U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-225)

Vulnerability Summary for the Week of August 6, 2007

Original release date: August 13, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AceBoard -- AceBoard ForumSQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-08-07
7.5CVE-2007-4209
BUGTRAQ
BID
AL-Athkar -- AL-AthkarMultiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.
unknown
2007-08-07
10.0CVE-2007-4170
BUGTRAQ
AL-Caricatier -- AL-CaricatierPHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter.
unknown
2007-08-07
7.5CVE-2007-4167
BUGTRAQ
Andreas Robertz -- php newsPHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
unknown
2007-08-08
7.5CVE-2007-4232
MILW0RM
BID
XF
Astaro -- Security GatewayThe pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
unknown
2007-08-08
7.5CVE-2007-4242
BUGTRAQ
XF
Astaro -- Security_GatewayUnspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
unknown
2007-08-08
7.8CVE-2007-4243
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
XF
auraCMS -- Modul Forum SederhanaSQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
7.5CVE-2007-4171
MILW0RM
SECUNIA
BlueCat Networks -- AdonisDirectory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
unknown
2007-08-08
8.5CVE-2007-4226
BUGTRAQ
BID
SECTRACK
XF
Cisco -- IOSBuffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via unknown vectors.
unknown
2007-08-09
9.3CVE-2007-4286
CISCO
BID
FRSIRT
Cisco -- IOSCisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
unknown
2007-08-09
7.1CVE-2007-4291
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSMultiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.
unknown
2007-08-09
7.1CVE-2007-4292
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSCisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
unknown
2007-08-09
7.1CVE-2007-4293
CISCO
BID
SECTRACK
SECUNIA
Coppermine -- Coppermine Photo GalleryPHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
unknown
2007-08-09
7.5CVE-2007-4283
BUGTRAQ
Envolution -- EnvolutionSQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
unknown
2007-08-08
7.5CVE-2007-4253
MILW0RM
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter.
unknown
2007-08-08
10.0CVE-2007-4261
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
EZ photo sales -- EZ photo salesUnrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.
unknown
2007-08-08
8.5CVE-2007-4262
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FishCart -- FishCartPHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
unknown
2007-08-09
7.5CVE-2007-4287
MILW0RM
VIM
FrontAccounting -- FrontAccountingPHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
unknown
2007-08-09
7.5CVE-2007-4279
MILW0RM
BID
SECUNIA
Help Center Live -- Help Center LiveThe check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
unknown
2007-08-08
8.3CVE-2007-4240
BID
SECUNIA
XF
HP -- Shared Trace Service
HP -- OpenView Operations
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
unknown
2007-08-09
9.3CVE-2007-3872
IDEFENSE
HP
HP
HP -- HP-UXBuffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
unknown
2007-08-08
10.0CVE-2007-4241
IDEFENSE
BID
Hunkaray Okul -- PortalySQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.
unknown
2007-08-07
7.5CVE-2007-4173
BUGTRAQ
OTHER-REF
BID
SECUNIA
Index Script -- Index ScriptMultiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069.
unknown
2007-08-03
7.5CVE-2007-4163
OTHER-REF
Jem's Scripts -- BellaBiblio** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash.
unknown
2007-08-08
7.5CVE-2007-4230
BUGTRAQ
VIM
VIM
VIM
BID
Joomla -- JoomlaSQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
unknown
2007-08-07
7.5CVE-2007-4184
BUGTRAQ
Joomla -- Tour de France PoolPHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-08-07
7.5CVE-2007-4186
BUGTRAQ
OTHER-REF
BID
Joomla -- JoomlaMultiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.
unknown
2007-08-07
7.5CVE-2007-4187
BUGTRAQ
OTHER-REF
Joomla -- JoomlaSession fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
unknown
2007-08-07
9.3CVE-2007-4188
OTHER-REF
FRSIRT
SECUNIA
Joomla -- J_ReactionsPHP remote file inclusion vulnerability in langset.php in the J! Reactions (com_jreactions) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
unknown
2007-08-08
7.5CVE-2007-4244
BUGTRAQ
OTHER-REF
BID
Linux-HA -- heartbeatXHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
unknown
2007-08-07
7.1CVE-2007-4205
BUGTRAQ
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Mambo -- Mambo Open SourceSession fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
unknown
2007-08-07
9.3CVE-2007-4203
BUGTRAQ
Morgan IDS -- Next Gen Portfolio ManagerSQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
unknown
2007-08-07
7.5CVE-2007-4208
BUGTRAQ
BID
PHP -- PHPBuffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
unknown
2007-08-08
7.5CVE-2007-4255
MILW0RM
PHP Arena -- paBugsSQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
unknown
2007-08-07
7.5CVE-2007-4183
MILW0RM
BID
XF
ProZIlla -- ProZilla Pub siteSQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-08-08
7.5CVE-2007-4258
MILW0RM
BID
RedLine Software -- LANAI CMSMultiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
unknown
2007-08-07
7.5CVE-2007-4210
BUGTRAQ
BID
STADTAUS -- Guestbook ScriptMultiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, (3) inc/common.inc.php, or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/.
unknown
2007-08-09
7.5CVE-2007-4290
BUGTRAQ
Sun -- Java System Web ServerCRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
unknown
2007-08-07
7.5CVE-2007-4164
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
XF
The Sleuth Kit -- The Sleuth KitUse-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.
