Vulnerability Summary for the Week of June 4, 2007

Released
Jun 11, 2007
Document ID
SB07-162

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alcatel -- OmniPCX EnterpriseAlcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.
unknown
2007-06-07
7.0CVE-2007-2512
OTHER-REF
XF
Apple -- Xserve Lights-Out ManagementApple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
unknown
2007-06-04
10.0CVE-2007-2387
OTHER-REF
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Calimero.CMS -- Calimero.CMSSession fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
2007-05-28
2007-06-05
7.0CVE-2007-3053
BUGTRAQ
OTHER-REF
Centennial -- Discovery
Symantec -- Discovery
Numara -- Asset Manager
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this might be a reservation duplicate of CVE-2007-1173.
unknown
2007-06-06
8.0CVE-2007-2514
BUGTRAQ
OTHER-REF
BID
SECTRACK
Chameleon CMS -- Chameleon CMSSession fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
2007-05-28
2007-06-05
7.0CVE-2007-3050
BUGTRAQ
OTHER-REF
Clam Anti-Virus -- ClamAVunsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
unknown
2007-06-07
7.0CVE-2007-3023
MLIST
OTHER-REF
Comdev -- Comdev eCommercePHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
unknown
2007-06-06
7.0CVE-2007-3081
BUGTRAQ
XF
Comdev -- Comdev Web BloggerPHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.
unknown
2007-06-06
7.0CVE-2007-3084
BUGTRAQ
XF
Computer Associates -- Common Services
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- BrightStor Enterprise Backup
Computer Associates -- Anti-Virus
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
unknown
2007-06-06
10.0CVE-2007-2863
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- eTrust Anti-Virus SDK
Computer Associates -- Common Services
Computer Associates -- eTrust EZ Antivirus
Computer Associates -- eTrust Antivirus
Computer Associates -- eTrust Secure Content Manager
Computer Associates -- Unicenter Network and Systems Management
Computer Associates -- eTrust Antivirus for the Gateway
Computer Associates -- Anti-Virus
Computer Associates -- BrightStor ARCserve Backup
Computer Associates -- Protection Suites
Computer Associates -- eTrust EZ Armor
Computer Associates -- Integrated Threat Management
Computer Associates -- Internet Security Suite
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
unknown
2007-06-06
8.0CVE-2007-2864
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Dian Gemilang -- DGNewsSQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.
unknown
2007-06-04
7.0CVE-2007-2994
BUGTRAQ
BID
SECUNIA
Digital River -- eSellerate SDKBuffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
unknown
2007-06-06
8.0CVE-2007-3071
OTHER-REF
BID
E-Book Systems -- FlipViewerMultiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.
unknown
2007-06-06
8.0CVE-2007-2919
CERT-VN
BID
FRSIRT
SECUNIA
EQdkp -- EQdkpSQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
unknown
2007-06-06
7.0CVE-2007-3077
MILW0RM
BID
FRSIRT
SECUNIA
XF
F5 -- Firepass 4100my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.
unknown
2007-06-06
7.0CVE-2007-3097
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Gaya Design -- ComicSenseSQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.
unknown
2007-06-06
7.0CVE-2007-3088
BUGTRAQ
GNU -- screen** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue.
unknown
2007-06-05
7.0CVE-2007-3048
FULLDISC
FULLDISC
FULLDISC
FULLDISC
XF
Hunkaray Okul -- PortalySQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-06
7.0CVE-2007-3080
BID
IBM -- Lotus DominoIBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
unknown
2007-06-06
8.0CVE-2007-0068
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- AIXUnspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."
unknown
2007-06-04
8.0CVE-2007-2996
OTHER-REF
AIXAPAR
BID
SECUNIA
Inout Scripts -- Inout Meta Search EngineA certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.
unknown
2007-06-01
7.0CVE-2007-2988
BUGTRAQ
MILW0RM
BID
BID
K-Letter -- K-LetterMultiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php.
unknown
2007-06-07
7.0CVE-2007-3118
MILW0RM
BID
FRSIRT
XF
Kartli Alisveris Sistemi -- Kartli Alisveris SistemiSQL injection vulnerability in news.asp in Kartli Alisveris Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
unknown
2007-06-07
7.0CVE-2007-3119
MILW0RM
Macrovision -- Update Service
Macrovision -- FLEXnet Connect
Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.
