Vulnerability Summary for the Week of July 23, 2007

Released
Jul 30, 2007
Document ID
SB07-211

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adaptive Business Design -- Infinite ResponderSQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-07-20
7.5CVE-2007-3943
OTHER-REF
BID
SECUNIA
XF
Apple -- SafariUnspecified vulnerability in Safari (MobileSafari) on the Apple iPhone allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague pre-advisory. Details will be updated after the grace period has ended.
unknown
2007-07-23
9.3CVE-2007-3944
OTHER-REF
OTHER-REF
OTHER-REF
Article Directory -- Article DirectoryPHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-07-25
9.3CVE-2007-4007
MILW0RM
OTHER-REF
BID
ASP Indir -- Dora EmlakMultiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-25
7.5CVE-2007-3989
BID
FRSIRT
SECUNIA
ASP Indir -- Dora EmlakSQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-25
7.5CVE-2007-3990
BID
FRSIRT
SECUNIA
Borland Software -- InterbaseStack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 before SP2 allows remote attackers to execute arbitrary code via a long size value in a create request to port 3050/tcp.
unknown
2007-07-26
7.5CVE-2007-3566
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
bwired -- bwiredSQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
unknown
2007-07-25
7.5CVE-2007-3976
MILW0RM
CA -- eTrust Intrusion DetectionThe CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLLs, via unspecified "scriptable functions."
unknown
2007-07-25
9.3CVE-2007-3302
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Centennial -- Discovery
Symantec -- Discovery
Numara -- Asset Manager
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
unknown
2007-07-23
7.2CVE-2007-2950
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Cisco -- Wireless LAN ControllerCisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software before 3.2 20070727, 4.0 before 20070727, and 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (traffic amplification or ARP storm) via a crafted unicast ARP request that (1) has a destination MAC address unknown to the Layer-2 infrastructure, aka CSCsj69233; or (2) occurs during Layer-3 roaming across IP subnets, aka CSCsj70841.
unknown
2007-07-25
7.1CVE-2007-4011
CISCO
BID
FRSIRT
SECUNIA
Cisco -- Wireless LAN ControllerCisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 Wireless LAN Controller (WLC) software 4.1 before 4.1.180.0 allows remote attackers to cause a denial of service (ARP storm) via a broadcast ARP packet that "targets the IP address of a known client context", aka CSCsj50374.
unknown
2007-07-25
7.1CVE-2007-4012
CISCO
BID
FRSIRT
SECUNIA
Citrix -- Endpoint Analysis Client
Citrix -- Access Gateway
Mozilla -- Firefox plugin
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
unknown
2007-07-25
9.3CVE-2007-4013
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Citrix -- Access GatewayCitrix Access Gateway Advanced Edition before 4.5 HF1 allows attackers to obtain sensitive information and hijack a session via unspecified vectors related to "residual information" on a client device.
unknown
2007-07-25
9.3CVE-2007-4015
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Citrix -- Access GatewayCross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.
unknown
2007-07-25
7.6CVE-2007-4017
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- Unicenter Enterprise Job Manager
Computer Associates -- Unicenter Application Performance Monitor
Computer Associates -- Unicenter NSM Wireless Network Management Option
Computer Associates -- CleverPath ECM
Computer Associates -- Unicenter Management Web Servers
Computer Associates -- Advantage Data Transport
Computer Associates -- Unicenter Management Microsoft Exchange
Computer Associates -- CleverPath OLAP
Computer Associates -- BrightStor Portal
Computer Associates -- Unicenter Jasmine
Computer Associates -- Unicenter Remote Control
Computer Associates -- Unicenter Management Lotus Note_Domino
Computer Associates -- Unicenter TNG
Computer Associates -- Unicenter TNG JPN
Computer Associates -- CleverPath Aion
Computer Associates -- Unicenter Data Transport Option
Computer Associates -- eTrust Admin
Computer Associates -- Unicenter Software Delivery
Computer Associates -- BrightStor SAN Manager
Computer Associates -- Unicenter Network and Systems Management
Computer Associates -- CleverPath Predictive Analysis Server
Computer Associates -- Unicenter Asset Management
Computer Associates -- Unicenter Service Level Management
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
unknown
2007-07-25
9.3CVE-2007-0060
ISS
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Entertainment CMS -- Entertainment CMSDirectory traversal vulnerability in custom.php in Entertainment CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.
unknown
2007-07-25
7.5CVE-2007-4008
MILW0RM
BID
IBM -- WebSphere Application ServerMultiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).