unknown
2007-08-07
7.5CVE-2007-4195
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
vgallite -- vgallite** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable.
unknown
2007-08-07
7.5CVE-2007-4169
BUGTRAQ
VietPHP -- VietPHPMultiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
unknown
2007-08-08
9.3CVE-2007-4235
BUGTRAQ
BID
WikiWebWeaver -- WikiWebWeaverUnrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.
unknown
2007-08-07
7.5CVE-2007-4182
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Searchbar -- Advanced SearchbarThe isChecked function in Toolbar.DLL in Advanced Searchbar allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4250
BUGTRAQ
AMG Soft -- WebdirectorCross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
unknown
2007-08-07
5.0CVE-2007-4178
OTHER-REF
BID
SECUNIA
Apache -- TomcatMultiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
unknown
2007-08-07
4.3CVE-2007-3384
BUGTRAQ
OTHER-REF
BID
SECTRACK
Atheros -- wireless adapter driversUnspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.
unknown
2007-08-07
5.0CVE-2007-2927
CERT-VN
BID
FRSIRT
BlueSky -- BlueSkychatHeap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.
unknown
2007-08-03
4.3CVE-2007-4145
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
Brian Carrier -- The Slueth Kiticat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
5.0CVE-2007-4196
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth Kiticat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
4.3CVE-2007-4197
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth KitThe fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.
unknown
2007-08-07
4.3CVE-2007-4198
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth KitBrian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.
unknown
2007-08-07
4.3CVE-2007-4199
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth Kitntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
4.3CVE-2007-4200
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
C-SAM -- OneWalletCross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
unknown
2007-08-08
4.3CVE-2007-4239
BUGTRAQ
BID
Camera Life -- Camera LifeMultiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.
unknown
2007-08-08
4.3CVE-2007-4233
OTHER-REF
OTHER-REF
BID
Camera Life -- Camera LifeUnspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information.
unknown
2007-08-08
4.3CVE-2007-4234
OTHER-REF
OTHER-REF
SECUNIA
Chilkat Software -- ASP StringAbsolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
unknown
2007-08-08
5.8CVE-2007-4252
MILW0RM
Cisco -- IOSUnspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
unknown
2007-08-08
6.0CVE-2007-4263
CISCO
BID
XF
Cisco -- MeetingPlace Web ConfrencingMultiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.
unknown
2007-08-09
4.3CVE-2007-4284
BUGTRAQ
BUGTRAQ
FULLDISC
CISCO
BID
FRSIRT
XF
Cisco -- IOSUnspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
unknown
2007-08-09
5.8CVE-2007-4285
CISCO
FRSIRT
Cisco -- Unified Communications ManagerUnspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
unknown
2007-08-09
6.8CVE-2007-4294
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSUnspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
unknown
2007-08-09
6.8CVE-2007-4295
CISCO
BID
SECTRACK
SECUNIA
DiMeMa -- CONTENTdmCross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search.
unknown
2007-08-08
4.3CVE-2007-4245
BUGTRAQ
BID
Dovecot -- DovecotThe ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
unknown
2007-08-07
6.0CVE-2007-4211
MLIST
BID
SECUNIA
XF
EQdkp -- EQdkp plusMultiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.
unknown
2007-08-07
6.8CVE-2007-4176
OTHER-REF
SECUNIA
ExportNation -- ExportNation ToolbarThe isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4249
BUGTRAQ
XF
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
unknown
2007-08-08
5.0CVE-2007-4259
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
unknown
2007-08-08
5.0CVE-2007-4260
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Guidance Software -- EnCaseGuidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036.
unknown
2007-08-07
4.3CVE-2007-4194
BUGTRAQ
Guidance Software -- EnCaseGuidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035.
unknown
2007-08-07
5.0CVE-2007-4201
BUGTRAQ
BUGTRAQ
OTHER-REF
Guidance Software -- EnCaseGuidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.
unknown
2007-08-07
4.3CVE-2007-4202
BUGTRAQ
BUGTRAQ
OTHER-REF
IBM -- AIXBuffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
unknown
2007-08-08
6.9CVE-2007-4236
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IBM -- AIXBuffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
unknown
2007-08-08
6.9CVE-2007-4237
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IBM -- AIXAIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
unknown
2007-08-08
6.9CVE-2007-4238
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IDE Group -- DVD Rental System DRSMultiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
unknown
2007-08-07
4.3CVE-2007-4192
FULLDISC
BID
IDE Group -- DVD Rental System DRSMultiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
unknown
2007-08-07
4.3CVE-2007-4193
FULLDISC
iDevspot -- PHPHostBotPHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
unknown
2007-08-08
6.8CVE-2007-4231
MILW0RM
BID
XF
Interact -- InteractMultiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
unknown
2007-08-07
4.3CVE-2007-4177
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- JoomlaJoomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.
unknown
2007-08-07
5.0CVE-2007-4185
BUGTRAQ
Joomla -- JoomlaMultiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
4.3CVE-2007-4189
OTHER-REF
FRSIRT
SECUNIA
Joomla -- JoomlaCRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
4.3CVE-2007-4190
OTHER-REF
FRSIRT
SECUNIA
Justsystem -- IchitaroUnspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
unknown
2007-08-08
6.8CVE-2007-4246
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Kai Blankenhorn Bitfolge -- Simple and Nice Index FileMultiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.
unknown
2007-08-09
4.3CVE-2007-4264
OTHER-REF
BID
XF
Kaspersky Lab -- Kaspersky Anti-SpamKaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.
