U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-204)

Vulnerability Summary for the Week of July 16, 2007

Original release date: July 23, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeApple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
unknown
2007-07-15
9.3CVE-2007-2392
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeThe design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
unknown
2007-07-15
9.3CVE-2007-2393
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeInteger overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
unknown
2007-07-15
9.3CVE-2007-2394
IDEFENSE
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeThe JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
unknown
2007-07-15
9.3CVE-2007-2396
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeQuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
unknown
2007-07-15
9.3CVE-2007-2397
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XUnspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
unknown
2007-07-17
10.0CVE-2007-3828
OTHER-REF
BID
Aspindir -- husrevforumSQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-18
7.5CVE-2007-3884
BID
FRSIRT
SECUNIA
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
unknown
2007-07-18
9.3CVE-2007-3762
OTHER-REF
FRSIRT
BRICS -- JWIGJWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates.
unknown
2007-07-16
7.8CVE-2007-3816
BUGTRAQ
OTHER-REF
CA -- Alert Notification Server
CA -- BrightStor ARCserve Client
CA -- Anti-Virus
CA -- Threat Manager
CA -- Protection Suites
CA -- BrightStor Enterprise Backup
CA -- BrightStor ARCserve Backup
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
unknown
2007-07-18
9.3CVE-2007-3825
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Cerulean Studios -- TrillianBuffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
unknown
2007-07-17
7.5CVE-2007-3832
OTHER-REF
CERT-VN
BID
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
unknown
2007-07-15
9.3CVE-2006-5277
ISS
CISCO
BID
SECTRACK
SECUNIA
XF
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
unknown
2007-07-15
10.0CVE-2006-5278
ISS
CISCO
BID
SECTRACK
SECUNIA
XF
Cisco -- Unified Presence Server
Cisco -- Unified Communications Manager
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
unknown
2007-07-15
7.8CVE-2007-3775
CISCO
BID
SECTRACK
Citadel -- WebCitCross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3821
BUGTRAQ
BID
SECUNIA
Clavister -- Clavister CorePlusThe SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
unknown
2007-07-16
10.0CVE-2007-3803
OTHER-REF
OTHER-REF
SECUNIA
CMScout -- CMScoutSQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
unknown
2007-07-16
7.5CVE-2007-3812
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Dvbbs -- DvbbsDvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.
unknown
2007-07-15
7.8CVE-2007-3774
BUGTRAQ
EnvivoSoft -- enVivo!CMSSQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4.
unknown
2007-07-15
7.5CVE-2007-3783
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
eSoft -- InstaGate EX2 UTM** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer.
unknown
2007-07-15
9.3CVE-2007-3786
OTHER-REF
OTHER-REF
OTHER-REF
XF
eSoft -- InstaGate EX2 UTMThe eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
unknown
2007-07-15
7.5CVE-2007-3787
OTHER-REF
OTHER-REF
eSoft -- InstaGate EX2 UTMThe eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.
unknown
2007-07-15
7.6CVE-2007-3788
OTHER-REF
OTHER-REF
eSyndicat -- eSyndiCat DirectoryMultiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
unknown
2007-07-16
7.5CVE-2007-3811
MILW0RM
BID
fedoraproject -- fedora_core
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
unknown
2007-07-15
7.2CVE-2007-3103
IDEFENSE
OTHER-REF
REDHAT
REDHAT
Generic YouTube Clone Script -- Generic YouTube Clone ScriptCross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
unknown
2007-07-15
10.0CVE-2007-3773
BUGTRAQ
OTHER-REF
Grisoft -- AVG Antivirusavg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.
unknown
2007-07-15
7.2CVE-2007-3777
BUGTRAQ
BID
SECTRACK
SECUNIA
Hitachi -- JP1-NETM-DM ManagerSQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-07-15
7.5CVE-2007-3793
OTHER-REF
BID
SECUNIA
XF
Hitachi -- uCosminexus Service Platform
Hitachi -- Cosminexus Studio
Hitachi -- uCosminexus Application Server
Hitachi -- uCosminexus Operator
Hitachi -- uCosminexus Client
Hitachi -- uCosminexus Developer
Hitachi -- uCosminexus Service Architect
Hitachi -- Cosminexus Developer
Hitachi -- Cosminexus Client
Hitachi -- Cosminexus Server
Hitachi -- Cosminexus Application Server
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
unknown
2007-07-15
10.0CVE-2007-3794
OTHER-REF
BID
SECUNIA
Hitachi -- TPI Server BaseUnspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port.
unknown
2007-07-15
7.1CVE-2007-3795
OTHER-REF
BID
SECUNIA
XF
HydraIRC -- HydraIRCFormat string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.
