ShopSQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
unknown
2007-05-16
7.0CVE-2007-2717
MILW0RM
BID
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.
unknown
2007-05-16
7.0CVE-2007-2732
BUGTRAQ
FRSIRT
labs.beffa.org -- w2boxUnrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.
unknown
2007-05-17
7.0CVE-2007-2742
BUGTRAQ
BID
XF
LaVague -- LaVaguePHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
unknown
2007-05-11
7.0CVE-2007-2607
MILW0RM
BID
FRSIRT
XF
libexif -- libexifInteger overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
unknown
2007-05-14
8.0CVE-2007-2645
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Little CMS -- Little CMSStack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
unknown
2007-05-17
7.0CVE-2007-2741
OTHER-REF
BID
FRSIRT
SECUNIA
MH Software -- Connect DailyUnspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.
unknown
2007-05-16
7.0CVE-2007-2712
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Internet Explorer
Stalker -- Communigate Pro
Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.
unknown
2007-05-16
7.0CVE-2007-2718
FULLDISC
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
NagiosQL -- NagiosQL 2005PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
unknown
2007-05-16
7.0CVE-2007-2709
MILW0RM
BID
FRSIRT
NagiosQL -- NagiosQLPHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-16
7.0CVE-2007-2710
FRSIRT
Netsprint -- Netsprint ToolbarBuffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-14
7.0CVE-2007-2678
BUGTRAQ
BUGTRAQ
Notepad++ -- Notepad++Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1 and earlier allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: some of these details are obtained from third party information.
unknown
2007-05-14
10.0CVE-2007-2666
MILW0RM
SECUNIA
Open Translation Engine -- Open Translation EnginePHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
unknown
2007-05-14
7.0CVE-2007-2676
MILW0RM
VIM
BID
OpenLD -- OpenLDCross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter.
unknown
2007-05-11
7.0CVE-2007-2610
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
PHP -- PHPThe mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
unknown
2007-05-16
10.0CVE-2007-2727
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
PHP FirstPost -- PHP FirstPostPHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
unknown
2007-05-14
7.0CVE-2007-2665
MILW0RM
BID
phpChess -- phpChessMultiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
unknown
2007-05-14
7.0CVE-2007-2677
MILW0RM
VIM
BID
PHPGlossar -- PHPGlossarMultiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
unknown
2007-05-17
7.0CVE-2007-2751
MILW0RM
Pre Projects -- Pre Shopping MallSQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
unknown
2007-05-14
7.0CVE-2007-2674
MILW0RM
BID
Pre Projects -- Pre Classifieds ListingsSQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
unknown
2007-05-14
7.0CVE-2007-2675
MILW0RM
BID
XF
PrecisionID Barcode -- PrecisionID BarcodeStack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.
unknown
2007-05-17
7.0CVE-2007-2744
OTHER-REF
OTHER-REF
SECUNIA
PrecisionID Barcode -- PrecisionID BarcodeThe PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.
unknown
2007-05-17
10.0CVE-2007-2755
MILW0RM
OTHER-REF
OTHER-REF
Samba -- SambaLogic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
unknown
2007-05-14
7.0CVE-2007-2444
BUGTRAQ
OTHER-REF
OTHER-REF
MANDRIVA
SLACKWARE
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Samba -- SambaMultiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests.
unknown
2007-05-14
10.0CVE-2007-2446
BUGTRAQ
OTHER-REF
OTHER-REF
MANDRIVA
REDHAT
SLACKWARE
CERT-VN
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SimpleNews -- SimpleNewsSQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
unknown
2007-05-11
10.0CVE-2007-2598
MILW0RM
FRSIRT
OTHER-REF
BID
SECUNIA
SimpNews -- SimpNewsSQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
unknown
2007-05-17
7.0CVE-2007-2750
MILW0RM
Snaps Gallery -- Snaps GalleryAdmin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
unknown
2007-05-16
10.0CVE-2007-2715
MILW0RM
OTHER-REF
BID
FRSIRT
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
unknown
2007-05-16
10.0CVE-2007-1689
OTHER-REF
TellTargetCMS -- TellTarget CMSMultiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.
unknown
2007-05-11
7.0CVE-2007-2597
MILW0RM
BID
FRSIRT
Thinc4orce Marketing Group -- PHP Coupon ScriptSQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.
unknown
2007-05-14
7.0CVE-2007-2672
MILW0RM
BID
XF
TinyIRC -- TinyIdentDStack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
unknown
2007-05-16
10.0CVE-2007-2711
MILW0RM
SECUNIA
Tomasz Rekawek -- Yet Another Asterisk PanelPHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
unknown
2007-05-14
7.0CVE-2007-2664
MILW0RM
Touteresa -- ResManagerSQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter.
