U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-246)

Vulnerability Summary for the Week of August 27, 2007

Original release date: September 04, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2532Gigs -- 2532GigsDirectory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2007-08-28
8.5CVE-2007-4585
MILW0RM
BID
FRSIRT
SECUNIA
ACTi -- Network Video RecorderBuffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.
unknown
2007-08-28
7.5CVE-2007-4582
MILW0RM
ACTi -- Network Video RecorderMultiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
unknown
2007-08-28
7.8CVE-2007-4583
MILW0RM
MILW0RM
Agares Media -- ArcademPHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
unknown
2007-08-27
7.5CVE-2007-4551
OTHER-REF
OTHER-REF
BID
SECUNIA
Agares Media -- ArcademSQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.
unknown
2007-08-27
7.5CVE-2007-4552
OTHER-REF
OTHER-REF
BID
SECUNIA
Algera -- ABC eStoreSQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
unknown
2007-08-30
7.5CVE-2007-4627
MILW0RM
BID
XF
Alpha Centauri Software -- SIDVault LDAP ServerMultiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.
unknown
2007-08-27
9.3CVE-2007-4566
FULLDISC
FRSIRT
SECUNIA
AlterCoder -- ACG NewsMultiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.
unknown
2007-08-30
7.5CVE-2007-4603
MILW0RM
OTHER-REF
BID
XF
Apache Software Foundation -- GeronimoThe login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
unknown
2007-08-27
10.0CVE-2007-4548
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
unknown
2007-08-30
7.5CVE-2007-4614
BEA
BID
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.
unknown
2007-08-30
7.8CVE-2007-4617
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
unknown
2007-08-30
7.8CVE-2007-4618
BEA
BID
FRSIRT
SECUNIA
BitchX -- BitchXStack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
unknown
2007-08-28
10.0CVE-2007-4584
MILW0RM
SECUNIA
Clam Anti-Virus -- ClamAVclamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
unknown
2007-08-27
10.0CVE-2007-4560
BUGTRAQ
OTHER-REF
BID
Dale Mooney -- Calendar EventsSQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
7.5CVE-2007-4611
BUGTRAQ
BID
XF
DinkumSoft.com -- DL PayCartSQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
unknown
2007-08-30
7.5CVE-2007-4604
MILW0RM
InterWorx -- InterWorx-CPMultiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
unknown
2007-08-28
7.5CVE-2007-4588
BUGTRAQ
BID
InterWorx -- InterWorx-CPMultiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.
unknown
2007-08-28
7.5CVE-2007-4589
BUGTRAQ
BID
Microsoft -- MSN Messenger Service
Microsoft -- Windows Live Messenger
Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.
unknown
2007-08-28
9.3CVE-2007-4579
OTHER-REF
FRSIRT
SECUNIA
Motorola -- TimbuktuDirectory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.
unknown
2007-08-28
7.8CVE-2007-4220
IDEFENSE
OTHER-REF
BID
SECUNIA
Motorola -- TimbuktuMultiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name.
unknown
2007-08-28
9.3CVE-2007-4221
IDEFENSE
OTHER-REF
BID
SECUNIA
Olate -- OlateDownloadMultiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
unknown
2007-08-27
7.5CVE-2007-4540
BUGTRAQ
OTHER-REF
BID
XF
Oracle -- JInitiatorMultiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier allow remote attackers to execute arbitrary code via unspecified "initialization parameters."
unknown
2007-08-30
9.3CVE-2007-4467
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
PHP -- PHPMultiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
unknown
2007-08-28
7.5CVE-2007-4586
MILW0RM
XF
PHP -- PHPThe perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
unknown
2007-08-30
7.5CVE-2007-4596
MILW0RM
phpns -- phpnsSQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
7.5CVE-2007-4628
MILW0RM
OTHER-REF
BID
XF
PHPNuke-Clan -- PHPNuke-ClanPHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself.
unknown
2007-08-30
7.5CVE-2007-4606
MILW0RM
Quicksoft -- EasyMail Objects
Gate Comm Software -- Postcast Server Pro
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029.
unknown
2007-08-30
7.5CVE-2007-4607
MILW0RM
BID
RealNetworks -- Helix DNA ServerHeap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
unknown
2007-08-27
7.5CVE-2007-4561
FULLDISC
OTHER-REF
BID
SECTRACK
Sophos -- Anti-Virus
Sophos -- Scanning Engine
Sophos -- Small Business Suite
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
unknown
2007-08-28
7.1CVE-2007-4578
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Trustware -- BufferZoneBuffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by sending a small buffer size value to the FsSetVolumeInformation IOCTL handler code with a FsSetDirectoryInformation subcode containing a large buffer.