unknown
2007-07-17
7.8CVE-2007-3836
OTHER-REF
XF
HydraIRC -- HydraIRCHeap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.
unknown
2007-07-17
7.8CVE-2007-3837
OTHER-REF
XF
IBM -- Proventia Network IPS GX5108
IBM -- Proventia Network IPS GX5008
PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-07-17
9.3CVE-2007-3831
OTHER-REF
FRSIRT
SECUNIA
Inmostore -- InmostoreSQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-15
7.5CVE-2007-3789
BID
Insanely Simple Blog -- Insanely Simple BlogMultiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
unknown
2007-07-18
7.5CVE-2007-3889
BUGTRAQ
BID
SECUNIA
Ipswitch -- WS_FTPThe Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
unknown
2007-07-16
7.8CVE-2007-3823
OTHER-REF
SECUNIA
XF
IT747 -- Realtor 747SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
unknown
2007-07-16
7.5CVE-2007-3810
MILW0RM
libcURL -- libcURLlibcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
unknown
2007-07-18
7.5CVE-2007-3564
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MailMarshal -- MailMarshal SMTPThe password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
unknown
2007-07-17
7.6CVE-2007-3796
FULLDISC
OTHER-REF
BID
SECUNIA
Mehmet Zati Karahan -- MzK BlogSQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
unknown
2007-07-16
10.0CVE-2007-3824
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
unknown
2007-07-17
9.3CVE-2007-3826
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
MKPortal -- MKPortalMultiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3814
BUGTRAQ
MILW0RM
BID
BID
XF
Mozilla -- FirefoxMozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
unknown
2007-07-18
7.5CVE-2007-3737
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxMultiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
unknown
2007-07-18
7.5CVE-2007-3738
OTHER-REF
FRSIRT
SECUNIA
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
unknown
2007-07-15
7.8CVE-2007-3780
OTHER-REF
NetWin -- SurgeFTPThe mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
unknown
2007-07-15
8.5CVE-2007-3768
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
XF
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Progam Interface (DB13).
unknown
2007-07-18
7.5CVE-2007-3858
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Oracle -- Oracle Database
Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.
unknown
2007-07-18
7.5CVE-2007-3859
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Application ExpressUnspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
unknown
2007-07-18
7.5CVE-2007-3860
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01.
unknown
2007-07-18
7.5CVE-2007-3861
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
unknown
2007-07-18
7.5CVE-2007-3862
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.
unknown
2007-07-18
7.5CVE-2007-3863
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration SuiteMultiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02).
unknown
2007-07-18
7.5CVE-2007-3864
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteUnspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.
unknown
2007-07-18
7.5CVE-2007-3865
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.
unknown
2007-07-18
7.5CVE-2007-3866
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.
unknown
2007-07-18
7.5CVE-2007-3867
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05.
unknown
2007-07-18
7.5CVE-2007-3869
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
os-cillation -- Xfce TerminalThe terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.
unknown
2007-07-15
7.8CVE-2007-3770
OTHER-REF
SECUNIA
XF
PHP -- PHPThe glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption.
unknown
2007-07-16
7.8CVE-2007-3806
MILW0RM
PHP Arena -- paFileDBSQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
unknown
2007-07-16
7.5CVE-2007-3808
MILW0RM
BID
Pictures Rating -- Pictures RatingSQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
unknown
2007-07-18
7.5CVE-2007-3881
MILW0RM
BID
Pidgin -- PidginUnspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-07-17
9.0CVE-2007-3841
OTHER-REF
BID
policyd -- policydBuffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
unknown
2007-07-15
7.5CVE-2007-3791
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PopScript.com -- Expert AdvisorSQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-18
7.5CVE-2007-3882
MILW0RM
BID
ProZIlla -- ProZilla Directory ScriptMultiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3809
MILW0RM
Roxio -- CinePlayer
InterActual Technologies -- InterActual Player
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
9.3CVE-2007-3829
BID
SECUNIA
SECUNIA
XF
RSA -- ACE Server
Progress Software Corp -- Progress
Progress Software Corp -- OpenEdge
RSA -- RSA Authentication Manager
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
unknown
2007-07-15
10.0CVE-2007-2417
OTHER-REF
SECUNIA
SECUNIA
SiteTrafficStats -- SiteTrafficStatsSQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
unknown
2007-07-17
7.5CVE-2007-3840
MILW0RM
BID
SquirrelMail -- GPG PluginThe G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
unknown
2007-07-15
7.5CVE-2007-3778
IDEFENSE
MLIST
MLIST
VIM
BID
FRSIRT
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Symantec Gateway Security
Symantec -- Scan Engine
Symantec -- Symantec AntiVirus_Filtering Domino
Symantec -- Symantec Web Security
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Symantec -- BrightMail AntiSpam
Symantec -- Norton System Works
Symantec -- Norton AntiVirus
Symantec -- Client Security
Symantec -- Mail Security
Symantec -- Symantec AntiVirus Scan Engine
The Decomposer component in multiple Symantec products may allow remote attackers to execute arbitrary code via certain CAB archives, related to improper "bounds checks."