unknown
2007-05-17
7.0CVE-2007-2735
MILW0RM
BID
FRSIRT
VCDGear -- VCDGearMultiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.
unknown
2007-05-16
8.0CVE-2007-2568
OTHER-REF
FRSIRT
SECUNIA
VooDoo cIRCle -- VooDoo cIRCleMultiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets.
unknown
2007-05-14
7.0CVE-2007-2651
OTHER-REF
BID
FRSIRT
Wavelink Media -- TutorialCMSMultiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2599
MILW0RM
BID
FRSIRT
SECUNIA
Wavelink Media -- TutorialCMSMultiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2600
MILW0RM
BID
FRSIRT
webdesproxy -- webdesproxyBuffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL.
unknown
2007-05-14
7.0CVE-2007-2668
MILW0RM
Xoops -- MyConference ModuleSQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-17
7.0CVE-2007-2737
FRSIRT
Xoops -- Xoops Glossaire ModuleSQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
unknown
2007-05-17
7.0CVE-2007-2738
MILW0RM
BID
yEnc32 -- yEnc32Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file.
unknown
2007-05-14
8.0CVE-2007-2646
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
unknown
2007-05-15
5.6CVE-2007-2695
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
unknown
2007-05-15
4.8CVE-2007-2699
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
unknown
2007-05-15
4.2CVE-2007-2703
BEA
FRSIRT
SECUNIA
Caucho Technology -- ResinCaucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
unknown
2007-05-16
6.7CVE-2007-2439
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Drake Team -- Drake CMSCRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
unknown
2007-05-11
5.6CVE-2007-2618
BUGTRAQ
BID
XF
Linksnet -- NewsfeedPHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.
unknown
2007-05-16
5.6CVE-2007-2707
MILW0RM
SECUNIA
Matt Mullenweg -- AkismetUnspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
unknown
2007-05-16
4.9CVE-2007-2714
OTHER-REF
OTHER-REF
BID
Monalbum -- MonalbumStatic code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.
unknown
2007-05-14
4.2CVE-2007-2647
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Mutt -- MuttBuffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
unknown
2007-05-15
4.9CVE-2007-2683
OTHER-REF
MySQL -- MySQLThe mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
unknown
2007-05-15
4.2CVE-2007-2692
OTHER-REF
OTHER-REF
FRSIRT
NetWin -- SurgeMail
NetWin -- WebMail
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors.
unknown
2007-05-14
4.9CVE-2007-2655
OTHER-REF
BID
SECUNIA
PHP -- PHPThe soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-????.
unknown
2007-05-16
4.9CVE-2007-2728
OTHER-REF
RunawaySoft -- Haber PortalSQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-17
4.7CVE-2007-2752
MILW0RM
BID
Simple PHP Scripts Gallery -- Simple PHP Scripts GalleryPHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-14
5.6CVE-2007-2679
VIM
BID
SECUNIA
SonicBB -- SonicBBMultiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.
unknown
2007-05-14
5.6CVE-2007-1902
FULLDISC
OTHER-REF
OSVDB
VIM Development Group -- VIMUnspecified vulnerability in Vim (Vi IMproved) before 7.1 has unspecified attack vectors and impact.
unknown
2007-05-14
4.9CVE-2007-2653
MLIST
OTHER-REF
VIM
Vincent Blavet -- PhpConcept Library
CJG EXPLORER PRO -- CJG EXPLORER PRO
** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199.
unknown
2007-05-14
5.6CVE-2007-2660
MILW0RM
VIM
SECUNIA
xajax -- xajaxUnspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
unknown
2007-05-17
4.9CVE-2007-2740
OTHER-REF
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Achievo -- AchievoPHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
unknown
2007-05-17
1.9CVE-2007-2736
MILW0RM
BID
XF
Audio CD Tools -- Audio CD Ripper OCXUnspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.
unknown
2007-05-11
3.3CVE-2007-2603
BUGTRAQ
BID
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-15
1.9CVE-2007-2694
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerThe Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information.
unknown
2007-05-15
2.3CVE-2007-2698
BEA
FRSIRT
SECTRACK
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
unknown
2007-05-15
1.4CVE-2007-2700
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
unknown
2007-05-15
3.4CVE-2007-2701
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalCross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
unknown
2007-05-15
1.1CVE-2007-2702
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
unknown
2007-05-15
2.7CVE-2007-2704
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Integration
BEA Systems -- WebLogic Workshop
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
unknown
2007-05-15
3.3CVE-2007-2705
BEA
FRSIRT
BitsCast -- BitsCastBitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
unknown
2007-05-16
3.3CVE-2007-2726
MILW0RM
BID
Brew City Software -- FlexLabel OCXUnspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.
unknown
2007-05-11
3.3CVE-2007-2604
BUGTRAQ
Brujula Toolbar -- Brujula ToolbarUnspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
unknown
2007-05-11
2.7CVE-2007-2605
BUGTRAQ
BID
Bugada Andrea -- PHP Advanced Transfer ManagerDirectory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.
