U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-149)

Vulnerability Summary for the Week of May 21, 2007

Original release date: May 29, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AlstraSoft -- Live SupportAlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
unknown
2007-05-21
10.0CVE-2007-2775
MILW0RM
AlstraSoft -- Template SellerAlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
unknown
2007-05-21
10.0CVE-2007-2776
MILW0RM
AlstraSoft -- Template SellerUnrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
unknown
2007-05-21
7.0CVE-2007-2777
MILW0RM
AlstraSoft -- E-FriendsSQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
unknown
2007-05-22
10.0CVE-2007-2824
MILW0RM
BID
com_yanc -- com_yancSQL injection vulnerability in index.php in the com_yanc 1.4 beta Add-on for Mambo allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2007-05-21
7.0CVE-2007-2792
MILW0RM
BID
eSyndicat -- eSyndiCat Promanage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
unknown
2007-05-21
10.0CVE-2007-2785
BUGTRAQ
file -- fileInteger overflow in the "file" program 4.20, when running on 32-bit systems, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
unknown
2007-05-23
8.0CVE-2007-2799
OTHER-REF
Gazi Download Portal -- Gazi Download PortalSQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
10.0CVE-2007-2810
BID
SECUNIA
Geeklog -- GeeklogPHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
unknown
2007-05-21
7.0CVE-2007-2793
MILW0RM
BID
HP -- Tru64 UNIXUnspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
unknown
2007-05-21
10.0CVE-2007-2791
HP
BID
FRSIRT
SECTRACK
SECUNIA
Jetbox -- Jetbox CMSMultiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
unknown
2007-05-21
7.0CVE-2007-2685
FULLDISC
OTHER-REF
OSVDB
KSign -- KSignSWATMultiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.
unknown
2007-05-22
7.0CVE-2007-2820
FULLDISC
FRSIRT
SECUNIA
LEAD Technologies -- LeadTools JPEG 2000Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.
unknown
2007-05-21
8.0CVE-2007-2771
OTHER-REF
OTHER-REF
CERT-VN
SECUNIA
LEAD Technologies -- LeadTools Raster Thumbnail Object LibraryStack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-21
7.0CVE-2007-2787
MILW0RM
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
LEAD Technologies -- LeadTools ISIS ActiveX ControlHeap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName propery.
unknown
2007-05-22
8.0CVE-2007-2827
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Libstats -- LibstatsPHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
unknown
2007-05-21
7.0CVE-2007-2779
MILW0RM
BID
Madirish Webmail -- Madirish WebmailPHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2826
BID
MADWifi -- MADWifiArray index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
unknown
2007-05-23
10.0CVE-2007-2831
OTHER-REF
OTHER-REF
Microsoft -- IISThe "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Server (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
unknown
2007-05-22
10.0CVE-2007-2815
BUGTRAQ
MSKB
MicroWorld Technologies -- eScanStack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
unknown
2007-05-23
10.0CVE-2007-2687
OTHER-REF
FRSIRT
SECUNIA
Ol' Bookmarks -- Ol' BookmarksMultiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (6) test1.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
unknown
2007-05-22
7.0CVE-2007-2816
MILW0RM
VIM
BID
FRSIRT
Ol' Bookmarks -- Ol' BookmarksSQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-22
7.0CVE-2007-2817
MILW0RM
BID
OPeNDAP -- Hyrax
OPeNDAP -- BES
BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.
unknown
2007-05-21
7.0CVE-2007-2769
OTHER-REF
CERT-VN
BID
Opera Software -- Opera Web BrowserBuffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
unknown
2007-05-22
8.0CVE-2007-2809
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Packeteer -- PacketShaperPacketeer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.
unknown
2007-05-21
7.0CVE-2007-2782
BUGTRAQ
BID
Pegasus -- ImagN' ActiveX ControlMultiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
unknown
2007-05-22
7.0CVE-2007-2814
OTHER-REF
BID
FRSIRT
SECUNIA
Qualcomm -- EudoraStack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
unknown
2007-05-21
8.0CVE-2007-2770
MILW0RM
SECUNIA
XF
Rational Software -- Hidden AdministratorUnspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.