unknown
2007-07-16
10.0CVE-2007-3802
OTHER-REF
BID
FRSIRT
SECUNIA
TCPDump -- TCPDumpInteger overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet.
unknown
2007-07-16
7.5CVE-2007-3798
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).
unknown
2007-07-18
5.5CVE-2007-3854
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
8e6 -- R3000 Enterprise FilterCross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970.
unknown
2007-07-17
4.3CVE-2007-3842
OTHER-REF
activeWeb -- contentserverSQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
unknown
2007-07-15
6.5CVE-2007-3013
OTHER-REF
BID
activeWeb -- contentserverMultiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
unknown
2007-07-15
4.3CVE-2007-3014
OTHER-REF
BID
BID
activeWeb -- contentserverThe WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
unknown
2007-07-16
4.0CVE-2007-3017
BUGTRAQ
OTHER-REF
BID
SECUNIA
activeWeb -- contentserveractiveWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
unknown
2007-07-16
4.0CVE-2007-3018
BUGTRAQ
OTHER-REF
BID
SECUNIA
Apple -- QuicktimeQuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
unknown
2007-07-15
5.0CVE-2007-2402
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
ASP Ziyaretci Defteri -- ASP Ziyaretci DefteriMultiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta field.
unknown
2007-07-18
4.3CVE-2007-3887
OTHER-REF
BID
FRSIRT
SECUNIA
Aspindir -- husrevforumCross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-18
4.3CVE-2007-3885
FRSIRT
SECUNIA
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
unknown
2007-07-18
5.0CVE-2007-3763
OTHER-REF
FRSIRT
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
unknown
2007-07-18
5.0CVE-2007-3764
OTHER-REF
FRSIRT
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
unknown
2007-07-18
5.0CVE-2007-3765
OTHER-REF
FRSIRT
Azerbaijan Development Group -- AzDGDatingMultiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
unknown
2007-07-15
4.3CVE-2007-3792
BUGTRAQ
BID
Belkin -- F5D7231-4Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
unknown
2007-07-15
4.3CVE-2007-3784
FULLDISC
OTHER-REF
BID
SECUNIA
Cerulean Studios -- TrillianThe AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-07-17
5.0CVE-2007-3833
OTHER-REF
BID
Cisco -- Unified Presence Server
Cisco -- Unified Communications Manager
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
unknown
2007-07-15
5.0CVE-2007-3776
CISCO
BID
SECTRACK
Clavister -- Clavister CorePlusThe IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers cause a denial of service (gateway stop) via certain certificates.
unknown
2007-07-16
5.4CVE-2007-3805
OTHER-REF
OTHER-REF
SECUNIA
Data Dynamics -- ActiveBarThe Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
unknown
2007-07-18
5.1CVE-2007-3883
MILW0RM
Drupal -- LoginToboggan ModuleCross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.
unknown
2007-07-16
4.3CVE-2007-3817
OTHER-REF
BID
FRSIRT
SECUNIA
XF
EldoS Corporation -- SecureBlackboxAbsolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-15
5.8CVE-2007-3785
BID
XF
ExLibris Group -- ALEPHMultiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835.
unknown
2007-07-17
4.3CVE-2007-3834
BUGTRAQ
OTHER-REF
IBM -- Tivoli Provisioning Manager OS DeploymentThe TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
unknown
2007-07-18
5.0CVE-2007-3268
IDEFENSE
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Insanely Simple Blog -- Insanely Simple BlogMultiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.
unknown
2007-07-18
4.3CVE-2007-3888
BUGTRAQ
BID
SECUNIA
Microsoft -- DirectX SDKHeap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with an encoding that produces more data than expected when decoding.
unknown
2007-07-18
6.8CVE-2006-4183
IDEFENSE
MKPortal -- NoBoard ModulePHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
unknown
2007-07-16
4.3CVE-2007-3813
MILW0RM
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
unknown
2007-07-18
5.0CVE-2007-3734
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
unknown
2007-07-18
5.0CVE-2007-3735
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
unknown
2007-07-18
4.3CVE-2007-3736
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.
unknown
2007-07-17
5.0CVE-2007-3827
BUGTRAQ
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
unknown
2007-07-15
4.0CVE-2007-3781
OTHER-REF
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
unknown
2007-07-15
6.5CVE-2007-3782
OTHER-REF
OTHER-REF
Netimage Media -- Element CMSCross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.