unknown
2007-08-07
4.4CVE-2007-4206
OTHER-REF
BID
SECUNIA
XF
KDE -- KonquerorKDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
unknown
2007-08-08
6.8CVE-2007-4224
FULLDISC
KDE -- KonquerorVisual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
unknown
2007-08-08
6.8CVE-2007-4225
FULLDISC
KDE -- KonquerorUnspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-08
4.3CVE-2007-4229
OTHER-REF
BID
Kerberos Internet Services -- Gallery In A BoxSQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field.
unknown
2007-08-07
6.4CVE-2007-4207
BUGTRAQ
BID
knowledgetree -- Open SourceCross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.
unknown
2007-08-09
4.3CVE-2007-4281
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
LFS -- Live for speedMultiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
unknown
2007-08-08
6.8CVE-2007-4257
MILW0RM
MILW0RM
Linux -- KernelThe Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.
unknown
2007-08-09
5.8CVE-2007-3843
OTHER-REF
OTHER-REF
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
unknown
2007-08-08
4.3CVE-2007-4227
BUGTRAQ
BID
Microsoft -- windowsWindows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
unknown
2007-08-08
4.3CVE-2007-4247
BUGTRAQ
BID
Microsoft -- Windows Media PlayerMicrosoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
unknown
2007-08-09
4.3CVE-2007-4288
BUGTRAQ
OTHER-REF
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
unknown
2007-08-07
4.3CVE-2007-3844
OTHER-REF
OTHER-REF
BID
SECTRACK
SECTRACK
SECTRACK
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
unknown
2007-08-07
6.5CVE-2007-3845
OTHER-REF
OTHER-REF
Open WebMail -- Open WebMailMultiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameteter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) ! msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
unknown
2007-08-07
4.3CVE-2007-4172
OTHER-REF
BID
XF
OpenOffice -- OpenOfficeOpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
unknown
2007-08-08
4.3CVE-2007-4251
BUGTRAQ
OpenRat -- OpenRat CMSMultiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters.
unknown
2007-08-07
4.3CVE-2007-4175
OTHER-REF
BID
OpenSSL Project -- OpenSSLThe BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
unknown
2007-08-07
4.7CVE-2007-3108
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
Panda -- Panda AntiVirusPanda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
unknown
2007-08-07
6.9CVE-2007-4191
BUGTRAQ
BID
PHP -- PHP-NukeMultiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the the META tag.
unknown
2007-08-07
5.0CVE-2007-4212
BUGTRAQ
BID
Pluck -- Pluck** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files.
unknown
2007-08-07
5.0CVE-2007-4180
BUGTRAQ
OTHER-REF
VIM
Pluck -- Pluck** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.
unknown
2007-08-07
6.8CVE-2007-4181
BUGTRAQ
OTHER-REF
VIM
Serendipity -- SerendipityThe "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
unknown
2007-08-09
5.0CVE-2007-4282
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Sun -- Java System Portal ServerSun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
unknown
2007-08-09
6.8CVE-2007-4289
BUGTRAQ
OTHER-REF
OTHER-REF
SUNALERT
SECTRACK
SECUNIA
XF
Symantec -- Norton Internet Security
Symantec -- Norton System Works
Symantec -- Norton Antivirus
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
unknown
2007-08-09
6.8CVE-2007-2955
OTHER-REF
OTHER-REF
Toolbar Gaming -- Toolbar GamingThe CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4248
BUGTRAQ
Tor -- TorUnspecified vulnerability in Tor before 0.1.2.16, when ControlPort is enabled, might allow remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact, related to improper handling of multiple ControlPort authentication attempts.
unknown
2007-08-07
5.8CVE-2007-4174
MLIST
BID
FRSIRT
SECUNIA
Visionera AB -- VisionProjectMultiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.
unknown
2007-08-09
4.3CVE-2007-4265
OTHER-REF
BID
SECUNIA
XF
WordPress -- WordPressSQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
unknown
2007-08-03
6.5CVE-2007-4154
OTHER-REF
WordPress -- WordPress
Xu Yiyang -- Blue Memories Theme
Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-07
4.3CVE-2007-4165
SECUNIA
WordPress -- Unamed Theme
WordPress -- Unamed Theme SE
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
5.0CVE-2007-4166
OTHER-REF
SECUNIA
ynp -- Portal SystemsDirectory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
unknown
2007-08-08
5.0CVE-2007-4256
MILW0RM

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
unknown
2007-08-08
0.0CVE-2007-4254
MILW0RM
Asterisk -- s800i
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
unknown
2007-08-09
3.5CVE-2007-4280
OTHER-REF
BID
FRSIRT
SECUNIA
GNOME -- Display ManagerThe GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
unknown
2007-08-07
1.5CVE-2007-3381
OTHER-REF
SECUNIA
Hitachi -- Groupmax Collaboration Web Client
Hitachi -- Groupmax Collaboration Portal
Hitachi -- uCosminexus Collaboration Portal
Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information.
unknown
2007-08-07
3.5CVE-2007-4204
OTHER-REF
FRSIRT
XF
HP -- Address and Routing Parameter Area(ARPA) transportUnspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details.