unknown
2007-05-21
10.0CVE-2007-2783
BUGTRAQ
BID
Sun -- JDKInteger overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.
unknown
2007-05-21
8.0CVE-2007-2788
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SunLight CMS -- SunLight CMSMultiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
unknown
2007-05-21
7.0CVE-2007-2774
MILW0RM
BID
Vizayn Urun -- Tanitim SitesiSQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2803
SECUNIA
VP-ASP -- VP-ASP Shopping CartCross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter.
unknown
2007-05-21
7.0CVE-2007-2790
BUGTRAQ
Wavelink Media -- TutorialCMSTutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
unknown
2007-05-22
8.0CVE-2007-2822
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
WikyBlog -- WikyBlogCross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.
unknown
2007-05-21
7.0CVE-2007-2781
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
WordPress -- WordPressSQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
unknown
2007-05-22
8.0CVE-2007-2821
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Zomplog -- ZomplogSQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
unknown
2007-05-21
7.0CVE-2007-2773
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Eggheads -- Eggdrop IRC botStack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
unknown
2007-05-22
5.6CVE-2007-2807
OTHER-REF
SECUNIA
HT Editor -- HT EditorMultiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information.
unknown
2007-05-22
5.6CVE-2007-2823
OTHER-REF
BID
SECUNIA
PHP Group -- PEARDirectory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
2007-05-06
2007-05-22
5.6CVE-2007-2519
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@Mail -- @Mail WebmailMultiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
unknown
2007-05-22
2.3CVE-2007-2825
OTHER-REF
XF
Apache Software Foundation -- TomcatMultiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
unknown
2007-05-21
1.9CVE-2007-1355
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
CactuSoft -- ParodiaCross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.
unknown
2007-05-22
2.3CVE-2007-2818
OTHER-REF
BID
XF
CandyPress -- CandyPress StoreMultiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.
unknown
2007-05-22
1.9CVE-2007-2804
OTHER-REF
FRSIRT
SECUNIA
Cisco -- IOS Transmission Control ProtocolCisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
unknown
2007-05-22
3.3CVE-2007-2813
CISCO
Cisco -- Call ManagerCross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
unknown
2007-05-23
1.9CVE-2007-2832
FULLDISC
OTHER-REF
CISCO
FRSIRT
SECUNIA
Clientexec -- ClientexecMultiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
unknown
2007-05-22
1.9CVE-2007-2805
OTHER-REF
BID
XF
Computer Associates -- BrightStor ARCserve Backup(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
unknown
2007-05-21
3.3CVE-2007-2772
BUGTRAQ
MILW0RM
MILW0RM
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
XF
GaliX -- GaliXMultiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
unknown
2007-05-22
3.7CVE-2007-2806
OTHER-REF
BID
SECUNIA
Globus -- Globus ToolkitUnspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
unknown
2007-05-21
3.3CVE-2007-2784
MLIST
OTHER-REF
OTHER-REF
BID
SECUNIA
HLstats -- HLstatsCross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
unknown
2007-05-22
2.3CVE-2007-2812
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
ircd-ratbox -- ircd-ratboxRatbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.
unknown
2007-05-21
2.3CVE-2007-2786
MLIST
OPENPKG
BID
SECUNIA
XF
Jetbox -- Jetbox CMSJetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
unknown
2007-05-21
2.3CVE-2007-2684
FULLDISC
OTHER-REF
OSVDB
Jetbox -- Jetbox CMSCross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
unknown
2007-05-22
1.9CVE-2007-2686
FULLDISC
OTHER-REF
OSVDB
JohnTP -- AdSense-DeluxeCross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
unknown
2007-05-22
3.4CVE-2007-2828
OTHER-REF
SECUNIA
MADWifi -- MADWifiThe 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
unknown
2007-05-23
2.3CVE-2007-2829
OTHER-REF
OTHER-REF
MADWifi -- MADWifiThe ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
unknown
2007-05-23
2.3CVE-2007-2830
OTHER-REF
OTHER-REF
MolyX -- MolyX BoardMultiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts.
