U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-155)

Vulnerability Summary for the Week of May 28, 2007

Original release date: June 04, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2z Project -- 2z ProjectSQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter.
unknown
2007-05-30
7.0CVE-2007-2898
BUGTRAQ
OTHER-REF
FRSIRT
2z Project -- 2z ProjectSQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
7.0CVE-2007-2905
BUGTRAQ
OTHER-REF
FRSIRT
Apache Software Foundation -- Tomcat JK Web Server Connectormod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directly traversal, a related issue to CVE-2007-0450.
unknown
2007-05-25
7.0CVE-2007-1860
OTHER-REF
OTHER-REF
SECUNIA
Authentium -- Command AntivirusMultiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-31
8.0CVE-2007-2917
CERT-VN
BoastMachine -- BoastMachineCross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
unknown
2007-05-30
10.0CVE-2007-2932
BUGTRAQ
BID
XF
Bochs -- BochsHeap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in emulated NE2000 device in Bochs 2.3 does not prevent TXCNT register values from exceeding the device memory size, which allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system, aka "RX Frame heap overflow."
unknown
2007-05-29
7.0CVE-2007-2893
OTHER-REF
FRSIRT
cpCommerce -- cpCommerceSQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
unknown
2007-05-29
7.0CVE-2007-2890
MILW0RM
BID
cpCommerce -- cpCommerceSQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
unknown
2007-05-31
7.0CVE-2007-2959
BUGTRAQ
BID
David Branco -- OpenBASEMultiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
unknown
2007-05-30
7.0CVE-2007-2947
MILW0RM
BID
FRSIRT
Dian Gemilang -- DGNewsSQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
unknown
2007-05-30
7.0CVE-2007-0693
BUGTRAQ
BID
OSVDB
DigiAppz -- DigiRezMultiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
unknown
2007-05-29
10.0CVE-2007-2880
BUGTRAQ
Dokeos -- Open Source Learning & Knowledge Management ToolSQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
unknown
2007-05-29
7.0CVE-2007-2889
MILW0RM
BID
XF
Dokeos -- DokeosSQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
unknown
2007-05-30
7.0CVE-2007-2902
MILW0RM
EZB Systems -- UltraISOStack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
unknown
2007-05-29
8.0CVE-2007-2888
MILW0RM
BID
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
unknown
2007-05-31
7.0CVE-2007-2965
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, a similar issue to CVE-2006-4335.
unknown
2007-05-31
7.0CVE-2007-2966
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) archives or (2) packed executables.
unknown
2007-05-31
10.0CVE-2007-2967
OTHER-REF
FRSIRT
FileCloset -- FileClosetUnrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
unknown
2007-05-31
7.0CVE-2007-2961
OTHER-REF
OTHER-REF
BID
SECUNIA
FirmWorX -- FirmWorXMultiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
unknown
2007-05-29
7.0CVE-2007-2891
MILW0RM
BID
Frequency Clock -- Frequency ClockMultiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
unknown
2007-05-30
7.0CVE-2007-2936
MILW0RM
BID
Fundanemt -- Fundanemtcore/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
unknown
2007-05-30
7.0CVE-2007-2935
MILW0RM
OTHER-REF
BID
SECUNIA
GNUTurk -- GNUTurk Portal SystemCross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
unknown
2007-05-29
10.0CVE-2007-2879
BUGTRAQ
BID
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-????.
unknown
2007-05-30
10.0CVE-2007-2910
OTHER-REF
LEAD Technologies -- LeadTools Raster Dialog File ObjectBuffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
unknown
2007-05-29
10.0CVE-2007-2895
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
LEAD Technologies -- LeadTools Raster Dialog File ObjectBuffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
unknown
2007-05-30
10.0CVE-2007-2946
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Macrovision -- Update Service
Macrovision -- FLEXnet Connect
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via the Execute method.