unknown
2007-07-24
9.3CVE-2007-3960
AIXAPAR
FRSIRT
SECUNIA
iExpress -- property proSQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-25
7.5CVE-2007-3992
SECUNIA
JBlog -- JBlogadmin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
unknown
2007-07-25
7.5CVE-2007-3974
BUGTRAQ
MILW0RM
BID
junction quest -- image racerSQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.
unknown
2007-07-25
7.5CVE-2007-3987
BUGTRAQ
OTHER-REF
SECUNIA
XF
Libvorbis -- libvorbislibvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via (1) blocksize_0 and blocksize_1 values, which trigger a "heap overwrite" in the _01inverse function in res0.c, (2) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
unknown
2007-07-26
9.3CVE-2007-3106
OTHER-REF
OTHER-REF
Libvorbis -- libvorbislibvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service via (1) an invalid mapping type, which triggers an out-of-bounds read in the vorbis_info_clear function in info.c, and (2) invalid blocksize values that trigger a segmentation fault in the read function in block.c.
unknown
2007-07-26
9.3CVE-2007-4029
OTHER-REF
lighttpd -- lighttpdmod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.
unknown
2007-07-23
8.3CVE-2007-3949
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.
unknown
2007-07-24
7.1CVE-2007-3958
MILW0RM
XF
Norman -- Norman Virus ControlMultiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."
unknown
2007-07-24
7.5CVE-2007-3951
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
Norman -- Normon AntivirusThe OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around".
unknown
2007-07-24
7.5CVE-2007-3952
BUGTRAQ
OTHER-REF
Panda -- AdminSecureInteger overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
unknown
2007-07-25
9.3CVE-2007-3026
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Panda -- Panda AntiVirusBuffer overflow in Panda Antivirus before 20070720 allows remote attackers to execute arbitrary code via a crafted EXE file, resulting from an "Integer Cast Around."
unknown
2007-07-25
9.3CVE-2007-3969
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
RCMS Pro -- Rgamescript ProPHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
unknown
2007-07-25
10.0CVE-2007-3980
MILW0RM
BID
SWsoft -- ConfixxPHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 3.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
unknown
2007-07-25
9.3CVE-2007-4009
MILW0RM
BID
TeamSpeak -- Web ServerTeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service (CPU and memory consumption) via long username and password parameters in a request to login.tscmd on TCP port 14534.
unknown
2007-07-24
7.8CVE-2007-3956
MILW0RM
BID
XF
UseBB -- UseBBMultiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) upgrade-0-2-3.php, (2) upgrade-0-3.php, or (3) upgrade-0-4.php in install/, a different vulnerability than CVE-2005-4193.
unknown
2007-07-25
9.3CVE-2007-3963
BUGTRAQ
BID
webSPELL -- webSPELLAbsolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-07-26
7.5CVE-2007-4028
BUGTRAQ
BID
SECUNIA
WSN Links -- WSN LinksSQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
unknown
2007-07-25
7.5CVE-2007-3981
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache -- TomcatCross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
unknown
2007-07-25
4.3CVE-2007-3383
BUGTRAQ
FULLDISC
OTHER-REF
CERT-VN
FRSIRT
XF
Areca -- CLIBuffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow local users to gain privileges via a long argument. NOTE: this program is not setuid by default, but there are some usage scenarios in which an administrator might make it setuid.
unknown
2007-07-26
6.6CVE-2007-4027
BUGTRAQ
OTHER-REF
XF
Aruba -- Mobility ControllerCross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-07-26
4.3CVE-2007-4023
OTHER-REF
SECUNIA
ASP Indir -- cvmatikMultiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.
unknown
2007-07-25
4.3CVE-2007-3991
OTHER-REF
BID
FRSIRT
SECUNIA
Brain Book Software -- AdManMultiple cross-site scripting (XSS) vulnerabilities in login.php in AdMan 1.0.20051202 FF 3 patch and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.
unknown
2007-07-26
4.3CVE-2007-4020
OTHER-REF
Brain Book Software -- Software SecureMultiple cross-site scripting (XSS) vulnerabilities in login.php in Brain Book Software Secure 1.0.20070629 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pwd parameters.
unknown
2007-07-26
4.3CVE-2007-4021
OTHER-REF
bwired -- bwiredCross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-????.