unknown
2007-08-07
1.5CVE-2007-4179
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- AIXrmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
unknown
2007-08-08
1.9CVE-2007-4228
AIXAPAR
FRSIRT
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AceBoard -- AceBoard ForumSQL injection vulnerability in Recherche.php in Aceboard forum allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-08-07
7.5CVE-2007-4209
BUGTRAQ
BID
AL-Athkar -- AL-AthkarMultiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php.
unknown
2007-08-07
10.0CVE-2007-4170
BUGTRAQ
AL-Caricatier -- AL-CaricatierPHP remote file inclusion vulnerability in cat_viewed.php in AL-Caricatier 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the CatName parameter.
unknown
2007-08-07
7.5CVE-2007-4167
BUGTRAQ
Andreas Robertz -- php newsPHP remote file inclusion vulnerability in admin/inc/change_action.php in Andreas Robertz PHPNews 0.93 allows remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter.
unknown
2007-08-08
7.5CVE-2007-4232
MILW0RM
BID
XF
Astaro -- Security GatewayThe pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform virus scanning of attachments that exceed the maximum attachment size, and passes these attachments, which allows remote attackers to bypass this scanning via a large attachment.
unknown
2007-08-08
7.5CVE-2007-4242
BUGTRAQ
XF
Astaro -- Security_GatewayUnspecified vulnerability in pfilter-reporter.pl in Astaro Security Gateway (ASG) 7 allows remote attackers to cause a denial of service (CPU consumption) via certain network traffic, as demonstrated by P2P and iTunes applications that download large amounts of data.
unknown
2007-08-08
7.8CVE-2007-4243
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
XF
auraCMS -- Modul Forum SederhanaSQL injection vulnerability in komentar.php in the Forum Module for auraCMS (Modul Forum Sederhana) allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
7.5CVE-2007-4171
MILW0RM
SECUNIA
BlueCat Networks -- AdonisDirectory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
unknown
2007-08-08
8.5CVE-2007-4226
BUGTRAQ
BID
SECTRACK
XF
Cisco -- IOSBuffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via unknown vectors.
unknown
2007-08-09
9.3CVE-2007-4286
CISCO
BID
FRSIRT
Cisco -- IOSCisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service via (1) a malformed MGCP packet, which causes a device hang, aka CSCsf08998; a malformed H.323 packet, which causes a device crash, as identified by (2) CSCsi60004 with Proxy Unregistration and (3) CSCsg70474; and a malformed Real-time Transport Protocol (RTP) packet, which causes a device crash, as identified by (4) CSCse68138, related to VOIP RTP Lib, and (5) CSCse05642, related to I/O memory corruption.
unknown
2007-08-09
7.1CVE-2007-4291
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSMultiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote attackers to cause a denial of service (device crash) via a malformed SIP packet, aka (1) CSCsf11855, (2) CSCeb21064, (3) CSCse40276, (4) CSCse68355, (5) CSCsf30058, (6) CSCsb24007, and (7) CSCsc60249.
unknown
2007-08-09
7.1CVE-2007-4292
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSCisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device crash) via (1) "abnormal" MGCP messages, aka CSCsd81407; and (2) a large facsimile packet, aka CSCej20505.
unknown
2007-08-09
7.1CVE-2007-4293
CISCO
BID
SECTRACK
SECUNIA
Coppermine -- Coppermine Photo GalleryPHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.
unknown
2007-08-09
7.5CVE-2007-4283
BUGTRAQ
Envolution -- EnvolutionSQL injection vulnerability in the News module in modules.php in Envolution 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2005-4263.
unknown
2007-08-08
7.5CVE-2007-4253
MILW0RM
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter.
unknown
2007-08-08
10.0CVE-2007-4261
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
EZ photo sales -- EZ photo salesUnrestricted file upload vulnerability in EZPhotoSales 1.9.3 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP code under OnlineViewing/galleries/.
unknown
2007-08-08
8.5CVE-2007-4262
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
FishCart -- FishCartPHP remote file inclusion vulnerability in fc_functions/fc_example.php in FishCart 3.2 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the docroot parameter.
unknown
2007-08-09
7.5CVE-2007-4287
MILW0RM
VIM
FrontAccounting -- FrontAccountingPHP remote file inclusion vulnerability in config.php in FrontAccounting 1.12 Build 31 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter.
unknown
2007-08-09
7.5CVE-2007-4279
MILW0RM
BID
SECUNIA
Help Center Live -- Help Center LiveThe check_logout function in class/auth.php in Help Center Live (hcl) 2.1.3a sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to delete administrative users and have other unspecified impact via certain requests to (1) admin/departments.php, (2) admin/operators.php, and other unspecified scripts. NOTE: some of these details are obtained from third party information.
unknown
2007-08-08
8.3CVE-2007-4240
BID
SECUNIA
XF
HP -- Shared Trace Service
HP -- OpenView Operations
Multiple stack-based buffer overflows in the Shared Trace Service (OVTrace) service for HP OpenView Operations A.07.50 for Windows, and possibly earlier versions, allow remote attackers to execute arbitrary code via certain crafted requests.
unknown
2007-08-09
9.3CVE-2007-3872
IDEFENSE
HP
HP
HP -- HP-UXBuffer overflow in ldcconn in Hewlett-Packard (HP) Controller for Cisco Local Director on HP-UX 11.11i allows remote attackers to execute arbitrary code via a long string to TCP port 17781.
unknown
2007-08-08
10.0CVE-2007-4241
IDEFENSE
BID
Hunkaray Okul -- PortalySQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.