unknown
2007-07-18
4.3CVE-2007-3886
FULLDISC
SECUNIA
NetWin -- SurgeFTPCross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
unknown
2007-07-15
5.8CVE-2007-3769
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
XF
Opera Software -- OperaOpera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
unknown
2007-07-16
5.0CVE-2007-3819
BUGTRAQ
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.
unknown
2007-07-18
6.5CVE-2007-3853
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.
unknown
2007-07-18
6.5CVE-2007-3855
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle10g
Oracle -- Oracle10g Database Server Release 2
Oracle -- Oracle 9i Database Release 2
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.
unknown
2007-07-18
6.5CVE-2007-3856
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).
unknown
2007-07-18
6.5CVE-2007-3857
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03.
unknown
2007-07-18
6.5CVE-2007-3868
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.
unknown
2007-07-18
4.6CVE-2007-3870
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
PHP -- PHPThe com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
unknown
2007-07-15
5.8CVE-2007-3790
MILW0RM
PHP -- PHPThe session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated.
unknown
2007-07-16
6.4CVE-2007-3799
OTHER-REF
PSnews -- PSnewsDirectory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
unknown
2007-07-15
6.4CVE-2007-3772
MILW0RM
Republike Slovenije -- PIRSBuffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.
unknown
2007-07-16
4.9CVE-2007-3815
FULLDISC
OTHER-REF
XF
SquirrelMail -- GPG PluginMultiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
unknown
2007-07-15
5.5CVE-2006-4169
IDEFENSE
BID
FRSIRT
SECUNIA
SquirrelMail -- GPG PluginPHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.
unknown
2007-07-15
4.3CVE-2007-3779
OTHER-REF
VIM
Symantec -- Norton AntiSpam
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Symantec -- Symantec AntiVirus
Symantec -- Norton System Works
Symantec -- Norton AntiVirus
Symantec -- Client Security
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
unknown
2007-07-15
6.9CVE-2007-3673
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Client Security
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.
unknown
2007-07-15
4.6CVE-2007-3771
OTHER-REF
BID
SECTRACK
SECTRACK
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Client Security
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
unknown
2007-07-16
6.0CVE-2007-3800
OTHER-REF
BID
FRSIRT
SECUNIA
TBDev.NET -- DRCross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
4.0CVE-2007-3839
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Citadel -- WebCitMultiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
unknown
2007-07-16
2.6CVE-2007-3822
BUGTRAQ
BID
SECUNIA
Clavister -- Clavister CorePlusThe AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.
unknown
2007-07-16
0.0CVE-2007-3804
OTHER-REF
OTHER-REF
SECUNIA
Drupal -- LoginToboggan ModuleCross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
unknown
2007-07-16
3.5CVE-2007-3818
OTHER-REF
ExLibris Group -- MetaLibCross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.
unknown
2007-07-17
2.6CVE-2007-3835
BUGTRAQ
OTHER-REF
IBM -- Proventia Network IPS GX5108
IBM -- Proventia Network IPS GX5008
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
unknown
2007-07-17
3.5CVE-2007-3830
OTHER-REF
FRSIRT
SECUNIA
KDE -- Konquerorkonqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
unknown
2007-07-16
2.6CVE-2007-3820
BUGTRAQ
BUGTRAQ
FRSIRT
SECUNIA
SiteScape -- SiteScape ForumMultiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
unknown
2007-07-16
2.6CVE-2007-3807
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Symantec -- Norton Internet Security
Symantec -- Norton Personal Firewall
Symantec -- Symantec AntiVirus Scan Engine
Symantec -- Norton Antivirus
Symantec -- Norton System Works
Symantec -- Symantec Web Security
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a crafted RAR archive file header.
unknown
2007-07-16
0.0CVE-2007-3801
OTHER-REF
BID
FRSIRT
SECUNIA
TBDev.NET -- DRCross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
2.6CVE-2007-3838
OTHER-REF
BID

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- QuicktimeApple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
unknown
2007-07-15
9.3CVE-2007-2392
OTHER-REF
APPLE
CERT-VN
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeThe design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
unknown
2007-07-15
9.3CVE-2007-2393
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeInteger overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
unknown
2007-07-15
9.3CVE-2007-2394
IDEFENSE
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeThe JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
unknown
2007-07-15
9.3CVE-2007-2396
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- QuicktimeQuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
unknown
2007-07-15
9.3CVE-2007-2397
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XUnspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
unknown
2007-07-17
10.0CVE-2007-3828
OTHER-REF
BID
Aspindir -- husrevforumSQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-18
7.5CVE-2007-3884
BID
FRSIRT
SECUNIA
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.