unknown
2007-05-31
8.0CVE-2007-0328
CERT-VN
OTHER-REF
Michael Brandon -- vBGSiteMapMultiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
unknown
2007-05-30
7.0CVE-2007-2941
MILW0RM
BID
Microsoft -- Visual BasicMultiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
unknown
2007-05-29
8.0CVE-2007-2884
MILW0RM
MILW0RM
BID
BID
XF
XF
Microsoft -- IISMicrosoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
unknown
2007-05-30
7.0CVE-2007-2897
FULLDISC
FULLDISC
XF
Microsoft -- Internet Explorer
Honeywell -- Ademco ATNBaseLoader100 Module
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
unknown
2007-05-30
10.0CVE-2007-2938
MILW0RM
BID
FRSIRT
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
unknown
2007-05-31
7.0CVE-2007-2868
OTHER-REF
my little homepage -- my little forumSQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-30
7.0CVE-2007-2942
MILW0RM
BID
FRSIRT
SECUNIA
Navboard -- NavboardDirect static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
unknown
2007-05-30
7.0CVE-2007-2899
MILW0RM
BID
Phil-a-Form -- Phil-a-FormSQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
unknown
2007-05-30
7.0CVE-2007-2933
MILW0RM
PHPEcho CMS -- PHPEcho CMSMultiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-05-25
7.0CVE-2007-2866
OTHER-REF
FRSIRT
phpPgAdmin -- phpPgAdminCross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
unknown
2007-05-25
8.0CVE-2007-2865
FULLDISC
BID
XF
Scallywag.org -- ScallywagMultiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-31
7.0CVE-2007-2960
FRSIRT
Sun -- Java Web Proxy ServerMultiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
unknown
2007-05-29
10.0CVE-2007-2881
IDEFENSE
SUNALERT
Tcl_Tk -- Tcl_TkBuffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
unknown
2007-05-29
7.0CVE-2007-2877
OTHER-REF
OTHER-REF
SECUNIA
TROforum -- TROforumPHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
unknown
2007-05-30
7.0CVE-2007-2937
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime for Java 7.1.6 on Mac OS X and Windows allows remote attackers to execute arbitrary code via unknown vectors related to Java applets.
unknown
2007-05-29
5.6CVE-2007-2388
APPLE
Credant -- Credant Mobile Guardian Shield - WindowsCredant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
unknown
2007-05-29
4.9CVE-2007-2883
BUGTRAQ
BID
FlaP -- FlaPMultiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
unknown
2007-05-30
5.6CVE-2007-2940
MILW0RM
BID
FRSIRT
GForge -- GForgeplugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
unknown
2007-05-29
5.6CVE-2007-0246
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
unknown
2007-05-30
6.0CVE-2007-2909
OTHER-REF
Jelsoft -- vBulletinSQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
unknown
2007-05-30
4.8CVE-2007-2911
OTHER-REF
Logitech -- VideoCallMultiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.
unknown
2007-05-31
5.6CVE-2007-2918
CERT-VN
BID
Mazens PHP Chat -- Mazens PHP ChatMultiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
unknown
2007-05-30
5.6CVE-2007-2939
MILW0RM
BID
FRSIRT
Scallywag.org -- ScallywagMultiple PHP remote file inclusion vulnerabilities in Scallywag allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
unknown
2007-05-30
5.6CVE-2007-2900
MILW0RM
SSL-Explorer -- SSL-ExplorerUnspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers, which has unknown impact, possibly resulting in cross-site scripting (XSS) or HTTP request smuggling.