unknown
2007-05-21
3.3CVE-2007-2778
MILW0RM
BID
OpenBSD -- OpenSSHOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
unknown
2007-05-21
1.9CVE-2007-2768
FULLDISC
OSVDB
OPeNDAP -- Hyrax
OPeNDAP -- BES
Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors.
unknown
2007-05-21
3.3CVE-2007-2767
OTHER-REF
CERT-VN
BID
OSK -- Advance-FlowCross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-22
2.3CVE-2007-2811
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHPThe imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
unknown
2007-05-22
1.6CVE-2006-7204
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
PHP Group -- PHPThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
unknown
2007-05-23
2.3CVE-2006-7205
OTHER-REF
OSVDB
SECTRACK
PsychoStats -- PsychoStatsPsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.
unknown
2007-05-21
3.3CVE-2007-2780
FULLDISC
FULLDISC
BID
RM -- RM EasyMail PlusCross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.
unknown
2007-05-22
1.9CVE-2007-2802
OTHER-REF
SECUNIA
RSA -- BSAFE Cert-C
RSA -- BSAFE Crypto-C
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
unknown
2007-05-22
2.3CVE-2006-3894
OTHER-REF
CISCO
CERT-VN
Sun -- JDKThe BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
unknown
2007-05-21
2.7CVE-2007-2789
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Track+ -- Track+Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
unknown
2007-05-22
2.3CVE-2007-2819
OTHER-REF
BID
XF
Yngve Svendsen -- Gnatsweb
GNU -- GNATS
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
unknown
2007-05-22
1.9CVE-2007-2808
OTHER-REF
FRSIRT
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AlstraSoft -- Live SupportAlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
unknown
2007-05-21
10.0CVE-2007-2775
MILW0RM
AlstraSoft -- Template SellerAlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
unknown
2007-05-21
10.0CVE-2007-2776
MILW0RM
AlstraSoft -- Template SellerUnrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.
unknown
2007-05-21
7.0CVE-2007-2777
MILW0RM
AlstraSoft -- E-FriendsSQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
unknown
2007-05-22
10.0CVE-2007-2824
MILW0RM
BID
com_yanc -- com_yancSQL injection vulnerability in index.php in the com_yanc 1.4 beta Add-on for Mambo allows remote attackers to execute arbitrary SQL commands via the listid parameter.
unknown
2007-05-21
7.0CVE-2007-2792
MILW0RM
BID
eSyndicat -- eSyndiCat Promanage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.
unknown
2007-05-21
10.0CVE-2007-2785
BUGTRAQ
file -- fileInteger overflow in the "file" program 4.20, when running on 32-bit systems, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. NOTE: this issue is due to an incorrect patch for CVE-2007-1536.
unknown
2007-05-23
8.0CVE-2007-2799
OTHER-REF
Gazi Download Portal -- Gazi Download PortalSQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
10.0CVE-2007-2810
BID
SECUNIA
Geeklog -- GeeklogPHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
unknown
2007-05-21
7.0CVE-2007-2793
MILW0RM
BID
HP -- Tru64 UNIXUnspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
unknown
2007-05-21
10.0CVE-2007-2791
HP
BID
FRSIRT
SECTRACK
SECUNIA
Jetbox -- Jetbox CMSMultiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.
unknown
2007-05-21
7.0CVE-2007-2685
FULLDISC
OTHER-REF
OSVDB
KSign -- KSignSWATMultiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.
unknown
2007-05-22
7.0CVE-2007-2820
FULLDISC
FRSIRT
SECUNIA
LEAD Technologies -- LeadTools JPEG 2000Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.
unknown
2007-05-21
8.0CVE-2007-2771
OTHER-REF
OTHER-REF
CERT-VN
SECUNIA
LEAD Technologies -- LeadTools Raster Thumbnail Object LibraryStack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.