unknown
2007-08-07
7.5CVE-2007-4173
BUGTRAQ
OTHER-REF
BID
SECUNIA
Index Script -- Index ScriptMultiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id, (2) start_id, (3) row[parent_id], and (4) row[cat_id] parameters to unspecified components, related to use of these parameters within include/utils.php. NOTE: the show_cat.php cat_id vector is already covered by CVE-2007-4069.
unknown
2007-08-03
7.5CVE-2007-4163
OTHER-REF
Jem's Scripts -- BellaBiblio** DISPUTED ** BellaBiblio allows remote attackers to gain administrative privileges via a bellabiblio cookie with the value "administrator." NOTE: this issue is disputed by CVE and multiple third parties because the cookie value must be an MD5 hash.
unknown
2007-08-08
7.5CVE-2007-4230
BUGTRAQ
VIM
VIM
VIM
BID
Joomla -- JoomlaSQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
unknown
2007-08-07
7.5CVE-2007-4184
BUGTRAQ
Joomla -- Tour de France PoolPHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-08-07
7.5CVE-2007-4186
BUGTRAQ
OTHER-REF
BID
Joomla -- JoomlaMultiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.
unknown
2007-08-07
7.5CVE-2007-4187
BUGTRAQ
OTHER-REF
Joomla -- JoomlaSession fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
unknown
2007-08-07
9.3CVE-2007-4188
OTHER-REF
FRSIRT
SECUNIA
Joomla -- J_ReactionsPHP remote file inclusion vulnerability in langset.php in the J! Reactions (com_jreactions) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.
unknown
2007-08-08
7.5CVE-2007-4244
BUGTRAQ
OTHER-REF
BID
Linux-HA -- heartbeatXHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance 5.0.2.8 allows remote attackers to cause a denial of service (heartbeat control process crash) via a UDP packet to port 694. NOTE: this may be the same as CVE-2006-3121.
unknown
2007-08-07
7.1CVE-2007-4205
BUGTRAQ
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Mambo -- Mambo Open SourceSession fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
unknown
2007-08-07
9.3CVE-2007-4203
BUGTRAQ
Morgan IDS -- Next Gen Portfolio ManagerSQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the (1) Users_Email or (2) Users_Password parameter in an ExecuteTheLogin action.
unknown
2007-08-07
7.5CVE-2007-4208
BUGTRAQ
BID
PHP -- PHPBuffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
unknown
2007-08-08
7.5CVE-2007-4255
MILW0RM
PHP Arena -- paBugsSQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
unknown
2007-08-07
7.5CVE-2007-4183
MILW0RM
BID
XF
ProZIlla -- ProZilla Pub siteSQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
unknown
2007-08-08
7.5CVE-2007-4258
MILW0RM
BID
RedLine Software -- LANAI CMSMultiple SQL injection vulnerabilities in module.php in LANAI (la-nai) CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via (1) the mid parameter in an faqviewgroup action in the FAQ Modules, (2) the cid parameter in the EZSHOPINGCART Modules, or (3) the gid parameter in a view action in the GALLERY Modules.
unknown
2007-08-07
7.5CVE-2007-4210
BUGTRAQ
BID
STADTAUS -- Guestbook ScriptMultiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, (3) inc/common.inc.php, or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/.
unknown
2007-08-09
7.5CVE-2007-4290
BUGTRAQ
Sun -- Java System Web ServerCRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function (SAF) uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.
unknown
2007-08-07
7.5CVE-2007-4164
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
XF
The Sleuth Kit -- The Sleuth KitUse-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.
unknown
2007-08-07
7.5CVE-2007-4195
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
vgallite -- vgallite** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable.
unknown
2007-08-07
7.5CVE-2007-4169
BUGTRAQ
VietPHP -- VietPHPMultiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.
unknown
2007-08-08
9.3CVE-2007-4235
BUGTRAQ
BID
WikiWebWeaver -- WikiWebWeaverUnrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/.
unknown
2007-08-07
7.5CVE-2007-4182
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Advanced Searchbar -- Advanced SearchbarThe isChecked function in Toolbar.DLL in Advanced Searchbar allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4250
BUGTRAQ
AMG Soft -- WebdirectorCross-site scripting (XSS) vulnerability in index.php in WebDirector 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the deslocal parameter.
unknown
2007-08-07
5.0CVE-2007-4178
OTHER-REF
BID
SECUNIA
Apache -- TomcatMultiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
unknown
2007-08-07
4.3CVE-2007-3384
BUGTRAQ
OTHER-REF
BID
SECTRACK
Atheros -- wireless adapter driversUnspecified vulnerability in Atheros 802.11 a/b/g wireless adapter drivers before 5.3.0.35, and 6.x before 6.0.3.67, on Windows allows remote attackers to cause a denial of service via a crafted 802.11 management frame.
unknown
2007-08-07
5.0CVE-2007-2927
CERT-VN
BID
FRSIRT
BlueSky -- BlueSkychatHeap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.
unknown
2007-08-03
4.3CVE-2007-4145
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
BID
XF
Brian Carrier -- The Slueth Kiticat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
5.0CVE-2007-4196
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth Kiticat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
4.3CVE-2007-4197
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth KitThe fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.
unknown
2007-08-07
4.3CVE-2007-4198
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth KitBrian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.
unknown
2007-08-07
4.3CVE-2007-4199
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
Brian Carrier -- The Slueth Kitntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.