unknown
2007-07-18
9.3CVE-2007-3762
OTHER-REF
FRSIRT
BRICS -- JWIGJWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates.
unknown
2007-07-16
7.8CVE-2007-3816
BUGTRAQ
OTHER-REF
CA -- Alert Notification Server
CA -- BrightStor ARCserve Client
CA -- Anti-Virus
CA -- Threat Manager
CA -- Protection Suites
CA -- BrightStor Enterprise Backup
CA -- BrightStor ARCserve Backup
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
unknown
2007-07-18
9.3CVE-2007-3825
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Cerulean Studios -- TrillianBuffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.
unknown
2007-07-17
7.5CVE-2007-3832
OTHER-REF
CERT-VN
BID
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
unknown
2007-07-15
9.3CVE-2006-5277
ISS
CISCO
BID
SECTRACK
SECUNIA
XF
Cisco -- Unified CallManager
Cisco -- Unified Communications Manager
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
unknown
2007-07-15
10.0CVE-2006-5278
ISS
CISCO
BID
SECTRACK
SECUNIA
XF
Cisco -- Unified Presence Server
Cisco -- Unified Communications Manager
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
unknown
2007-07-15
7.8CVE-2007-3775
CISCO
BID
SECTRACK
Citadel -- WebCitCross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3821
BUGTRAQ
BID
SECUNIA
Clavister -- Clavister CorePlusThe SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.
unknown
2007-07-16
10.0CVE-2007-3803
OTHER-REF
OTHER-REF
SECUNIA
CMScout -- CMScoutSQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
unknown
2007-07-16
7.5CVE-2007-3812
MILW0RM
OTHER-REF
BID
SECUNIA
XF
Dvbbs -- DvbbsDvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.
unknown
2007-07-15
7.8CVE-2007-3774
BUGTRAQ
EnvivoSoft -- enVivo!CMSSQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CVE-2005-1413.4.
unknown
2007-07-15
7.5CVE-2007-3783
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
eSoft -- InstaGate EX2 UTM** DISPUTED ** Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer.
unknown
2007-07-15
9.3CVE-2007-3786
OTHER-REF
OTHER-REF
OTHER-REF
XF
eSoft -- InstaGate EX2 UTMThe eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.
unknown
2007-07-15
7.5CVE-2007-3787
OTHER-REF
OTHER-REF
eSoft -- InstaGate EX2 UTMThe eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.
unknown
2007-07-15
7.6CVE-2007-3788
OTHER-REF
OTHER-REF
eSyndicat -- eSyndiCat DirectoryMultiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
unknown
2007-07-16
7.5CVE-2007-3811
MILW0RM
BID
fedoraproject -- fedora_core
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
unknown
2007-07-15
7.2CVE-2007-3103
IDEFENSE
OTHER-REF
REDHAT
REDHAT
Generic YouTube Clone Script -- Generic YouTube Clone ScriptCross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
unknown
2007-07-15
10.0CVE-2007-3773
BUGTRAQ
OTHER-REF
Grisoft -- AVG Antivirusavg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.
unknown
2007-07-15
7.2CVE-2007-3777
BUGTRAQ
BID
SECTRACK
SECUNIA
Hitachi -- JP1-NETM-DM ManagerSQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-07-15
7.5CVE-2007-3793
OTHER-REF
BID
SECUNIA
XF
Hitachi -- uCosminexus Service Platform
Hitachi -- Cosminexus Studio
Hitachi -- uCosminexus Application Server
Hitachi -- uCosminexus Operator
Hitachi -- uCosminexus Client
Hitachi -- uCosminexus Developer
Hitachi -- uCosminexus Service Architect
Hitachi -- Cosminexus Developer
Hitachi -- Cosminexus Client
Hitachi -- Cosminexus Server
Hitachi -- Cosminexus Application Server
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
unknown
2007-07-15
10.0CVE-2007-3794
OTHER-REF
BID
SECUNIA
Hitachi -- TPI Server BaseUnspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port.
unknown
2007-07-15
7.1CVE-2007-3795
OTHER-REF
BID
SECUNIA
XF
HydraIRC -- HydraIRCFormat string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.
unknown
2007-07-17
7.8CVE-2007-3836
OTHER-REF
XF
HydraIRC -- HydraIRCHeap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.
unknown
2007-07-17
7.8CVE-2007-3837
OTHER-REF
XF
IBM -- Proventia Network IPS GX5108
IBM -- Proventia Network IPS GX5008
PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-07-17
9.3CVE-2007-3831
OTHER-REF
FRSIRT
SECUNIA
Inmostore -- InmostoreSQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-15
7.5CVE-2007-3789
BID
Insanely Simple Blog -- Insanely Simple BlogMultiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.