2007-06-13
2007-08-28
7.2CVE-2007-4580
BUGTRAQ
SECUNIA
XF
Turnkey Web Tools -- SunShop Shopping CartSQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
unknown
2007-08-30
7.5CVE-2007-4597
MILW0RM
University of Minnesota -- MapserverBuffer overflow in the processLine funtion in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
unknown
2007-08-30
7.5CVE-2007-4629
OTHER-REF
OTHER-REF
FRSIRT
VWar -- Virtual WarPHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
unknown
2007-08-30
7.5CVE-2007-4605
MILW0RM
WBB2-Addon -- AcrotxtSQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.
unknown
2007-08-28
7.5CVE-2007-4581
MILW0RM
Winterburns.co.uk -- ePersonnelPHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.
unknown
2007-08-30
7.5CVE-2007-4608
BUGTRAQ
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AbleDesign -- Dynamic Picture FrameCross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-08-30
4.3CVE-2007-4624
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
ALTools -- ALPassMultiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.
unknown
2007-08-27
6.8CVE-2007-4549
OTHER-REF
BID
XF
ALTools -- ALPassFormat string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.
unknown
2007-08-27
5.1CVE-2007-4550
OTHER-REF
BID
Asterisk -- AsteriskAsterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
unknown
2007-08-27
5.0CVE-2007-4521
BUGTRAQ
OTHER-REF
DEBIAN
BID
SECTRACK
SECUNIA
SECUNIA
BEA Systems -- WebLogic ServerSSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
unknown
2007-08-30
6.8CVE-2007-4613
BEA
BID
BEA Systems -- WebLogic ServerThe SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
unknown
2007-08-30
6.4CVE-2007-4615
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
unknown
2007-08-30
6.4CVE-2007-4616
BEA
FRSIRT
SECTRACK
SECUNIA
Dale Mooney -- Moon GalleryUnrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.
unknown
2007-08-30
6.8CVE-2007-4610
BUGTRAQ
BID
SECUNIA
XF
Dale Mooney -- Contact FormCRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
unknown
2007-08-30
4.3CVE-2007-4612
BUGTRAQ
BID
XF
Entrust -- Entelligence Security ProviderEntrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-29
6.4CVE-2007-4594
BID
SECUNIA
Eric Raymond -- Fetchmailfetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
unknown
2007-08-27
5.0CVE-2007-4565
OTHER-REF
eyeOS Project -- eyeOSeyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.
unknown
2007-08-30
6.4CVE-2007-4609
BUGTRAQ
GNU -- tarDirectory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-24
6.8CVE-2007-4131
OTHER-REF
REDHAT
BID
guliverkli -- Media Player ClassicBuffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file.
unknown
2007-08-27
6.8CVE-2006-7222
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus DABroker
Hitachi -- DABroker
Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port."
unknown
2007-08-27
4.3CVE-2007-4562
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus Application Server Enterprise
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Electronic Form Workflow - Standard Set
Hitachi -- Electronic Form Workflow -Professional Library Set
Hitachi -- Cosminexus Application Server Standard
Hitachi -- uCosminexus Service Platform
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.
unknown
2007-08-27
4.4CVE-2007-4563
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus Application Server Enterprise
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Electronic Form Workflow - Standard Set
Hitachi -- Electronic Form Workflow -Professional Library Set
Hitachi -- Cosminexus Application Server Standard
Hitachi -- uCosminexus Service Platform
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.