unknown
2007-08-07
4.3CVE-2007-4200
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
BID
C-SAM -- OneWalletCross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 210_07062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter.
unknown
2007-08-08
4.3CVE-2007-4239
BUGTRAQ
BID
Camera Life -- Camera LifeMultiple unspecified vulnerabilities in Camera Life before 2.6 allow attackers to cause a denial of service via unknown vectors.
unknown
2007-08-08
4.3CVE-2007-4233
OTHER-REF
OTHER-REF
BID
Camera Life -- Camera LifeUnspecified vulnerability in Camera Life before 2.6 allows remote attackers to download private photos via unspecified vectors associated with the names of the photos. NOTE: some of these details are obtained from third party information.
unknown
2007-08-08
4.3CVE-2007-4234
OTHER-REF
OTHER-REF
SECUNIA
Chilkat Software -- ASP StringAbsolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
unknown
2007-08-08
5.8CVE-2007-4252
MILW0RM
Cisco -- IOSUnspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
unknown
2007-08-08
6.0CVE-2007-4263
CISCO
BID
XF
Cisco -- MeetingPlace Web ConfrencingMultiple cross-site scripting (XSS) vulnerabilities in Cisco Unified MeetingPlace Web Conferencing (MP) 5.3.235.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) Success Template (STPL) and (2) Failure Template (FTPL) parameters, which are not properly handled in an error message.
unknown
2007-08-09
4.3CVE-2007-4284
BUGTRAQ
BUGTRAQ
FULLDISC
CISCO
BID
FRSIRT
XF
Cisco -- IOSUnspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
unknown
2007-08-09
5.8CVE-2007-4285
CISCO
FRSIRT
Cisco -- Unified Communications ManagerUnspecified vulnerability in Cisco Unified Communications Manager (CUCM) 5.0, 5.1, and 6.0, and IOS 12.0 through 12.4, allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80102.
unknown
2007-08-09
6.8CVE-2007-4294
CISCO
BID
SECTRACK
SECUNIA
Cisco -- IOSUnspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to execute arbitrary code via a malformed SIP packet, aka CSCsi80749.
unknown
2007-08-09
6.8CVE-2007-4295
CISCO
BID
SECTRACK
SECUNIA
DiMeMa -- CONTENTdmCross-site scripting (XSS) vulnerability in Search.php in DiMeMa CONTENTdm (CDM) allows remote attackers to inject arbitrary web script or HTML via a search.
unknown
2007-08-08
4.3CVE-2007-4245
BUGTRAQ
BID
Dovecot -- DovecotThe ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
unknown
2007-08-07
6.0CVE-2007-4211
MLIST
BID
SECUNIA
XF
EQdkp -- EQdkp plusMultiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have unknown impact and attack vectors.
unknown
2007-08-07
6.8CVE-2007-4176
OTHER-REF
SECUNIA
ExportNation -- ExportNation ToolbarThe isChecked function in Toolbar.DLL in the ExportNation toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4249
BUGTRAQ
XF
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via (1) a direct request for a URL under OnlineViewing/galleries/ or (2) navigation of the gallery user interface with JavaScript disabled.
unknown
2007-08-08
5.0CVE-2007-4259
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
EZ photo sales -- EZ photo salesEZPhotoSales 1.9.3 and earlier has a default "admin" account for galleries, which allows remote attackers to access arbitrary galleries by specifying this username.
unknown
2007-08-08
5.0CVE-2007-4260
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
Guidance Software -- EnCaseGuidance Software EnCase 5.0 allows user-assisted remote attackers to cause a denial of service (stack memory consumption) and possibly have other unspecified impact via a malformed file, related to "EnCase's file system parsing." NOTE: this information is based upon a vague pre-advisory. It might overlap CVE-2007-4036.
unknown
2007-08-07
4.3CVE-2007-4194
BUGTRAQ
Guidance Software -- EnCaseGuidance Software EnCase 6.2 and 6.5 does not properly handle a volume with more than 25 partitions, which might allow remote attackers to prevent examination of certain data, a related issue to CVE-2007-4035.
unknown
2007-08-07
5.0CVE-2007-4201
BUGTRAQ
BUGTRAQ
OTHER-REF
Guidance Software -- EnCaseGuidance Software EnCase Enterprise Edition (EEE) 6 does not properly verify the identity of the acquisition target during communication with the EnCase Servlet (EEE servlet), which might allow remote attackers to spoof the disk image.
unknown
2007-08-07
4.3CVE-2007-4202
BUGTRAQ
BUGTRAQ
OTHER-REF
IBM -- AIXBuffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
unknown
2007-08-08
6.9CVE-2007-4236
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IBM -- AIXBuffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
unknown
2007-08-08
6.9CVE-2007-4237
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IBM -- AIXAIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.
unknown
2007-08-08
6.9CVE-2007-4238
AIXAPAR
AIXAPAR
FRSIRT
SECTRACK
IDE Group -- DVD Rental System DRSMultiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
unknown
2007-08-07
4.3CVE-2007-4192
FULLDISC
BID
IDE Group -- DVD Rental System DRSMultiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.
unknown
2007-08-07
4.3CVE-2007-4193
FULLDISC
iDevspot -- PHPHostBotPHP remote file inclusion vulnerability in order/login.php in IDevSpot PhpHostBot 1.06 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the svr_rootscript parameter, a different vector than CVE-2007-4094 and CVE-2006-3776.