unknown
2007-06-06
10.0CVE-2007-2419
OTHER-REF
OTHER-REF
SECUNIA
Mbedthis Software -- Mbedthis AppWeb HTTP serverMbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
unknown
2007-06-04
7.0CVE-2007-3008
OTHER-REF
OTHER-REF
MeAlex -- My DatebookSQL injection vulnerability in diary.php in My Datebook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
unknown
2007-06-05
7.0CVE-2007-3063
BUGTRAQ
Microsoft -- Internet ExplorerRace condition in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability."
unknown
2007-06-06
8.0CVE-2007-3091
BUGTRAQ
FULLDISC
OTHER-REF
CERT-VN
BID
SECTRACK
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.
unknown
2007-06-06
8.0CVE-2007-3092
BUGTRAQ
FULLDISC
OTHER-REF
BID
SECTRACK
XF
Microsoft -- Internet Explorer
Provideo -- Camimage ActiveX Control
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
unknown
2007-06-07
10.0CVE-2007-3111
MILW0RM
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.
unknown
2007-06-06
10.0CVE-2007-3089
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
Mozilla -- FirefoxMozilla Firefox does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, aka the "dialog refocus bug."
unknown
2007-06-06
8.0CVE-2007-3090
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
Mplayer -- MplayerMultiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.
unknown
2007-06-07
8.0CVE-2007-2948
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
myWebland -- MyBloggieMultiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.
unknown
2007-06-04
7.0CVE-2007-3003
BUGTRAQ
BID
XF
Nexen -- AdminBot MXPHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter.
unknown
2007-06-01
7.0CVE-2007-2986
MILW0RM
VIM
Omegasoft -- INterneSErvicesLosungenMultiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
unknown
2007-06-04
7.0CVE-2007-2992
BUGTRAQ
BID
Particle Soft -- Particle GallerySQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.
unknown
2007-06-05
7.0CVE-2007-3065
MILW0RM
BID
FRSIRT
SECUNIA
PBSite -- PBSiteMultiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.
unknown
2007-06-06
7.0CVE-2007-3085
BUGTRAQ
BUGTRAQ
XF
Pheap -- PheapPheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username. NOTE: this can be leveraged to upload and execute arbitrary PHP code via an update_doc action in edit.php.
unknown
2007-06-01
10.0CVE-2007-2985
MILW0RM
PHP -- PHPInteger overflow in the chunk_split function in PHP 5 before 5.2.3 has unknown impact and attack vectors.
unknown
2007-06-04
7.0CVE-2007-2872
OTHER-REF
PHP JackKnife -- PHP JackKnifeMultiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.
unknown
2007-06-04
7.0CVE-2007-3000
BUGTRAQ
BID
php(Reactor) -- php(Reactor)Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.
unknown
2007-06-05
7.0CVE-2007-3066
BUGTRAQ
XF
PostNuke Software Foundation -- PNphpBBSQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
unknown
2007-06-05
7.0CVE-2007-3052
MILW0RM
FRSIRT
SECUNIA
RevokeSoft -- RevokeBBSQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
unknown
2007-06-05
7.0CVE-2007-3051
BUGTRAQ
MILW0RM
BID
FRSIRT
XF
SalesCart -- Shopping CartMultiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors.
unknown
2007-06-04
7.0CVE-2007-2997
BUGTRAQ
BID
XF
Sun -- JDK
Sun -- SDK
Sun -- JRE
Buffer overflow in the image parsing implementation in the Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets or applications that grant privileges to themselves.
unknown
2007-06-04
8.0CVE-2007-3004
SUNALERT
Sun -- SolarisUnspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
unknown
2007-06-06
10.0CVE-2007-3093
SUNALERT
BID
Symantec -- Veritas Storage FoundationThe Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create registry values specifying future command execution.
unknown
2007-06-04
10.0CVE-2007-2279
OTHER-REF
BID
Symantec -- Symantec Reporting ServerSymantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
unknown
2007-06-05
7.0CVE-2007-3021
OTHER-REF
Vonage -- VoIP Telephone AdapterThe Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
unknown
2007-06-05
7.0CVE-2007-3047
BUGTRAQ
Zenturi -- Zenturi ProgramCheckerMultiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-06-01
7.0CVE-2007-2987
CERT-VN
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Acoustica -- Acoustica MP3 CD BurnerBuffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute.
unknown
2007-06-04
5.6CVE-2007-3006
MILW0RM
BID
DVD X Studios -- DVD X PlayerStack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
unknown
2007-06-05
5.6CVE-2007-3068
MILW0RM
BID
FRSIRT
SECUNIA
XF
Madirish Webmail -- Madirish WebmailMultiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-05
5.6CVE-2007-3058
SECUNIA
XF
Media Technology Group -- CDPass ActiveX ControlMultiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-06-01
5.6CVE-2007-2984
CERT-VN
BID
Microsoft -- Frontpage
Microsoft -- Office
The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.