unknown
2007-05-21
7.0CVE-2007-2787
MILW0RM
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
LEAD Technologies -- LeadTools ISIS ActiveX ControlHeap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName propery.
unknown
2007-05-22
8.0CVE-2007-2827
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Libstats -- LibstatsPHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.
unknown
2007-05-21
7.0CVE-2007-2779
MILW0RM
BID
Madirish Webmail -- Madirish WebmailPHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2826
BID
MADWifi -- MADWifiArray index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allow local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
unknown
2007-05-23
10.0CVE-2007-2831
OTHER-REF
OTHER-REF
Microsoft -- IISThe "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Server (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
unknown
2007-05-22
10.0CVE-2007-2815
BUGTRAQ
MSKB
MicroWorld Technologies -- eScanStack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.
unknown
2007-05-23
10.0CVE-2007-2687
OTHER-REF
FRSIRT
SECUNIA
Ol' Bookmarks -- Ol' BookmarksMultiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (6) test1.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.
unknown
2007-05-22
7.0CVE-2007-2816
MILW0RM
VIM
BID
FRSIRT
Ol' Bookmarks -- Ol' BookmarksSQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-22
7.0CVE-2007-2817
MILW0RM
BID
OPeNDAP -- Hyrax
OPeNDAP -- BES
BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.
unknown
2007-05-21
7.0CVE-2007-2769
OTHER-REF
CERT-VN
BID
Opera Software -- Opera Web BrowserBuffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
unknown
2007-05-22
8.0CVE-2007-2809
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Packeteer -- PacketShaperPacketeer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.
unknown
2007-05-21
7.0CVE-2007-2782
BUGTRAQ
BID
Pegasus -- ImagN' ActiveX ControlMultiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.
unknown
2007-05-22
7.0CVE-2007-2814
OTHER-REF
BID
FRSIRT
SECUNIA
Qualcomm -- EudoraStack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
unknown
2007-05-21
8.0CVE-2007-2770
MILW0RM
SECUNIA
XF
Rational Software -- Hidden AdministratorUnspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.
unknown
2007-05-21
10.0CVE-2007-2783
BUGTRAQ
BID
Sun -- JDKInteger overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.
unknown
2007-05-21
8.0CVE-2007-2788
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SunLight CMS -- SunLight CMSMultiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.
unknown
2007-05-21
7.0CVE-2007-2774
MILW0RM
BID
Vizayn Urun -- Tanitim SitesiSQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-22
7.0CVE-2007-2803
SECUNIA
VP-ASP -- VP-ASP Shopping CartCross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter.
unknown
2007-05-21
7.0CVE-2007-2790
BUGTRAQ
Wavelink Media -- TutorialCMSTutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
unknown
2007-05-22
8.0CVE-2007-2822
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
WikyBlog -- WikyBlogCross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.
unknown
2007-05-21
7.0CVE-2007-2781
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
WordPress -- WordPressSQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.
unknown
2007-05-22
8.0CVE-2007-2821
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Zomplog -- ZomplogSQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.
unknown
2007-05-21
7.0CVE-2007-2773
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Eggheads -- Eggdrop IRC botStack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
unknown
2007-05-22
5.6CVE-2007-2807
OTHER-REF
SECUNIA
HT Editor -- HT EditorMultiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third party information.
unknown
2007-05-22
5.6CVE-2007-2823
OTHER-REF
BID
SECUNIA
PHP Group -- PEARDirectory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions.