unknown
2007-08-08
6.8CVE-2007-4231
MILW0RM
BID
XF
Interact -- InteractMultiple cross-site scripting (XSS) vulnerabilities in Interact before 2.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2007-3328.
unknown
2007-08-07
4.3CVE-2007-4177
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- JoomlaJoomla! 1.0.12 allows remote attackers to obtain sensitive information via a direct request for (1) Stat.php (2) OutputFilter.php, (3) OutputCache.php, (4) Modifier.php, (5) Reader.php, and (6) TemplateCache.php in includes/patTemplate/patTemplate/; (7) includes/Cache/Lite/Output.php; and other unspecified components, which reveal the path in various error messages.
unknown
2007-08-07
5.0CVE-2007-4185
BUGTRAQ
Joomla -- JoomlaMultiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
4.3CVE-2007-4189
OTHER-REF
FRSIRT
SECUNIA
Joomla -- JoomlaCRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
4.3CVE-2007-4190
OTHER-REF
FRSIRT
SECUNIA
Justsystem -- IchitaroUnspecified vulnerability, possibly a buffer overflow, in Justsystem Ichitaro 2007 and earlier allows remote attackers to execute arbitrary code via a modified document, as actively exploited in August 2007 by malware such as Tarodrop.D (Tarodrop.Q), a different vulnerability than CVE-2006-4326, CVE-2006-5424, CVE-2006-6400, and CVE-2007-1938.
unknown
2007-08-08
6.8CVE-2007-4246
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Kai Blankenhorn Bitfolge -- Simple and Nice Index FileMultiple cross-site scripting (XSS) vulnerabilities in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) path and (2) download parameters.
unknown
2007-08-09
4.3CVE-2007-4264
OTHER-REF
BID
XF
Kaspersky Lab -- Kaspersky Anti-SpamKaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets incorrect permissions for application files in certain upgrade scenarios, which might allow local users to gain privileges.
unknown
2007-08-07
4.4CVE-2007-4206
OTHER-REF
BID
SECUNIA
XF
KDE -- KonquerorKDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
unknown
2007-08-08
6.8CVE-2007-4224
FULLDISC
KDE -- KonquerorVisual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
unknown
2007-08-08
6.8CVE-2007-4225
FULLDISC
KDE -- KonquerorUnspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-08
4.3CVE-2007-4229
OTHER-REF
BID
Kerberos Internet Services -- Gallery In A BoxSQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field.
unknown
2007-08-07
6.4CVE-2007-4207
BUGTRAQ
BID
knowledgetree -- Open SourceCross-site scripting (XSS) vulnerability in KnowledgeTree Open Source 3.4 and 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the login field on the login page, and other unspecified vectors.
unknown
2007-08-09
4.3CVE-2007-4281
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
LFS -- Live for speedMultiple buffer overflows in Live for Speed (LFS) S1 and S2 allow user-assisted remote attackers to execute arbitrary code via (1) a .spr file (single player replay file) containing a long user name or (2) a .ply file containing a long number plate string, different vectors than CVE-2007-4140.
unknown
2007-08-08
6.8CVE-2007-4257
MILW0RM
MILW0RM
Linux -- KernelThe Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.
unknown
2007-08-09
5.8CVE-2007-3843
OTHER-REF
OTHER-REF
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain JPG file, as demonstrated by something.jpg. NOTE: this issue might be related to CVE-2007-3958.
unknown
2007-08-08
4.3CVE-2007-4227
BUGTRAQ
BID
Microsoft -- windowsWindows Calendar on Microsoft Windows Vista allows remote attackers to cause a denial of service (NULL dereference and persistent application crash) via a malformed ICS file.
unknown
2007-08-08
4.3CVE-2007-4247
BUGTRAQ
BID
Microsoft -- Windows Media PlayerMicrosoft Windows Media Player 11 (wmplayer.exe) allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .au file that triggers a divide-by-zero error, as demonstrated by iapetus.au.
unknown
2007-08-09
4.3CVE-2007-4288
BUGTRAQ
OTHER-REF
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.
unknown
2007-08-07
4.3CVE-2007-3844
OTHER-REF
OTHER-REF
BID
SECTRACK
SECTRACK
SECTRACK
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."
unknown
2007-08-07
6.5CVE-2007-3845
OTHER-REF
OTHER-REF
Open WebMail -- Open WebMailMultiple cross-site scripting (XSS) vulnerabilities in Open Webmail (OWM) 2.52 20060831 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchtype, (2) longpage, and (3) page parameters to (a) openwebmail-main.pl; the (4) prefs_caller, (5) userfirsttime, (6) page, (7) sort, (8) folder, and (9) message_id parameters to (b) openwebmail-prefs.pl; the (10) compose_caller, (11) msgdatetype, (12) keyword, (13) searchtype, (14) folder, (15) page, and (16) sort parameters to (c) openwebmail-send.pl; the (17) folder, (18) page, and (19) sort parameters to (d) openwebmail-folder.pl; the (20) searchtype, (21) page, (22) filesort, (23) singlepage, (24) showhidden, (25) showthumbnail, and (26) message_id parameters to (e) openwebmail-webdisk.pl; the (27) folder parameteter to (f) openwebmail-advsearch.pl; and the (28) abookcollapse, (29) abooksearchtype, (30) abooksort, (31) abooklongpage, (32) abookpage, (33) message_id, (34) searchtype, (35) ! msgdatetype, (36) sort, (37) page, (38) rootxowmuid, and (39) listviewmode parameters to (g) openwebmail-abook.pl, different vectors than CVE-2005-2863, CVE-2006-2190, CVE-2006-3229, and CVE-2006-3233.