unknown
2007-07-18
7.5CVE-2007-3889
BUGTRAQ
BID
SECUNIA
Ipswitch -- WS_FTPThe Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.
unknown
2007-07-16
7.8CVE-2007-3823
OTHER-REF
SECUNIA
XF
IT747 -- Realtor 747SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
unknown
2007-07-16
7.5CVE-2007-3810
MILW0RM
libcURL -- libcURLlibcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
unknown
2007-07-18
7.5CVE-2007-3564
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MailMarshal -- MailMarshal SMTPThe password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
unknown
2007-07-17
7.6CVE-2007-3796
FULLDISC
OTHER-REF
BID
SECUNIA
Mehmet Zati Karahan -- MzK BlogSQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
unknown
2007-07-16
10.0CVE-2007-3824
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.
unknown
2007-07-17
9.3CVE-2007-3826
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
MKPortal -- MKPortalMultiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3814
BUGTRAQ
MILW0RM
BID
BID
XF
Mozilla -- FirefoxMozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
unknown
2007-07-18
7.5CVE-2007-3737
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxMultiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
unknown
2007-07-18
7.5CVE-2007-3738
OTHER-REF
FRSIRT
SECUNIA
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.
unknown
2007-07-15
7.8CVE-2007-3780
OTHER-REF
NetWin -- SurgeFTPThe mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.
unknown
2007-07-15
8.5CVE-2007-3768
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
XF
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Progam Interface (DB13).
unknown
2007-07-18
7.5CVE-2007-3858
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Oracle -- Oracle Database
Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.
unknown
2007-07-18
7.5CVE-2007-3859
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Application ExpressUnspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
unknown
2007-07-18
7.5CVE-2007-3860
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01.
unknown
2007-07-18
7.5CVE-2007-3861
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle Application ServerUnspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
unknown
2007-07-18
7.5CVE-2007-3862
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration Suite
Oracle -- Oracle Application Server
Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.
unknown
2007-07-18
7.5CVE-2007-3863
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Collaboration SuiteMultiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02).
unknown
2007-07-18
7.5CVE-2007-3864
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteUnspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.
unknown
2007-07-18
7.5CVE-2007-3865
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.
unknown
2007-07-18
7.5CVE-2007-3866
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- E-Business SuiteMultiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.
unknown
2007-07-18
7.5CVE-2007-3867
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05.
unknown
2007-07-18
7.5CVE-2007-3869
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
os-cillation -- Xfce TerminalThe terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.
unknown
2007-07-15
7.8CVE-2007-3770
OTHER-REF
SECUNIA
XF
PHP -- PHPThe glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption.
unknown
2007-07-16
7.8CVE-2007-3806
MILW0RM
PHP Arena -- paFileDBSQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.
unknown
2007-07-16
7.5CVE-2007-3808
MILW0RM
BID
Pictures Rating -- Pictures RatingSQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
unknown
2007-07-18
7.5CVE-2007-3881
MILW0RM
BID
Pidgin -- PidginUnspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-07-17
9.0CVE-2007-3841
OTHER-REF
BID
policyd -- policydBuffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. NOTE: some of these details are obtained from third party information.
unknown
2007-07-15
7.5CVE-2007-3791
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PopScript.com -- Expert AdvisorSQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-07-18
7.5CVE-2007-3882
MILW0RM
BID
ProZIlla -- ProZilla Directory ScriptMultiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.
unknown
2007-07-16
7.5CVE-2007-3809
MILW0RM
Roxio -- CinePlayer
InterActual Technologies -- InterActual Player
Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
9.3CVE-2007-3829
BID
SECUNIA
SECUNIA
XF
RSA -- ACE Server
Progress Software Corp -- Progress
Progress Software Corp -- OpenEdge
RSA -- RSA Authentication Manager
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
unknown
2007-07-15
10.0CVE-2007-2417
OTHER-REF
SECUNIA
SECUNIA
SiteTrafficStats -- SiteTrafficStatsSQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
unknown
2007-07-17
7.5CVE-2007-3840
MILW0RM
BID
SquirrelMail -- GPG PluginThe G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter value can be set in the contents of an e-mail message.
unknown
2007-07-15
7.5CVE-2007-3778
IDEFENSE
MLIST
MLIST
VIM
BID
FRSIRT
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Symantec Gateway Security
Symantec -- Scan Engine
Symantec -- Symantec AntiVirus_Filtering Domino
Symantec -- Symantec Web Security
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Symantec -- BrightMail AntiSpam
Symantec -- Norton System Works
Symantec -- Norton AntiVirus
Symantec -- Client Security
Symantec -- Mail Security
Symantec -- Symantec AntiVirus Scan Engine
The Decomposer component in multiple Symantec products may allow remote attackers to execute arbitrary code via certain CAB archives, related to improper "bounds checks."