unknown
2007-06-07
4.7CVE-2007-3109
BUGTRAQ
Sun -- Solarisxscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.
unknown
2007-06-06
4.9CVE-2007-3069
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- SolarisUnspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
unknown
2007-06-06
6.0CVE-2007-3094
SUNALERT
BID
Symantec -- Symantec Client Security
Symantec -- Symantec AntiVirus
Symantec -- Symantec Reporting Server
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
unknown
2007-06-06
6.0CVE-2007-3095
OTHER-REF
BID
Xoops -- icontent ModulePHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
unknown
2007-06-05
5.6CVE-2007-3057
MILW0RM
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-06-05
1.9CVE-2007-3043
OTHER-REF
BID
FRSIRT
SECUNIA
XF
ADPLAN -- SEOCross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers.
unknown
2007-06-07
1.9CVE-2007-3117
OTHER-REF
BID
SECUNIA
Advanced Software Production Line -- Vortex LibraryBuffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information.
unknown
2007-06-05
2.3CVE-2007-3046
MLIST
SECUNIA
Agnitum -- Outpost FirewallUnrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.
unknown
2007-06-06
2.3CVE-2007-3086
BUGTRAQ
OTHER-REF
BID
XF
Aigaion -- AigaionMultiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php.
unknown
2007-06-06
2.3CVE-2007-3078
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
AIOCP -- AIOCPCross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-06-07
1.9CVE-2007-3120
OTHER-REF
SECUNIA
Apache Software Foundation -- Apache HTTP ServerThe recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
unknown
2007-06-04
2.3CVE-2007-1862
OTHER-REF
OTHER-REF
BDigital Web Solutions -- WebStudio CMSCross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.
unknown
2007-06-06
1.9CVE-2007-3070
BUGTRAQ
BID
XF
Beatnik -- Beatnik PlayerCross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-07
1.9CVE-2007-3110
BID
SECUNIA
Buttercup WFM -- Buttercup WFMCross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.
unknown
2007-06-05
1.9CVE-2007-3049
OTHER-REF
BID
CactuSoft -- CactuShopCactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for cactushop6.mdb.
unknown
2007-06-05
3.3CVE-2007-3061
BUGTRAQ
Castle Rock Computing -- SNMPcThe SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.
unknown
2007-06-06
3.3CVE-2007-3098
MILW0RM
BID
SECUNIA
XF
Codelib -- LinkerCross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-05
1.9CVE-2007-3054
SECUNIA
Codelib -- LinkerCross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
unknown
2007-06-05
1.9CVE-2007-3055
BUGTRAQ
BID
FRSIRT
SECUNIA
EQdkp -- Attunement and KeyCross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.
unknown
2007-06-05
2.3CVE-2007-3067
OTHER-REF
FRSIRT
SECUNIA
EQdkp -- EQdkplistmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.
unknown
2007-06-06
2.7CVE-2007-3079
FULLDISC
XF
Evenzia -- Evenzia CMSCross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
unknown
2007-06-04
1.9CVE-2007-2991
BUGTRAQ
BID
Gnu -- findutilsHeap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
unknown
2007-06-04
3.4CVE-2007-2452
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Hitachi -- XP WUnspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.
unknown
2007-06-05
2.3CVE-2007-3044
OTHER-REF
FRSIRT
SECUNIA
XF
Hitachi -- TP1 NET OSI-TP-ExtendedUnspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.
unknown
2007-06-05
2.3CVE-2007-3045
OTHER-REF
FRSIRT
SECUNIA
XF
HP -- OpenVMSThe Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.
unknown
2007-06-04
2.3CVE-2007-2998
MLIST
MLIST
SECUNIA
HP -- System Management HomepageCross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-06-05
1.9CVE-2007-3062
OTHER-REF
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- Lotus Domino Web ServerUnspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.
unknown
2007-06-06
3.3CVE-2007-0067
OTHER-REF
BID
FRSIRT
SECUNIA
XF
IBM -- AIXUnspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
unknown
2007-06-04
1.9CVE-2007-2995
AIXAPAR
AIXAPAR
SECUNIA
MaraDNS -- MaraDNSMemory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
unknown
2007-06-07
2.3CVE-2007-3114
OTHER-REF
OTHER-REF
BID
SECUNIA
MaraDNS -- MaraDNSMultiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
unknown
2007-06-07
3.3CVE-2007-3115
OTHER-REF
OTHER-REF
BID
SECUNIA
MaraDNS -- MaraDNSMemory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
unknown
2007-06-07
2.3CVE-2007-3116
OTHER-REF
Mbedthis Software -- Mbedthis AppWeb HTTP serverFormat string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.