unknown
2007-05-14
3.3CVE-2007-2659
MILW0RM
Canon -- Network Camera Server VB150
Canon -- Network Camera Server VB101
Canon -- Network Camera Server VB100
Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-14
1.9CVE-2007-2680
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Caucho Technology -- ResinDirectory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
unknown
2007-05-16
3.3CVE-2007-2440
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Caucho Technology -- ResinCaucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
unknown
2007-05-16
3.3CVE-2007-2441
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Check Point Software -- Web IntelligenceCheck Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2689
OTHER-REF
CERT-VN
Cisco -- Cisco IOS
Cisco -- Intrusion Prevention System
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2688
OTHER-REF
CISCO
CERT-VN
BID
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamXAV
Clam Anti-Virus -- ClamAV
Clam Anti-Virus -- ClamWin
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
unknown
2007-05-14
2.3CVE-2007-2650
MLIST
OTHER-REF
FRSIRT
SECUNIA
FAQEngine -- FAQEngineSQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
unknown
2007-05-17
2.3CVE-2007-2749
MILW0RM
Firebird -- FirebirdMultiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2606
BUGTRAQ
GlobalMegaCorp -- PHPChainMultiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure.
unknown
2007-05-14
1.9CVE-2007-2669
OTHER-REF
BID
GlobalMegaCorp -- PHPChainPHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
unknown
2007-05-14
2.3CVE-2007-2670
OTHER-REF
BID
Group-Office -- Group-Office GroupwareGroup-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.
unknown
2007-05-16
1.9CVE-2007-2720
OTHER-REF
BID
FRSIRT
HP -- hpqvwocx.dllStack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.
unknown
2007-05-14
3.3CVE-2007-2656
MILW0RM
BID
ID Automation -- Linear BarcodeUnspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method.
unknown
2007-05-14
3.3CVE-2007-2658
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
Internet Security Systems -- Proventia G Series XPU
Internet Security Systems -- Proventia A Series XPU
Internet Security Systems -- Proventia M Series XPU
Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2690
OTHER-REF
CERT-VN
Ipswitch -- WhatsUp GoldBuffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2602
BUGTRAQ
Jasper JPEG-2000 -- Jasper JPEG-2000The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
unknown
2007-05-16
1.9CVE-2007-2721
OTHER-REF
OTHER-REF
OTHER-REF
Jetbox -- Jetbox CMSformmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
unknown
2007-05-16
3.7CVE-2007-1898
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
XF
Jetbox -- Jetbox CMSCRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.
unknown
2007-05-16
3.7CVE-2007-2731
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
XF
Jetbox -- Jetbox CMSUnrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.
unknown
2007-05-16
3.4CVE-2007-2733
BUGTRAQ
Linux -- KernelThe compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
unknown
2007-05-14
1.6CVE-2006-7203
OTHER-REF
Media Player Classic -- Media Player ClassicMedia Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.
unknown
2007-05-16
2.7CVE-2007-2723
BUGTRAQ
BUGTRAQ
BID
XF
Mozilla -- FirefoxMozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
unknown
2007-05-14
2.7CVE-2007-2671
FULLDISC
OTHER-REF
BID
XF
MyBB -- MyBBMyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
unknown
2007-05-14
2.3CVE-2007-0689
FULLDISC
OTHER-REF
MySQL -- MySQLMySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
unknown
2007-05-15
2.8CVE-2007-2691
OTHER-REF
OTHER-REF
FRSIRT
MySQL -- MySQLMySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
unknown
2007-05-15
2.0CVE-2007-2693
OTHER-REF
OTHER-REF
FRSIRT
NewzCrawler -- NewzCrawlerUnspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence.
unknown
2007-05-16
3.3CVE-2007-2722
MILW0RM
PHP -- PHPThe substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
unknown
2007-05-17
1.9CVE-2007-2748
OTHER-REF
VIM
BID
PinkCrow Designs -- maGAZInDirectory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
unknown
2007-05-13
3.3CVE-2007-2643
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Plain Black -- WebGUIThe viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
unknown
2007-05-17
1.1CVE-2007-2746
OTHER-REF
FRSIRT
PNG Reference Library -- libpngThe png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
unknown
2007-05-16
2.3CVE-2007-2445
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
PrecisionID Barcode -- PrecisionID BarcodeUnspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method.
unknown
2007-05-14
3.3CVE-2007-2657
MILW0RM
OTHER-REF
OTHER-REF
rdiffWeb -- rdiffWebDirectory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
unknown
2007-05-17
2.3CVE-2007-2747
MLIST
OTHER-REF
FRSIRT
RunawaySoft -- Haber PortalRunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.