unknown
2007-07-25
4.3CVE-2007-3977
MILW0RM
bwired -- bwiredSession fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
unknown
2007-07-25
4.3CVE-2007-3978
MILW0RM
CA -- etrust Internet Security Suite
CA -- CA Anti Virus SDK
CA -- AntiSpyware for the Enterprise
CA -- Unicenter Network Sys management
CA -- etrust Antivirus Gateway
CA -- BrightStor ARCserve Backup for Windows
CA -- Secure Content Manager
CA -- Internet Security Suite 2007
CA -- CA common services
CA -- eTrust Intrusion Detection
CA -- Anti-Virus
CA -- etrust EZ Antivirus
CA -- BrightStor ARCserve Backup
CA -- Anti-spyware 2007
CA -- BrightStor Enterprise Backup
CA -- Anti-Virus for the Enterprise
CA -- BrightStor ARCserve Client
CA -- Protection Suites
CA -- BrigthStor ARCserve Client for Windows
CA -- etrust Antivirus 2007
CA -- etrust ez armor
CA -- Threat Manager
CA -- Antivirus SDK
arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.
unknown
2007-07-25
4.3CVE-2007-3875
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Citrix -- Access GatewayThe Citrix EPA ActiveX control (aka the "endpoint checking control" or CCAOControl Object) before 4.5.0.0 in npCtxCAO.dll in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows remote attackers to download and execute arbitrary programs onto a client system.
unknown
2007-07-25
4.3CVE-2007-3679
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
BID
FRSIRT
SECUNIA
Citrix -- Advanced Access Control
Citrix -- Access Gateway
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors.
unknown
2007-07-25
6.8CVE-2007-4016
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Citrix -- Access GatewayCitrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.
unknown
2007-07-25
6.8CVE-2007-4018
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
cPanel -- cPanelCross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
unknown
2007-07-26
4.3CVE-2007-4022
BUGTRAQ
BID
Data Dynamics -- ActiveReportsAbsolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.
unknown
2007-07-25
5.8CVE-2007-3982
MILW0RM
BID
SECUNIA
Data Dynamics -- ActiveReportsAbsolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-25
6.8CVE-2007-3983
SECUNIA
Elite Forum -- Elite ForumCross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412.
unknown
2007-07-25
4.3CVE-2007-3975
BUGTRAQ
Eset Software -- NOD32 AntivirusRace condition in ESET NOD32 Antivirus before 2.2289 allows remote attackers to execute arbitrary code via a crafted CAB file, which triggers heap corruption.
unknown
2007-07-25
5.0CVE-2007-3970
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Eset Software -- NOD32 AntivirusInteger overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop.
unknown
2007-07-25
5.0CVE-2007-3971
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Eset Software -- NOD32 AntivirusESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error.
unknown
2007-07-25
5.0CVE-2007-3972
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
FSP -- C LibraryMultiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.
unknown
2007-07-25
5.0CVE-2006-7221
OTHER-REF
OTHER-REF
FSP -- C LibraryOff-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.
unknown
2007-07-25
5.0CVE-2007-3961
OTHER-REF
OTHER-REF
SECUNIA
FSP -- C LibraryMultiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.
unknown
2007-07-25
6.4CVE-2007-3962
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Gentoo -- NVClockThe set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
unknown
2007-07-25
6.6CVE-2007-3531
OTHER-REF
GENTOO
BID
SECUNIA
SECUNIA
IBM -- AIXStack-based buffer overflow in capture in IBM AIX 5.3 SP6 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
unknown
2007-07-26
6.9CVE-2007-3333
IDEFENSE
IBM -- AIXpioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
unknown
2007-07-26
6.9CVE-2007-4003
IDEFENSE
IBM -- AIXBuffer overflow in the ftp client in IBM AIX 5.3 SP6 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
unknown
2007-07-26
6.9CVE-2007-4004
IDEFENSE
iExpress -- Munch ProSQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880.
unknown
2007-07-25
5.0CVE-2007-3966
BUGTRAQ
BID
Ipswitch -- Ipswitch Collaboration Suite
Ipswitch -- IMserver
The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.
unknown
2007-07-24
5.0CVE-2007-3959
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
ISC -- BINDThe default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
unknown
2007-07-24
5.8CVE-2007-2925
OTHER-REF
FRSIRT
ISC -- BINDISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
unknown
2007-07-24
6.8CVE-2007-2926
OTHER-REF
FRSIRT
SECUNIA
Itaka -- ItakaItaka before 0.2.1, when using Authentication mode, allows remote attackers to bypass authentication and obtain sensitive information by downloading screenshots via a direct request for /screenshot.
unknown
2007-07-25
5.0CVE-2007-3964
OTHER-REF
BID
SECUNIA
Jasmine -- CMSCross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-20
4.3CVE-2007-3941
BID
SECUNIA
XF
JBlog -- JBlogMultiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.
unknown
2007-07-25
6.8CVE-2007-3973
BUGTRAQ
MILW0RM
BID
Kerio -- Kerio MailServerUnspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
unknown
2007-07-25
5.8CVE-2007-3993
OTHER-REF
SECUNIA
lighttpd -- lighttpdmod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.