unknown
2007-08-07
4.3CVE-2007-4172
OTHER-REF
BID
XF
OpenOffice -- OpenOfficeOpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
unknown
2007-08-08
4.3CVE-2007-4251
BUGTRAQ
OpenRat -- OpenRat CMSMultiple cross-site scripting (XSS) vulnerabilities in index.php in OpenRat CMS 0.8-beta1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subaction and (2) action parameters.
unknown
2007-08-07
4.3CVE-2007-4175
OTHER-REF
BID
OpenSSL Project -- OpenSSLThe BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
unknown
2007-08-07
4.7CVE-2007-3108
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
Panda -- Panda AntiVirusPanda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
unknown
2007-08-07
6.9CVE-2007-4191
BUGTRAQ
BID
PHP -- PHP-NukeMultiple cross-site scripting (XSS) vulnerabilities in the Search Module in PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via a trailing "<" instead of a ">" in (1) the onerror attribute of an IMG element, (2) the onload attribute of an IFRAME element, or (3) redirect users to other sites via the the META tag.
unknown
2007-08-07
5.0CVE-2007-4212
BUGTRAQ
BID
Pluck -- Pluck** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files.
unknown
2007-08-07
5.0CVE-2007-4180
BUGTRAQ
OTHER-REF
VIM
Pluck -- Pluck** DISPUTED ** PHP remote file inclusion vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: A reliable third party disputes this vulnerability because the applicable include is within a function that does not receive the dir parameter from an HTTP request.
unknown
2007-08-07
6.8CVE-2007-4181
BUGTRAQ
OTHER-REF
VIM
Serendipity -- SerendipityThe "Extended properties for entries" (entryproperties) plugin in serendipity_event_entryproperties.php in Serendipity 1.1.3 allows remote authenticated users to bypass password protection and "deliver custom entryproperties settings to the Serendipity Frontend" via a certain request that modifies the password being checked.
unknown
2007-08-09
5.0CVE-2007-4282
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Sun -- Java System Portal ServerSun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.
unknown
2007-08-09
6.8CVE-2007-4289
BUGTRAQ
OTHER-REF
OTHER-REF
SUNALERT
SECTRACK
SECUNIA
XF
Symantec -- Norton Internet Security
Symantec -- Norton System Works
Symantec -- Norton Antivirus
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
unknown
2007-08-09
6.8CVE-2007-2955
OTHER-REF
OTHER-REF
Toolbar Gaming -- Toolbar GamingThe CallCmd function in toolbar_gaming.dll in the Toolbar Gaming toolbar for Internet Explorer allows remote attackers to cause a denial of service (NULL dereference and browser crash) via unspecified vectors.
unknown
2007-08-08
4.3CVE-2007-4248
BUGTRAQ
Tor -- TorUnspecified vulnerability in Tor before 0.1.2.16, when ControlPort is enabled, might allow remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact, related to improper handling of multiple ControlPort authentication attempts.
unknown
2007-08-07
5.8CVE-2007-4174
MLIST
BID
FRSIRT
SECUNIA
Visionera AB -- VisionProjectMultiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.do, the (3) folderId parameter in ProjectDocuments.do and the (4) sortField parameter in ProjectIssues.do.
unknown
2007-08-09
4.3CVE-2007-4265
OTHER-REF
BID
SECUNIA
XF
WordPress -- WordPressSQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.
unknown
2007-08-03
6.5CVE-2007-4154
OTHER-REF
WordPress -- WordPress
Xu Yiyang -- Blue Memories Theme
Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-07
4.3CVE-2007-4165
SECUNIA
WordPress -- Unamed Theme
WordPress -- Unamed Theme SE
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.
unknown
2007-08-07
5.0CVE-2007-4166
OTHER-REF
SECUNIA
ynp -- Portal SystemsDirectory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
unknown
2007-08-08
5.0CVE-2007-4256
MILW0RM

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
unknown
2007-08-08
0.0CVE-2007-4254
MILW0RM
Asterisk -- s800i
Asterisk -- AsteriskNOW
Asterisk -- Asterisk
Asterisk -- Asterisk Appliance Developer Kit
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.
unknown
2007-08-09
3.5CVE-2007-4280
OTHER-REF
BID
FRSIRT
SECUNIA
GNOME -- Display ManagerThe GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
unknown
2007-08-07
1.5CVE-2007-3381
OTHER-REF
SECUNIA
Hitachi -- Groupmax Collaboration Web Client
Hitachi -- Groupmax Collaboration Portal
Hitachi -- uCosminexus Collaboration Portal
Hitachi Groupmax Collaboration - Schedule, as used in Groupmax Collaboration Portal 07-32 through 07-32-/B, uCosminexus Collaboration Portal 06-32 through 06-32-/B, and Groupmax Collaboration Web Client - Mail/Schedule 07-32 through 07-32-/A, can assign schedule data to the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information.
unknown
2007-08-07
3.5CVE-2007-4204
OTHER-REF
FRSIRT
XF
HP -- Address and Routing Parameter Area(ARPA) transportUnspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details.
unknown
2007-08-07
1.5CVE-2007-4179
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- AIXrmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
unknown
2007-08-08
1.9CVE-2007-4228
AIXAPAR
FRSIRT
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top