unknown
2007-05-17
2.3CVE-2007-2753
MILW0RM
Samba -- SambaThe MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
unknown
2007-05-14
3.4CVE-2007-2447
BUGTRAQ
OTHER-REF
IDEFENSE
OTHER-REF
MANDRIVA
REDHAT
SLACKWARE
CERT-VN
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SonicBB -- SonicBBSonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message.
unknown
2007-05-14
1.9CVE-2007-1901
FULLDISC
OTHER-REF
OSVDB
SonicBB -- SonicBBCross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
unknown
2007-05-14
1.9CVE-2007-1903
FULLDISC
OTHER-REF
OSVDB
T-Com -- Speedport W 700vDeutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.
unknown
2007-05-14
3.3CVE-2007-2649
BUGTRAQ
OTHER-REF
SECUNIA
vDesk -- WebmailCross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-17
1.9CVE-2007-2745
BID
xajax -- xajaxCross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-17
1.9CVE-2007-2739
OTHER-REF
SECUNIA
xfsdump -- xfsdump
SuSE -- SuSE Linux School Server
SuSE -- SuSE Open Enterprise Server
SuSE -- SuSE Linux Openexchange Server
SuSE -- OpenSuSE
SuSE -- SuSE Linux Enterprise Server
SuSE -- SuSE Linux Standard Server
SuSE -- SuSE Linux Desktop
xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
unknown
2007-05-14
3.9CVE-2007-2654
SUSE
BID
SECUNIA
Yet Another Telephony Engine -- Yet Another Telephony EngineThe SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using a incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
unknown
2007-05-17
3.3CVE-2007-1693
BUGTRAQ
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- TippingPoint IMS 50
3Com -- TippingPoint IMS 2400E
3Com -- TippingPoint IMS 5000E
3Com -- TippingPoint IMS X505
3Com -- TippingPoint IMS 600E
3Com -- TippingPoint IMS 200
3Com -- TippingPoint IMS 200E
3Com -- TippingPoint IMS X506
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-16
7.0CVE-2007-2734
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
Adobe -- Creative SuiteThe installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.
unknown
2007-05-18
7.0CVE-2007-2682
OTHER-REF
BID
SECTRACK
SECUNIA
Agner Fog -- aForumPHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.
unknown
2007-05-11
7.0CVE-2007-2596
MILW0RM
BID
FRSIRT
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
unknown
2007-05-14
8.0CVE-2007-0754
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
b2evolution -- b2evolutionDirectory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the core_subdir parameter.
unknown
2007-05-14
7.0CVE-2007-2681
BUGTRAQ
XF
BEA Systems -- WebLogic ServerThe JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server.
unknown
2007-05-15
7.0CVE-2007-2696
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service.
unknown
2007-05-15
7.0CVE-2007-2697
BEA
FRSIRT
SECTRACK
SECUNIA
Beacon -- BeaconPHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter.
unknown
2007-05-14
7.0CVE-2007-2663
MILW0RM
Censura -- CensuraSQL injection vulnerability in censura.php in Censura 1.15.04 allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action.
unknown
2007-05-14
7.0CVE-2007-2673
MILW0RM
BID
Centennial -- Discovery
Symantec -- Discovery
Numara -- Asset Manager
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet.
unknown
2007-05-16
10.0CVE-2007-1173
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Clever Components -- Clever Database ComparerStack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function.
unknown
2007-05-14
8.0CVE-2007-2648
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Comodo -- Comodo Personal Firewall
Comodo -- Comodo Firewall Pro
Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
unknown
2007-05-16
7.0CVE-2007-2729
BUGTRAQ
OTHER-REF
Comodo -- Comodo Personal Firewall
Comodo -- Comodo Firewall Pro
Check Point Software -- ZoneAlarm
Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
unknown
2007-05-16
7.0CVE-2007-2730
BUGTRAQ
OTHER-REF
Computer Associates -- eTrust Integrated Threat Management
Computer Associates -- eTrust PestPatrol
Computer Associates -- eTrust EZ Antivirus
Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
unknown
2007-05-11
10.0CVE-2007-2522
OTHER-REF
BID
FRSIRT
BUGTRAQ
OTHER-REF
CERT-VN
SECTRACK
SECUNIA
Computer Associates -- Integrated Threat Management
Computer Associates -- Anti-Virus
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
unknown
2007-05-11
7.0CVE-2007-2523
IDEFENSE
OTHER-REF
BID
FRSIRT
BUGTRAQ
OTHER-REF
CERT-VN
SECTRACK
SECUNIA
DB Soft Lab -- VImp XBuffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.
unknown
2007-05-14
10.0CVE-2007-2667
MILW0RM
DB Soft Lab -- DeWizardXThe DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.
unknown
2007-05-16
10.0CVE-2007-2725
OTHER-REF
OTHER-REF
BID
DivX City -- GDivX Zenith PlayerBuffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.