unknown
2007-07-23
6.4CVE-2007-3946
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
lighttpd -- lighttpdrequest.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.
unknown
2007-07-23
5.8CVE-2007-3947
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
lighttpd -- lighttpdconnections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.
unknown
2007-07-23
4.3CVE-2007-3948
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
lighttpd -- lighttpdlighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.
unknown
2007-07-23
4.3CVE-2007-3950
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECUNIA
LinkedIn -- ToolbarBuffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.
unknown
2007-07-24
6.8CVE-2007-3955
MILW0RM
OTHER-REF
BID
FRSIRT
SECUNIA
Linux -- RSBACRule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
unknown
2007-07-23
6.4CVE-2007-3945
BUGTRAQ
OTHER-REF
BID
SECUNIA
Microsoft -- Internet Explorer
Mozilla -- SeaMonkey
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.
unknown
2007-07-24
4.3CVE-2007-3954
OTHER-REF
BID
Mike Dubman -- Windows RSH daemonStack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp).
unknown
2007-07-25
5.0CVE-2007-4005
MILW0RM
BID
Mike Dubman -- Windows RSH daemonBuffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-07-25
6.8CVE-2007-4006
OTHER-REF
NetArt Media -- Blog SystemSQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
unknown
2007-07-25
6.8CVE-2007-3979
MILW0RM
BID
XF
Nipun Jain -- xserverBuffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.
unknown
2007-07-24
5.0CVE-2007-3957
MILW0RM
Norman -- Norman Virus ControlThe OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.
unknown
2007-07-24
4.3CVE-2007-3953
BUGTRAQ
OTHER-REF
PHP -- dirLISTDirectory traversal vulnerability in index.php in PHP Directory Lister (dirLIST) before 0.1.1 allows remote attackers to list the contents of a parent directory via a .. (dot dot) in the folder parameter.
unknown
2007-07-25
5.0CVE-2007-3967
OTHER-REF
BID
SECUNIA
PHP -- dirLISTindex.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded folder via a modified URL containing the folder name.
unknown
2007-07-25
5.0CVE-2007-3968
OTHER-REF
BID
SECUNIA
PHP -- PHPThe win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
unknown
2007-07-25
6.8CVE-2007-4010
MILW0RM
BID
QuickerSite -- QuickerSiteCross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information.
unknown
2007-07-20
4.3CVE-2007-3940
OTHER-REF
BID
SECUNIA
XF
Secure Computing -- SecurityReporterDirectory traversal vulnerability in file.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to download arbitrary files via a .. (dot dot) in the name parameter.
unknown
2007-07-25
5.0CVE-2007-3985
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Secure Computing -- SecurityReporterfile.cgi in Secure Computing SecurityReporter (aka Network Security Analyzer) 4.6.3 allows remote attackers to bypass authentication via a name parameter that specifies the eventcache directory and a non-GIF file, which causes the $dontvalidate variable to be set to true. NOTE: a separate traversal vulnerability could be leveraged to download arbitrary files.
unknown
2007-07-25
5.0CVE-2007-3986
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Simple Machines -- Simple Machines Forum** DISPUTED ** Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use.
unknown
2007-07-20
5.8CVE-2007-3942
BUGTRAQ
BUGTRAQ
XF
Sun -- Java System Application ServerUnspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
unknown
2007-07-26
4.3CVE-2007-4025
SUNALERT
SECUNIA
Telaxus LLC -- epesiepesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.
unknown
2007-07-26
6.8CVE-2007-4026
OTHER-REF
SECUNIA
ufmod -- ufmod Xm player LibraryUnspecified vulnerability in uFMOD before 1.2.5 has unknown impact and attack vectors, possibly related to malformed files, and possibly an integer signedness error for relative note instruments.
unknown
2007-07-25
6.8CVE-2007-3965
OTHER-REF
BID
SECUNIA
Virtual Hosting Control System -- Virtual Hosting Control SystemSession fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
unknown
2007-07-25
6.0CVE-2007-3988
BUGTRAQ
BID
SECUNIA
W1L3D4 -- PhilboardCross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-26
4.3CVE-2007-4024
SECUNIA
WordPress -- Blix
WordPress -- BlixKrieg
WordPress -- Blixed
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-07-25
4.3CVE-2007-4014
BID
SECUNIA
SECUNIA
SECUNIA
XF
XF
XF
Zenturi -- Zenturi ProgramCheckerBuffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987.
unknown
2007-07-25
6.4CVE-2007-3984
MILW0RM
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.