unknown
2007-06-04
1.9CVE-2007-3009
OTHER-REF
MeAlex -- My DatebookCross-site scripting (XSS) vulnerability in diary.php in My Datebook allows remote attackers to inject arbitrary web script or HTML via the year parameter.
unknown
2007-06-05
1.9CVE-2007-3064
BUGTRAQ
Meneame -- MeneameCross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-06-05
1.9CVE-2007-3042
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Windows XPBuffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. A1) on Windows XP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a beacon frame with a long TIM Information Element.
unknown
2007-06-05
3.3CVE-2007-0933
OTHER-REF
Microsoft -- Windows XPMicrosoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
unknown
2007-06-06
2.7CVE-2007-2237
OTHER-REF
CERT-VN
BID
FRSIRT
XF
Microsoft -- Windows Server 2003Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
unknown
2007-06-04
1.9CVE-2007-2999
OTHER-REF
BID
SECUNIA
Microsoft -- Internet ExplorerDirectory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.
unknown
2007-06-06
3.3CVE-2007-3075
OTHER-REF
Mozilla -- FirefoxDirectory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
unknown
2007-06-06
2.3CVE-2007-3072
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- FirefoxDirectory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.
unknown
2007-06-06
3.3CVE-2007-3073
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Mozilla -- FirefoxMozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
unknown
2007-06-06
2.3CVE-2007-3074
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Novell -- GroupwiseNovell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.
unknown
2007-06-04
2.3CVE-2007-2513
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Omegasoft -- INterneSErvicesLosungenMultiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.
unknown
2007-06-04
1.9CVE-2007-2993
BUGTRAQ
BID
OSI Codes Inc. -- PHPLiveMultiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.
unknown
2007-06-05
1.9CVE-2007-3060
BUGTRAQ
FULLDISC
BID
PBLang -- PBLangDirectory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
unknown
2007-06-06
2.7CVE-2007-3096
MILW0RM
SECUNIA
PeerCast -- PeerCastPeercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.
unknown
2007-06-06
3.3CVE-2007-3087
BUGTRAQ
PHP -- PHPPHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
unknown
2007-06-04
2.3CVE-2007-3007
OTHER-REF
OTHER-REF
PHP JackKnife -- PHP JackKnifeMultiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.
unknown
2007-06-04
1.9CVE-2007-3001
BUGTRAQ
BID
PHP JackKnife -- PHP JackKnifePHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.
unknown
2007-06-04
2.3CVE-2007-3002
BUGTRAQ
BID
RainbowSoft -- Z-BlogZ-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb.
unknown
2007-06-06
3.3CVE-2007-3083
BUGTRAQ
FRSIRT
XF
Sendcard -- SendcardSendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.
unknown
2007-06-05
2.3CVE-2007-3059
BUGTRAQ
Sendcard -- SendcardDirectory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.
unknown
2007-06-06
3.3CVE-2007-3082
MILW0RM
BID
FRSIRT
XF
Sun -- SolarisThe libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
unknown
2007-06-01
3.3CVE-2007-2989
SUNALERT
BID
SECUNIA
Sun -- SolarisUnspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
unknown
2007-06-01
2.3CVE-2007-2990
SUNALERT
BID
SECUNIA
Sun -- JDK
Sun -- SDK
Sun -- JRE
Unspecified vulnerability in the Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier allows remote attackers to cause a denial of service (JVM hang) via certain untrusted applets or applications.
unknown
2007-06-04
1.9CVE-2007-3005
SUNALERT
Symantec -- Veritas Volume ReplicatorThe administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp).
unknown
2007-06-04
2.3CVE-2007-1593
IDEFENSE
OTHER-REF
BID
Symantec -- Symantec Client Security
Symantec -- Symantec AntiVirus
Symantec -- Symantec Reporting Server
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.
unknown
2007-06-05
1.9CVE-2007-3022
OTHER-REF
The Cacti Group -- CactiCacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter.
unknown
2007-06-07
3.3CVE-2007-3112
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
The Cacti Group -- CactiCacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter.
unknown
2007-06-07
2.0CVE-2007-3113
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
WebSVN -- WebSVNCross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-06-05
1.9CVE-2007-3056
BID
SECUNIA
Zenturi -- Zenturi ProgramCheckerA certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
unknown
2007-06-06
3.3CVE-2007-3076
OTHER-REF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.