unknown
2007-05-30
6.0CVE-2007-2907
OTHER-REF
Symantec -- Enterprise Security ManagerRace condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
unknown
2007-05-29
5.6CVE-2007-2896
OTHER-REF
OTHER-REF
BID
SECUNIA
Webavis -- WebavisPHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2007-05-30
5.6CVE-2007-2943
MILW0RM
FRSIRT

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeApple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
unknown
2007-05-29
2.7CVE-2007-2389
APPLE
ASP-Nuke -- ASP-NukeCross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-29
1.9CVE-2007-2892
OTHER-REF
BID
Bochs -- BochsThe emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
unknown
2007-05-29
1.6CVE-2007-2894
OTHER-REF
FRSIRT
ClonusWiki -- ClonusWikiCross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
unknown
2007-05-30
1.9CVE-2007-2913
BUGTRAQ
DGNews -- DGNewsDGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0692
BUGTRAQ
OSVDB
Dian Gemilang -- DGNewsCross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
unknown
2007-05-30
1.9CVE-2007-0694
BUGTRAQ
BID
OSVDB
Dokeos -- DokeosMultiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
unknown
2007-05-30
1.9CVE-2007-2901
MILW0RM
F-Secure -- Policy ManagerThe fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
unknown
2007-05-31
2.3CVE-2007-2964
OTHER-REF
FRSIRT
SECUNIA
Forsnet -- Web Icerik Yonetim SistemiCross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
unknown
2007-05-29
1.9CVE-2007-2887
BUGTRAQ
GMTT -- Music DistroCross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.
unknown
2007-05-30
1.9CVE-2007-2916
BUGTRAQ
Invision Power Services -- Invision Power BoardMultiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
unknown
2007-05-31
1.9CVE-2007-2963
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
unknown
2007-05-30
1.9CVE-2007-2908
BUGTRAQ
BID
SECUNIA
Jelsoft -- vBulletinUnspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
unknown
2007-05-30
2.3CVE-2007-2912
OTHER-REF
Linux -- KernelUnspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2451
OTHER-REF
OTHER-REF
SECUNIA
Linux -- KernelThe VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
unknown
2007-05-29
2.3CVE-2007-2878
OTHER-REF
BID
Microsoft -- Visual Database Tools Database DesignerThe NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
unknown
2007-05-29
1.9CVE-2007-2885
OTHER-REF
BID
Microsoft -- OfficeBuffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-05-30
2.3CVE-2007-2903
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
unknown
2007-05-31
3.3CVE-2007-1362
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
unknown
2007-05-31
3.3CVE-2007-2867
OTHER-REF
Mozilla -- FirefoxThe form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
unknown
2007-05-31
2.3CVE-2007-2869
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
unknown
2007-05-31
1.9CVE-2007-2870
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
unknown
2007-05-31
1.9CVE-2007-2871
OTHER-REF
myEvent -- myEventmyEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0690
BUGTRAQ
OSVDB
Nortel -- Communications ServerUnspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2886
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Particle Soft -- Particle GalleryCross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
unknown
2007-05-31
1.9CVE-2007-2962
BUGTRAQ
PsychoStats -- PsychoStatsMultiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
unknown
2007-05-30
1.9CVE-2007-2914
BUGTRAQ
RM EasyMail -- RM EasyMail PlusCross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.
unknown
2007-05-30
1.9CVE-2007-2915
BUGTRAQ
RMForum -- RMForumRMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
unknown
2007-05-30
2.3CVE-2007-2945
BUGTRAQ
SECUNIA
Sun -- SolarisUnspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
unknown
2007-05-29
2.3CVE-2007-2882
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- Java System Messaging ServerCross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
unknown
2007-05-30
1.9CVE-2007-2904
SUNALERT
Sun -- Java Embedding PluginJava Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
unknown
2007-05-30
2.3CVE-2007-2906
OTHER-REF
WabCMS -- WabCMSWabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
2.3CVE-2007-2944
SECUNIA
Windy Road -- Vistered LittleDirectory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
unknown
2007-05-30
3.3CVE-2007-2934
MILW0RM
VIM
BID

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2z Project -- 2z ProjectSQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter.
unknown
2007-05-30
7.0CVE-2007-2898
BUGTRAQ
OTHER-REF
FRSIRT
2z Project -- 2z ProjectSQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
7.0CVE-2007-2905
BUGTRAQ
OTHER-REF
FRSIRT
Apache Software Foundation -- Tomcat JK Web Server Connectormod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directly traversal, a related issue to CVE-2007-0450.