unknown
2007-07-16
10.0CVE-2007-3802
OTHER-REF
BID
FRSIRT
SECUNIA
TCPDump -- TCPDumpInteger overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet.
unknown
2007-07-16
7.5CVE-2007-3798
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).
unknown
2007-07-18
5.5CVE-2007-3854
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
8e6 -- R3000 Enterprise FilterCross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970.
unknown
2007-07-17
4.3CVE-2007-3842
OTHER-REF
activeWeb -- contentserverSQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.
unknown
2007-07-15
6.5CVE-2007-3013
OTHER-REF
BID
activeWeb -- contentserverMultiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
unknown
2007-07-15
4.3CVE-2007-3014
OTHER-REF
BID
BID
activeWeb -- contentserverThe WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.
unknown
2007-07-16
4.0CVE-2007-3017
BUGTRAQ
OTHER-REF
BID
SECUNIA
activeWeb -- contentserveractiveWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.
unknown
2007-07-16
4.0CVE-2007-3018
BUGTRAQ
OTHER-REF
BID
SECUNIA
Apple -- QuicktimeQuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
unknown
2007-07-15
5.0CVE-2007-2402
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
XF
ASP Ziyaretci Defteri -- ASP Ziyaretci DefteriMultiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta field.
unknown
2007-07-18
4.3CVE-2007-3887
OTHER-REF
BID
FRSIRT
SECUNIA
Aspindir -- husrevforumCross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-18
4.3CVE-2007-3885
FRSIRT
SECUNIA
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.
unknown
2007-07-18
5.0CVE-2007-3763
OTHER-REF
FRSIRT
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
unknown
2007-07-18
5.0CVE-2007-3764
OTHER-REF
FRSIRT
Asterisk -- s800i Appliance
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
unknown
2007-07-18
5.0CVE-2007-3765
OTHER-REF
FRSIRT
Azerbaijan Development Group -- AzDGDatingMultiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.
unknown
2007-07-15
4.3CVE-2007-3792
BUGTRAQ
BID
Belkin -- F5D7231-4Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.
unknown
2007-07-15
4.3CVE-2007-3784
FULLDISC
OTHER-REF
BID
SECUNIA
Cerulean Studios -- TrillianThe AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-07-17
5.0CVE-2007-3833
OTHER-REF
BID
Cisco -- Unified Presence Server
Cisco -- Unified Communications Manager
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
unknown
2007-07-15
5.0CVE-2007-3776
CISCO
BID
SECTRACK
Clavister -- Clavister CorePlusThe IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers cause a denial of service (gateway stop) via certain certificates.
unknown
2007-07-16
5.4CVE-2007-3805
OTHER-REF
OTHER-REF
SECUNIA
Data Dynamics -- ActiveBarThe Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
unknown
2007-07-18
5.1CVE-2007-3883
MILW0RM
Drupal -- LoginToboggan ModuleCross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. NOTE: Drupal sanitizes the username by removing certain characters, so this might not be a vulnerability on default installations.
unknown
2007-07-16
4.3CVE-2007-3817
OTHER-REF
BID
FRSIRT
SECUNIA
XF
EldoS Corporation -- SecureBlackboxAbsolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-15
5.8CVE-2007-3785
BID
XF
ExLibris Group -- ALEPHMultiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835.
unknown
2007-07-17
4.3CVE-2007-3834
BUGTRAQ
OTHER-REF
IBM -- Tivoli Provisioning Manager OS DeploymentThe TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
unknown
2007-07-18
5.0CVE-2007-3268
IDEFENSE
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Insanely Simple Blog -- Insanely Simple BlogMultiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. NOTE: some of these details are obtained from third party information.
unknown
2007-07-18
4.3CVE-2007-3888
BUGTRAQ
BID
SECUNIA
Microsoft -- DirectX SDKHeap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with an encoding that produces more data than expected when decoding.
unknown
2007-07-18
6.8CVE-2006-4183
IDEFENSE
MKPortal -- NoBoard ModulePHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.
unknown
2007-07-16
4.3CVE-2007-3813
MILW0RM
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
unknown
2007-07-18
5.0CVE-2007-3734
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
unknown
2007-07-18
5.0CVE-2007-3735
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxCross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.
unknown
2007-07-18
4.3CVE-2007-3736
OTHER-REF
FRSIRT
SECUNIA
Mozilla -- FirefoxMozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.