unknown
2007-05-11
8.0CVE-2007-2601
MILW0RM
BID
Drumster -- BlogMeSQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976.
unknown
2007-05-14
7.0CVE-2007-2661
MILW0RM
BID
XF
EfesTECH Haber -- EfesTECH HaberSQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI.
unknown
2007-05-14
7.0CVE-2007-2662
MILW0RM
EQdkp -- EQdkpMultiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. NOTE: some of these details are obtained from third party information.
unknown
2007-05-16
7.0CVE-2007-2716
FULLDISC
FULLDISC
BID
SECUNIA
Feindt Computerservice -- News-ScriptPHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
unknown
2007-05-16
7.0CVE-2007-2708
MILW0RM
BID
FRSIRT
Fotolog -- FotologCross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-05-16
7.0CVE-2007-2724
BUGTRAQ
Free-SA -- Free-SAMultiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. NOTE: some of these details are obtained from third party information.
unknown
2007-05-14
7.0CVE-2007-2652
OTHER-REF
BID
FRSIRT
FreeType -- FreeTypeInteger signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.
unknown
2007-05-17
10.0CVE-2007-2754
MLIST
OTHER-REF
OTHER-REF
Geeklog -- Media GalleryPHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.
unknown
2007-05-16
7.0CVE-2007-2706
MILW0RM
Glossword -- GlosswordPHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.
unknown
2007-05-17
7.0CVE-2007-2743
MILW0RM
BID
GNU Edu -- GNU EduMultiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
unknown
2007-05-11
7.0CVE-2007-2609
MILW0RM
BID
FRSIRT
XF
HP -- Systems Insight ManagerSession fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
unknown
2007-05-16
10.0CVE-2007-2719
OTHER-REF
HP
FRSIRT
SECUNIA
iFusionServices -- iFdateifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.
unknown
2007-05-16
7.0CVE-2007-2713
BUGTRAQ
OTHER-REF
BID
iGeneric -- iG ShopSQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537.
unknown
2007-05-16
7.0CVE-2007-2717
MILW0RM
BID
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.
unknown
2007-05-16
7.0CVE-2007-2732
BUGTRAQ
FRSIRT
labs.beffa.org -- w2boxUnrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.
unknown
2007-05-17
7.0CVE-2007-2742
BUGTRAQ
BID
XF
LaVague -- LaVaguePHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.
unknown
2007-05-11
7.0CVE-2007-2607
MILW0RM
BID
FRSIRT
XF
libexif -- libexifInteger overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
unknown
2007-05-14
8.0CVE-2007-2645
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Little CMS -- Little CMSStack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
unknown
2007-05-17
7.0CVE-2007-2741
OTHER-REF
BID
FRSIRT
SECUNIA
MH Software -- Connect DailyUnspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.
unknown
2007-05-16
7.0CVE-2007-2712
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Internet Explorer
Stalker -- Communigate Pro
Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.
unknown
2007-05-16
7.0CVE-2007-2718
FULLDISC
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
NagiosQL -- NagiosQL 2005PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter.
unknown
2007-05-16
7.0CVE-2007-2709
MILW0RM
BID
FRSIRT
NagiosQL -- NagiosQLPHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-16
7.0CVE-2007-2710
FRSIRT
Netsprint -- Netsprint ToolbarBuffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-14
7.0CVE-2007-2678
BUGTRAQ
BUGTRAQ
Notepad++ -- Notepad++Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1 and earlier allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: some of these details are obtained from third party information.
unknown
2007-05-14
10.0CVE-2007-2666
MILW0RM
SECUNIA
Open Translation Engine -- Open Translation EnginePHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter.
unknown
2007-05-14
7.0CVE-2007-2676
MILW0RM
VIM
BID
OpenLD -- OpenLDCross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter.
unknown
2007-05-11
7.0CVE-2007-2610
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
BID
FRSIRT
PHP -- PHPThe mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.
unknown
2007-05-16
10.0CVE-2007-2727
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
PHP FirstPost -- PHP FirstPostPHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter.
unknown
2007-05-14
7.0CVE-2007-2665
MILW0RM
BID
phpChess -- phpChessMultiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. NOTE: vector 1 has been disputed by CVE, since the code is defined within a function that is not called from within includes/language.php.
unknown
2007-05-14
7.0CVE-2007-2677
MILW0RM
VIM
BID
PHPGlossar -- PHPGlossarMultiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php.
unknown
2007-05-17
7.0CVE-2007-2751
MILW0RM
Pre Projects -- Pre Shopping MallSQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
unknown
2007-05-14
7.0CVE-2007-2674
MILW0RM
BID
Pre Projects -- Pre Classifieds ListingsSQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
unknown
2007-05-14
7.0CVE-2007-2675
MILW0RM
BID
XF
PrecisionID Barcode -- PrecisionID BarcodeStack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.