unknown
2007-05-25
7.0CVE-2007-1860
OTHER-REF
OTHER-REF
SECUNIA
Authentium -- Command AntivirusMultiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-05-31
8.0CVE-2007-2917
CERT-VN
BoastMachine -- BoastMachineCross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
unknown
2007-05-30
10.0CVE-2007-2932
BUGTRAQ
BID
XF
Bochs -- BochsHeap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in emulated NE2000 device in Bochs 2.3 does not prevent TXCNT register values from exceeding the device memory size, which allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system, aka "RX Frame heap overflow."
unknown
2007-05-29
7.0CVE-2007-2893
OTHER-REF
FRSIRT
cpCommerce -- cpCommerceSQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.
unknown
2007-05-29
7.0CVE-2007-2890
MILW0RM
BID
cpCommerce -- cpCommerceSQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.
unknown
2007-05-31
7.0CVE-2007-2959
BUGTRAQ
BID
David Branco -- OpenBASEMultiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.
unknown
2007-05-30
7.0CVE-2007-2947
MILW0RM
BID
FRSIRT
Dian Gemilang -- DGNewsSQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. NOTE: this issue can produce resultant cross-site scripting (XSS).
unknown
2007-05-30
7.0CVE-2007-0693
BUGTRAQ
BID
OSVDB
DigiAppz -- DigiRezMultiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.
unknown
2007-05-29
10.0CVE-2007-2880
BUGTRAQ
Dokeos -- Open Source Learning & Knowledge Management ToolSQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
unknown
2007-05-29
7.0CVE-2007-2889
MILW0RM
BID
XF
Dokeos -- DokeosSQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.
unknown
2007-05-30
7.0CVE-2007-2902
MILW0RM
EZB Systems -- UltraISOStack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
unknown
2007-05-29
8.0CVE-2007-2888
MILW0RM
BID
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."
unknown
2007-05-31
7.0CVE-2007-2965
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, a similar issue to CVE-2006-4335.
unknown
2007-05-31
7.0CVE-2007-2966
OTHER-REF
FRSIRT
SECUNIA
F-Secure -- F-Secure Protection Service
F-Secure -- F-Secure Anti-Virus Linux Server Security
F-Secure -- F-Secure Internet Security
F-Secure -- F-Secure Anti-Virus Linux Client Security
F-Secure -- Internet Gatekeeper
F-Secure -- F-Secure Anti-Virus Client Security
F-secure -- F-Secure Anti-Virus
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) archives or (2) packed executables.
unknown
2007-05-31
10.0CVE-2007-2967
OTHER-REF
FRSIRT
FileCloset -- FileClosetUnrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.
unknown
2007-05-31
7.0CVE-2007-2961
OTHER-REF
OTHER-REF
BID
SECUNIA
FirmWorX -- FirmWorXMultiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.
unknown
2007-05-29
7.0CVE-2007-2891
MILW0RM
BID
Frequency Clock -- Frequency ClockMultiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.
unknown
2007-05-30
7.0CVE-2007-2936
MILW0RM
BID
Fundanemt -- Fundanemtcore/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.
unknown
2007-05-30
7.0CVE-2007-2935
MILW0RM
OTHER-REF
BID
SECUNIA
GNUTurk -- GNUTurk Portal SystemCross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.
unknown
2007-05-29
10.0CVE-2007-2879
BUGTRAQ
BID
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-????.
unknown
2007-05-30
10.0CVE-2007-2910
OTHER-REF
LEAD Technologies -- LeadTools Raster Dialog File ObjectBuffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.
unknown
2007-05-29
10.0CVE-2007-2895
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
LEAD Technologies -- LeadTools Raster Dialog File ObjectBuffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
unknown
2007-05-30
10.0CVE-2007-2946
MILW0RM
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Macrovision -- Update Service
Macrovision -- FLEXnet Connect
The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via the Execute method.