2007-05-06
2007-05-22
5.6CVE-2007-2519
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
@Mail -- @Mail WebmailMultiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
unknown
2007-05-22
2.3CVE-2007-2825
OTHER-REF
XF
Apache Software Foundation -- TomcatMultiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
unknown
2007-05-21
1.9CVE-2007-1355
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
CactuSoft -- ParodiaCross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.
unknown
2007-05-22
2.3CVE-2007-2818
OTHER-REF
BID
XF
CandyPress -- CandyPress StoreMultiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.
unknown
2007-05-22
1.9CVE-2007-2804
OTHER-REF
FRSIRT
SECUNIA
Cisco -- IOS Transmission Control ProtocolCisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.
unknown
2007-05-22
3.3CVE-2007-2813
CISCO
Cisco -- Call ManagerCross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.
unknown
2007-05-23
1.9CVE-2007-2832
FULLDISC
OTHER-REF
CISCO
FRSIRT
SECUNIA
Clientexec -- ClientexecMultiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.
unknown
2007-05-22
1.9CVE-2007-2805
OTHER-REF
BID
XF
Computer Associates -- BrightStor ARCserve Backup(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.
unknown
2007-05-21
3.3CVE-2007-2772
BUGTRAQ
MILW0RM
MILW0RM
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
XF
GaliX -- GaliXMultiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.
unknown
2007-05-22
3.7CVE-2007-2806
OTHER-REF
BID
SECUNIA
Globus -- Globus ToolkitUnspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.
unknown
2007-05-21
3.3CVE-2007-2784
MLIST
OTHER-REF
OTHER-REF
BID
SECUNIA
HLstats -- HLstatsCross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.
unknown
2007-05-22
2.3CVE-2007-2812
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
ircd-ratbox -- ircd-ratboxRatbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.
unknown
2007-05-21
2.3CVE-2007-2786
MLIST
OPENPKG
BID
SECUNIA
XF
Jetbox -- Jetbox CMSJetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
unknown
2007-05-21
2.3CVE-2007-2684
FULLDISC
OTHER-REF
OSVDB
Jetbox -- Jetbox CMSCross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.
unknown
2007-05-22
1.9CVE-2007-2686
FULLDISC
OTHER-REF
OSVDB
JohnTP -- AdSense-DeluxeCross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.
unknown
2007-05-22
3.4CVE-2007-2828
OTHER-REF
SECUNIA
MADWifi -- MADWifiThe 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.
unknown
2007-05-23
2.3CVE-2007-2829
OTHER-REF
OTHER-REF
MADWifi -- MADWifiThe ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.
unknown
2007-05-23
2.3CVE-2007-2830
OTHER-REF
OTHER-REF
MolyX -- MolyX BoardMultiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to index.php and other unspecified PHP scripts.
unknown
2007-05-21
3.3CVE-2007-2778
MILW0RM
BID
OpenBSD -- OpenSSHOpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.
unknown
2007-05-21
1.9CVE-2007-2768
FULLDISC
OSVDB
OPeNDAP -- Hyrax
OPeNDAP -- BES
Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors.
unknown
2007-05-21
3.3CVE-2007-2767
OTHER-REF
CERT-VN
BID
OSK -- Advance-FlowCross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-05-22
2.3CVE-2007-2811
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHPThe imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
unknown
2007-05-22
1.6CVE-2006-7204
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
PHP Group -- PHPThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
unknown
2007-05-23
2.3CVE-2006-7205
OTHER-REF
OSVDB
SECTRACK
PsychoStats -- PsychoStatsPsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.
unknown
2007-05-21
3.3CVE-2007-2780
FULLDISC
FULLDISC
BID
RM -- RM EasyMail PlusCross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.
unknown
2007-05-22
1.9CVE-2007-2802
OTHER-REF
SECUNIA
RSA -- BSAFE Cert-C
RSA -- BSAFE Crypto-C
The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.
unknown
2007-05-22
2.3CVE-2006-3894
OTHER-REF
CISCO
CERT-VN
Sun -- JDKThe BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
unknown
2007-05-21
2.7CVE-2007-2789
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Track+ -- Track+Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.
unknown
2007-05-22
2.3CVE-2007-2819
OTHER-REF
BID
XF
Yngve Svendsen -- Gnatsweb
GNU -- GNATS
Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
unknown
2007-05-22
1.9CVE-2007-2808
OTHER-REF
FRSIRT
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top