unknown
2007-05-17
7.0CVE-2007-2744
OTHER-REF
OTHER-REF
SECUNIA
PrecisionID Barcode -- PrecisionID BarcodeThe PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.
unknown
2007-05-17
10.0CVE-2007-2755
MILW0RM
OTHER-REF
OTHER-REF
Samba -- SambaLogic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
unknown
2007-05-14
7.0CVE-2007-2444
BUGTRAQ
OTHER-REF
OTHER-REF
MANDRIVA
SLACKWARE
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Samba -- SambaMultiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests.
unknown
2007-05-14
10.0CVE-2007-2446
BUGTRAQ
OTHER-REF
OTHER-REF
MANDRIVA
REDHAT
SLACKWARE
CERT-VN
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SimpleNews -- SimpleNewsSQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
unknown
2007-05-11
10.0CVE-2007-2598
MILW0RM
FRSIRT
OTHER-REF
BID
SECUNIA
SimpNews -- SimpNewsSQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter.
unknown
2007-05-17
7.0CVE-2007-2750
MILW0RM
Snaps Gallery -- Snaps GalleryAdmin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
unknown
2007-05-16
10.0CVE-2007-2715
MILW0RM
OTHER-REF
BID
FRSIRT
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
unknown
2007-05-16
10.0CVE-2007-1689
OTHER-REF
TellTargetCMS -- TellTarget CMSMultiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.
unknown
2007-05-11
7.0CVE-2007-2597
MILW0RM
BID
FRSIRT
Thinc4orce Marketing Group -- PHP Coupon ScriptSQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page.
unknown
2007-05-14
7.0CVE-2007-2672
MILW0RM
BID
XF
TinyIRC -- TinyIdentDStack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
unknown
2007-05-16
10.0CVE-2007-2711
MILW0RM
SECUNIA
Tomasz Rekawek -- Yet Another Asterisk PanelPHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function.
unknown
2007-05-14
7.0CVE-2007-2664
MILW0RM
Touteresa -- ResManagerSQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter.
unknown
2007-05-17
7.0CVE-2007-2735
MILW0RM
BID
FRSIRT
VCDGear -- VCDGearMultiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file.
unknown
2007-05-16
8.0CVE-2007-2568
OTHER-REF
FRSIRT
SECUNIA
VooDoo cIRCle -- VooDoo cIRCleMultiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets.
unknown
2007-05-14
7.0CVE-2007-2651
OTHER-REF
BID
FRSIRT
Wavelink Media -- TutorialCMSMultiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2599
MILW0RM
BID
FRSIRT
SECUNIA
Wavelink Media -- TutorialCMSMultiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
unknown
2007-05-11
7.0CVE-2007-2600
MILW0RM
BID
FRSIRT
webdesproxy -- webdesproxyBuffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL.
unknown
2007-05-14
7.0CVE-2007-2668
MILW0RM
Xoops -- MyConference ModuleSQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-17
7.0CVE-2007-2737
FRSIRT
Xoops -- Xoops Glossaire ModuleSQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.
unknown
2007-05-17
7.0CVE-2007-2738
MILW0RM
BID
yEnc32 -- yEnc32Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file.
unknown
2007-05-14
8.0CVE-2007-2646
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality.
unknown
2007-05-15
5.6CVE-2007-2695
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
unknown
2007-05-15
4.8CVE-2007-2699
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalBEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.
unknown
2007-05-15
4.2CVE-2007-2703
BEA
FRSIRT
SECUNIA
Caucho Technology -- ResinCaucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension.
unknown
2007-05-16
6.7CVE-2007-2439
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Drake Team -- Drake CMSCRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."
unknown
2007-05-11
5.6CVE-2007-2618
BUGTRAQ
BID
XF
Linksnet -- NewsfeedPHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter.
unknown
2007-05-16
5.6CVE-2007-2707
MILW0RM
SECUNIA
Matt Mullenweg -- AkismetUnspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
unknown
2007-05-16
4.9CVE-2007-2714
OTHER-REF
OTHER-REF
BID
Monalbum -- MonalbumStatic code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.
unknown
2007-05-14
4.2CVE-2007-2647
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Mutt -- MuttBuffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
unknown
2007-05-15
4.9CVE-2007-2683
OTHER-REF
MySQL -- MySQLThe mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
unknown
2007-05-15
4.2CVE-2007-2692
OTHER-REF
OTHER-REF
FRSIRT
NetWin -- SurgeMail
NetWin -- WebMail
Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors.
unknown
2007-05-14
4.9CVE-2007-2655
OTHER-REF
BID
SECUNIA
PHP -- PHPThe soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-????.