unknown
2007-05-31
8.0CVE-2007-0328
CERT-VN
OTHER-REF
Michael Brandon -- vBGSiteMapMultiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.
unknown
2007-05-30
7.0CVE-2007-2941
MILW0RM
BID
Microsoft -- Visual BasicMultiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
unknown
2007-05-29
8.0CVE-2007-2884
MILW0RM
MILW0RM
BID
BID
XF
XF
Microsoft -- IISMicrosoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
unknown
2007-05-30
7.0CVE-2007-2897
FULLDISC
FULLDISC
XF
Microsoft -- Internet Explorer
Honeywell -- Ademco ATNBaseLoader100 Module
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
unknown
2007-05-30
10.0CVE-2007-2938
MILW0RM
BID
FRSIRT
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
unknown
2007-05-31
7.0CVE-2007-2868
OTHER-REF
my little homepage -- my little forumSQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-05-30
7.0CVE-2007-2942
MILW0RM
BID
FRSIRT
SECUNIA
Navboard -- NavboardDirect static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.
unknown
2007-05-30
7.0CVE-2007-2899
MILW0RM
BID
Phil-a-Form -- Phil-a-FormSQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
unknown
2007-05-30
7.0CVE-2007-2933
MILW0RM
PHPEcho CMS -- PHPEcho CMSMultiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-05-25
7.0CVE-2007-2866
OTHER-REF
FRSIRT
phpPgAdmin -- phpPgAdminCross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
unknown
2007-05-25
8.0CVE-2007-2865
FULLDISC
BID
XF
Scallywag.org -- ScallywagMultiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-31
7.0CVE-2007-2960
FRSIRT
Sun -- Java Web Proxy ServerMultiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
unknown
2007-05-29
10.0CVE-2007-2881
IDEFENSE
SUNALERT
Tcl_Tk -- Tcl_TkBuffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.
unknown
2007-05-29
7.0CVE-2007-2877
OTHER-REF
OTHER-REF
SECUNIA
TROforum -- TROforumPHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.
unknown
2007-05-30
7.0CVE-2007-2937
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime for Java 7.1.6 on Mac OS X and Windows allows remote attackers to execute arbitrary code via unknown vectors related to Java applets.
unknown
2007-05-29
5.6CVE-2007-2388
APPLE
Credant -- Credant Mobile Guardian Shield - WindowsCredant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
unknown
2007-05-29
4.9CVE-2007-2883
BUGTRAQ
BID
FlaP -- FlaPMultiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.
unknown
2007-05-30
5.6CVE-2007-2940
MILW0RM
BID
FRSIRT
GForge -- GForgeplugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.
unknown
2007-05-29
5.6CVE-2007-0246
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.
unknown
2007-05-30
6.0CVE-2007-2909
OTHER-REF
Jelsoft -- vBulletinSQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.
unknown
2007-05-30
4.8CVE-2007-2911
OTHER-REF
Logitech -- VideoCallMultiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.
unknown
2007-05-31
5.6CVE-2007-2918
CERT-VN
BID
Mazens PHP Chat -- Mazens PHP ChatMultiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.
unknown
2007-05-30
5.6CVE-2007-2939
MILW0RM
BID
FRSIRT
Scallywag.org -- ScallywagMultiple PHP remote file inclusion vulnerabilities in Scallywag allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.
unknown
2007-05-30
5.6CVE-2007-2900
MILW0RM
SSL-Explorer -- SSL-ExplorerUnspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers, which has unknown impact, possibly resulting in cross-site scripting (XSS) or HTTP request smuggling.
unknown
2007-05-30
6.0CVE-2007-2907
OTHER-REF
Symantec -- Enterprise Security ManagerRace condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.
unknown
2007-05-29
5.6CVE-2007-2896
OTHER-REF
OTHER-REF
BID
SECUNIA
Webavis -- WebavisPHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2007-05-30
5.6CVE-2007-2943
MILW0RM
FRSIRT

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeApple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.