unknown
2007-07-17
5.0CVE-2007-3827
BUGTRAQ
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
unknown
2007-07-15
4.0CVE-2007-3781
OTHER-REF
MySQL -- MySQL Community ServerMySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
unknown
2007-07-15
6.5CVE-2007-3782
OTHER-REF
OTHER-REF
Netimage Media -- Element CMSCross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.
unknown
2007-07-18
4.3CVE-2007-3886
FULLDISC
SECUNIA
NetWin -- SurgeFTPCross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE: this can be leveraged for root access via a sequence of steps involving web script that creates a new FTP user account.
unknown
2007-07-15
5.8CVE-2007-3769
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
XF
Opera Software -- OperaOpera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
unknown
2007-07-16
5.0CVE-2007-3819
BUGTRAQ
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). NOTE: a reliable researcher claims that DB01 is SQL injection in DBMS_PRVTAQIS.
unknown
2007-07-18
6.5CVE-2007-3853
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.
unknown
2007-07-18
6.5CVE-2007-3855
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle10g
Oracle -- Oracle10g Database Server Release 2
Oracle -- Oracle 9i Database Release 2
Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.
unknown
2007-07-18
6.5CVE-2007-3856
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- Oracle DatabaseMultiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).
unknown
2007-07-18
6.5CVE-2007-3857
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03.
unknown
2007-07-18
6.5CVE-2007-3868
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Oracle -- PeopleSoft EnterpriseMultiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.
unknown
2007-07-18
4.6CVE-2007-3870
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
PHP -- PHPThe com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
unknown
2007-07-15
5.8CVE-2007-3790
MILW0RM
PHP -- PHPThe session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated.
unknown
2007-07-16
6.4CVE-2007-3799
OTHER-REF
PSnews -- PSnewsDirectory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter.
unknown
2007-07-15
6.4CVE-2007-3772
MILW0RM
Republike Slovenije -- PIRSBuffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used by data-entry workers who do not have full access to the underlying Windows environment.
unknown
2007-07-16
4.9CVE-2007-3815
FULLDISC
OTHER-REF
XF
SquirrelMail -- GPG PluginMultiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
unknown
2007-07-15
5.5CVE-2006-4169
IDEFENSE
BID
FRSIRT
SECUNIA
SquirrelMail -- GPG PluginPHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.
unknown
2007-07-15
4.3CVE-2007-3779
OTHER-REF
VIM
Symantec -- Norton AntiSpam
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
Symantec -- Symantec AntiVirus
Symantec -- Norton System Works
Symantec -- Norton AntiVirus
Symantec -- Client Security
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
unknown
2007-07-15
6.9CVE-2007-3673
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Client Security
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.
unknown
2007-07-15
4.6CVE-2007-3771
OTHER-REF
BID
SECTRACK
SECTRACK
SECUNIA
Symantec -- Symantec AntiVirus
Symantec -- Client Security
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
unknown
2007-07-16
6.0CVE-2007-3800
OTHER-REF
BID
FRSIRT
SECUNIA
TBDev.NET -- DRCross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
4.0CVE-2007-3839
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Citadel -- WebCitMultiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
unknown
2007-07-16
2.6CVE-2007-3822
BUGTRAQ
BID
SECUNIA
Clavister -- Clavister CorePlusThe AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.
unknown
2007-07-16
0.0CVE-2007-3804
OTHER-REF
OTHER-REF
SECUNIA
Drupal -- LoginToboggan ModuleCross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."
unknown
2007-07-16
3.5CVE-2007-3818
OTHER-REF
ExLibris Group -- MetaLibCross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.
unknown
2007-07-17
2.6CVE-2007-3835
BUGTRAQ
OTHER-REF
IBM -- Proventia Network IPS GX5108
IBM -- Proventia Network IPS GX5008
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
unknown
2007-07-17
3.5CVE-2007-3830
OTHER-REF
FRSIRT
SECUNIA
KDE -- Konquerorkonqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
unknown
2007-07-16
2.6CVE-2007-3820
BUGTRAQ
BUGTRAQ
FRSIRT
SECUNIA
SiteScape -- SiteScape ForumMultiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.
unknown
2007-07-16
2.6CVE-2007-3807
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Symantec -- Norton Internet Security
Symantec -- Norton Personal Firewall
Symantec -- Symantec AntiVirus Scan Engine
Symantec -- Norton Antivirus
Symantec -- Norton System Works
Symantec -- Symantec Web Security
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a crafted RAR archive file header.
unknown
2007-07-16
0.0CVE-2007-3801
OTHER-REF
BID
FRSIRT
SECUNIA
TBDev.NET -- DRCross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-17
2.6CVE-2007-3838
OTHER-REF
BID

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top