unknown
2007-05-16
4.9CVE-2007-2728
OTHER-REF
RunawaySoft -- Haber PortalSQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-17
4.7CVE-2007-2752
MILW0RM
BID
Simple PHP Scripts Gallery -- Simple PHP Scripts GalleryPHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-14
5.6CVE-2007-2679
VIM
BID
SECUNIA
SonicBB -- SonicBBMultiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php.
unknown
2007-05-14
5.6CVE-2007-1902
FULLDISC
OTHER-REF
OSVDB
VIM Development Group -- VIMUnspecified vulnerability in Vim (Vi IMproved) before 7.1 has unspecified attack vectors and impact.
unknown
2007-05-14
4.9CVE-2007-2653
MLIST
OTHER-REF
VIM
Vincent Blavet -- PhpConcept Library
CJG EXPLORER PRO -- CJG EXPLORER PRO
** DISPUTED ** PHP remote file inclusion vulnerability in pcltrace.lib.php in the PclTar module in Vincent Blavet PhpConcept Library, as used in CJG EXPLORER PRO 3.3 and earlier and probably other products, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. NOTE: CVE disputes this issue since there is no include statement in pcltrace.lib.php. NOTE: the pcltar.lib.php vector is already covered by CVE-2007-2199.
unknown
2007-05-14
5.6CVE-2007-2660
MILW0RM
VIM
SECUNIA
xajax -- xajaxUnspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.
unknown
2007-05-17
4.9CVE-2007-2740
OTHER-REF
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Achievo -- AchievoPHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
unknown
2007-05-17
1.9CVE-2007-2736
MILW0RM
BID
XF
Audio CD Tools -- Audio CD Ripper OCXUnspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.
unknown
2007-05-11
3.3CVE-2007-2603
BUGTRAQ
BID
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-15
1.9CVE-2007-2694
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerThe Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information.
unknown
2007-05-15
2.3CVE-2007-2698
BEA
FRSIRT
SECTRACK
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information.
unknown
2007-05-15
1.4CVE-2007-2700
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic ServerThe JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue."
unknown
2007-05-15
3.4CVE-2007-2701
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic PortalCross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.
unknown
2007-05-15
1.1CVE-2007-2702
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket.
unknown
2007-05-15
2.7CVE-2007-2704
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Integration
BEA Systems -- WebLogic Workshop
Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors.
unknown
2007-05-15
3.3CVE-2007-2705
BEA
FRSIRT
BitsCast -- BitsCastBitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns.
unknown
2007-05-16
3.3CVE-2007-2726
MILW0RM
BID
Brew City Software -- FlexLabel OCXUnspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.
unknown
2007-05-11
3.3CVE-2007-2604
BUGTRAQ
Brujula Toolbar -- Brujula ToolbarUnspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.
unknown
2007-05-11
2.7CVE-2007-2605
BUGTRAQ
BID
Bugada Andrea -- PHP Advanced Transfer ManagerDirectory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. (dot dot) in the directory parameter in a downloadfile action.
unknown
2007-05-14
3.3CVE-2007-2659
MILW0RM
Canon -- Network Camera Server VB150
Canon -- Network Camera Server VB101
Canon -- Network Camera Server VB100
Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-14
1.9CVE-2007-2680
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Caucho Technology -- ResinDirectory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. (dot dot) in a URI containing a "\web-inf" sequence.
unknown
2007-05-16
3.3CVE-2007-2440
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Caucho Technology -- ResinCaucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files.
unknown
2007-05-16
3.3CVE-2007-2441
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Check Point Software -- Web IntelligenceCheck Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2689
OTHER-REF
CERT-VN
Cisco -- Cisco IOS
Cisco -- Intrusion Prevention System
The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2688
OTHER-REF
CISCO
CERT-VN
BID
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamXAV
Clam Anti-Virus -- ClamAV
Clam Anti-Virus -- ClamWin
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
unknown
2007-05-14
2.3CVE-2007-2650
MLIST
OTHER-REF
FRSIRT
SECUNIA
FAQEngine -- FAQEngineSQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.
unknown
2007-05-17
2.3CVE-2007-2749
MILW0RM
Firebird -- FirebirdMultiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2606
BUGTRAQ
GlobalMegaCorp -- PHPChainMultiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path disclosure.
unknown
2007-05-14
1.9CVE-2007-2669
OTHER-REF
BID
GlobalMegaCorp -- PHPChainPHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.
unknown
2007-05-14
2.3CVE-2007-2670
OTHER-REF
BID
Group-Office -- Group-Office GroupwareGroup-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from third party information.
unknown
2007-05-16
1.9CVE-2007-2720
OTHER-REF
BID
FRSIRT
HP -- hpqvwocx.dllStack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.
unknown
2007-05-14
3.3CVE-2007-2656
MILW0RM
BID
ID Automation -- Linear BarcodeUnspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method.