unknown
2007-05-29
2.7CVE-2007-2389
APPLE
ASP-Nuke -- ASP-NukeCross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-29
1.9CVE-2007-2892
OTHER-REF
BID
Bochs -- BochsThe emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.
unknown
2007-05-29
1.6CVE-2007-2894
OTHER-REF
FRSIRT
ClonusWiki -- ClonusWikiCross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
unknown
2007-05-30
1.9CVE-2007-2913
BUGTRAQ
DGNews -- DGNewsDGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0692
BUGTRAQ
OSVDB
Dian Gemilang -- DGNewsCross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.
unknown
2007-05-30
1.9CVE-2007-0694
BUGTRAQ
BID
OSVDB
Dokeos -- DokeosMultiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
unknown
2007-05-30
1.9CVE-2007-2901
MILW0RM
F-Secure -- Policy ManagerThe fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.
unknown
2007-05-31
2.3CVE-2007-2964
OTHER-REF
FRSIRT
SECUNIA
Forsnet -- Web Icerik Yonetim SistemiCross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.
unknown
2007-05-29
1.9CVE-2007-2887
BUGTRAQ
GMTT -- Music DistroCross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.
unknown
2007-05-30
1.9CVE-2007-2916
BUGTRAQ
Invision Power Services -- Invision Power BoardMultiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.
unknown
2007-05-31
1.9CVE-2007-2963
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Jelsoft -- vBulletinCross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
unknown
2007-05-30
1.9CVE-2007-2908
BUGTRAQ
BID
SECUNIA
Jelsoft -- vBulletinUnspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.
unknown
2007-05-30
2.3CVE-2007-2912
OTHER-REF
Linux -- KernelUnspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2451
OTHER-REF
OTHER-REF
SECUNIA
Linux -- KernelThe VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
unknown
2007-05-29
2.3CVE-2007-2878
OTHER-REF
BID
Microsoft -- Visual Database Tools Database DesignerThe NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.
unknown
2007-05-29
1.9CVE-2007-2885
OTHER-REF
BID
Microsoft -- OfficeBuffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-05-30
2.3CVE-2007-2903
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
unknown
2007-05-31
3.3CVE-2007-1362
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
unknown
2007-05-31
3.3CVE-2007-2867
OTHER-REF
Mozilla -- FirefoxThe form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
unknown
2007-05-31
2.3CVE-2007-2869
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
unknown
2007-05-31
1.9CVE-2007-2870
OTHER-REF
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
unknown
2007-05-31
1.9CVE-2007-2871
OTHER-REF
myEvent -- myEventmyEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.
unknown
2007-05-30
2.3CVE-2007-0690
BUGTRAQ
OSVDB
Nortel -- Communications ServerUnspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.
unknown
2007-05-29
2.3CVE-2007-2886
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Particle Soft -- Particle GalleryCross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.
unknown
2007-05-31
1.9CVE-2007-2962
BUGTRAQ
PsychoStats -- PsychoStatsMultiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.
unknown
2007-05-30
1.9CVE-2007-2914
BUGTRAQ
RM EasyMail -- RM EasyMail PlusCross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.
unknown
2007-05-30
1.9CVE-2007-2915
BUGTRAQ
RMForum -- RMForumRMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.
unknown
2007-05-30
2.3CVE-2007-2945
BUGTRAQ
SECUNIA
Sun -- SolarisUnspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.
unknown
2007-05-29
2.3CVE-2007-2882
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- Java System Messaging ServerCross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
unknown
2007-05-30
1.9CVE-2007-2904
SUNALERT
Sun -- Java Embedding PluginJava Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.
unknown
2007-05-30
2.3CVE-2007-2906
OTHER-REF
WabCMS -- WabCMSWabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-05-30
2.3CVE-2007-2944
SECUNIA
Windy Road -- Vistered LittleDirectory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.
unknown
2007-05-30
3.3CVE-2007-2934
MILW0RM
VIM
BID

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top