unknown
2007-05-14
3.3CVE-2007-2658
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
Internet Security Systems -- Proventia G Series XPU
Internet Security Systems -- Proventia A Series XPU
Internet Security Systems -- Proventia M Series XPU
Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
unknown
2007-05-15
3.3CVE-2007-2690
OTHER-REF
CERT-VN
Ipswitch -- WhatsUp GoldBuffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument. NOTE: If there is not a common scenario under which MIBEXTRA.EXE is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
unknown
2007-05-11
3.3CVE-2007-2602
BUGTRAQ
Jasper JPEG-2000 -- Jasper JPEG-2000The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert.
unknown
2007-05-16
1.9CVE-2007-2721
OTHER-REF
OTHER-REF
OTHER-REF
Jetbox -- Jetbox CMSformmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
unknown
2007-05-16
3.7CVE-2007-1898
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
XF
Jetbox -- Jetbox CMSCRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.
unknown
2007-05-16
3.7CVE-2007-2731
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
XF
Jetbox -- Jetbox CMSUnrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.
unknown
2007-05-16
3.4CVE-2007-2733
BUGTRAQ
Linux -- KernelThe compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 and earlier allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ("mount -t smbfs").
unknown
2007-05-14
1.6CVE-2006-7203
OTHER-REF
Media Player Classic -- Media Player ClassicMedia Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error.
unknown
2007-05-16
2.7CVE-2007-2723
BUGTRAQ
BUGTRAQ
BID
XF
Mozilla -- FirefoxMozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
unknown
2007-05-14
2.7CVE-2007-2671
FULLDISC
OTHER-REF
BID
XF
MyBB -- MyBBMyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message.
unknown
2007-05-14
2.3CVE-2007-0689
FULLDISC
OTHER-REF
MySQL -- MySQLMySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
unknown
2007-05-15
2.8CVE-2007-2691
OTHER-REF
OTHER-REF
FRSIRT
MySQL -- MySQLMySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
unknown
2007-05-15
2.0CVE-2007-2693
OTHER-REF
OTHER-REF
FRSIRT
NewzCrawler -- NewzCrawlerUnspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence.
unknown
2007-05-16
3.3CVE-2007-2722
MILW0RM
PHP -- PHPThe substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
unknown
2007-05-17
1.9CVE-2007-2748
OTHER-REF
VIM
BID
PinkCrow Designs -- maGAZInDirectory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
unknown
2007-05-13
3.3CVE-2007-2643
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Plain Black -- WebGUIThe viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.
unknown
2007-05-17
1.1CVE-2007-2746
OTHER-REF
FRSIRT
PNG Reference Library -- libpngThe png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.
unknown
2007-05-16
2.3CVE-2007-2445
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
FRSIRT
SECUNIA
PrecisionID Barcode -- PrecisionID BarcodeUnspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method.
unknown
2007-05-14
3.3CVE-2007-2657
MILW0RM
OTHER-REF
OTHER-REF
rdiffWeb -- rdiffWebDirectory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.
unknown
2007-05-17
2.3CVE-2007-2747
MLIST
OTHER-REF
FRSIRT
RunawaySoft -- Haber PortalRunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb.
unknown
2007-05-17
2.3CVE-2007-2753
MILW0RM
Samba -- SambaThe MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
unknown
2007-05-14
3.4CVE-2007-2447
BUGTRAQ
OTHER-REF
IDEFENSE
OTHER-REF
MANDRIVA
REDHAT
SLACKWARE
CERT-VN
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SonicBB -- SonicBBSonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message.
unknown
2007-05-14
1.9CVE-2007-1901
FULLDISC
OTHER-REF
OSVDB
SonicBB -- SonicBBCross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.
unknown
2007-05-14
1.9CVE-2007-1903
FULLDISC
OTHER-REF
OSVDB
T-Com -- Speedport W 700vDeutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.
unknown
2007-05-14
3.3CVE-2007-2649
BUGTRAQ
OTHER-REF
SECUNIA
vDesk -- WebmailCross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-17
1.9CVE-2007-2745
BID
xajax -- xajaxCross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-17
1.9CVE-2007-2739
OTHER-REF
SECUNIA
xfsdump -- xfsdump
SuSE -- SuSE Linux School Server
SuSE -- SuSE Open Enterprise Server
SuSE -- SuSE Linux Openexchange Server
SuSE -- OpenSuSE
SuSE -- SuSE Linux Enterprise Server
SuSE -- SuSE Linux Standard Server
SuSE -- SuSE Linux Desktop
xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
unknown
2007-05-14
3.9CVE-2007-2654
SUSE
BID
SECUNIA
Yet Another Telephony Engine -- Yet Another Telephony EngineThe SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using a incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.
unknown
2007-05-17
3.3CVE-2007-1693
BUGTRAQ
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top