unknown
2007-08-27
4.6CVE-2007-4564
OTHER-REF
BID
SECUNIA
XF
IBM -- SurePOS 500 seriesIBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
unknown
2007-08-30
4.6CVE-2007-4598
OTHER-REF
OTHER-REF
OTHER-REF
Implied by Design -- Micro CMSSQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
6.8CVE-2007-4602
MILW0RM
SECUNIA
Ipswitch -- WS_FTPCross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.
unknown
2007-08-27
4.3CVE-2007-4555
FULLDISC
SECUNIA
XF
Mozilla -- Bugzillaemail_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
unknown
2007-08-27
5.0CVE-2007-4538
OTHER-REF
OTHER-REF
BID
SECUNIA
Mozilla -- BugzillaThe WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
unknown
2007-08-27
5.0CVE-2007-4539
OTHER-REF
OTHER-REF
BID
SECUNIA
Mozilla -- BugzillaCross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
unknown
2007-08-27
4.3CVE-2007-4543
OTHER-REF
OTHER-REF
BID
SECUNIA
Novell -- GroupWise WebAccessCross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.
unknown
2007-08-27
4.3CVE-2007-4557
OTHER-REF
Olate -- OlateDownloadMultiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
unknown
2007-08-27
4.3CVE-2007-4541
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
OpenSymphony -- XWorkStruts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
unknown
2007-08-27
6.8CVE-2007-4556
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Polipo -- PolipoPolipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
unknown
2007-08-30
4.3CVE-2007-4625
OTHER-REF
FRSIRT
SECUNIA
XF
Polipo -- PolipoUnspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
unknown
2007-08-30
5.0CVE-2007-4626
OTHER-REF
SECUNIA
Python Software Foundation -- PythonDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
unknown
2007-08-27
6.8CVE-2007-4559
MLIST
MLIST
Red Hat -- Network Satelite ServerUnspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."
unknown
2007-08-30
6.5CVE-2007-4132
REDHAT
BID
Red Hat -- FedoraDirectory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-30
6.8CVE-2007-4134
FEDORA
OTHER-REF
OTHER-REF
Skulltag Team -- SkulltagHeap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet.
unknown
2007-08-27
6.8CVE-2007-4537
OTHER-REF
BID
SECUNIA
Sophos -- Anti-Virus
Sophos -- Scanning Engine
Sophos -- Small Business Suite
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
unknown
2007-08-28
5.0CVE-2007-4577
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
star -- starDirectory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-27
5.0CVE-2007-4558
OTHER-REF
OTHER-REF
Subversion -- Subversion
TortoiseSVN -- TortoiseSVN
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
unknown
2007-08-28
6.0CVE-2007-3846
MLIST
OTHER-REF
OTHER-REF
SECUNIA
SECUNIA
The Seasar Foundation -- escafeWebCross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.
unknown
2007-08-28
4.3CVE-2007-4587
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
The Seasar Foundation -- MayaaCross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.
unknown
2007-08-29
4.3CVE-2007-4595
OTHER-REF
OTHER-REF
SECUNIA
XF
Thomson -- ST 2030 SIP phoneThe Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
unknown
2007-08-27
5.0CVE-2007-4553
FULLDISC
XF
TikiWiki Project -- TikiWikiCross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
unknown
2007-08-27
4.3CVE-2007-4554
BUGTRAQ
BID
Ubuntu -- Ubuntu LinuxA regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 does not properly handle connections to services that use libwrap but do not specify server connection information, which might allow remote attackers to bypass intended access restrictions.
unknown
2007-08-30
5.0CVE-2007-4601
OTHER-REF
OTHER-REF
UBUNTU
University of Minnesota -- MapserverMultiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
unknown
2007-08-27
4.3CVE-2007-4542
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Vavoom -- VavoomFormat string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function.
unknown
2007-08-24
6.8CVE-2007-4533
OTHER-REF
SECUNIA
VMWare -- VMWare Workstationvstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
unknown
2007-08-29
6.9CVE-2007-4591
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
VMWare -- VMWare WorkstationUnspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-29
6.9CVE-2007-4593
SECUNIA
WordPress -- WordPress MUCross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
unknown
2007-08-27
4.3CVE-2007-4544
OTHER-REF
X-Diesel -- Unreal CommanderMultiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive.
unknown
2007-08-27
6.8CVE-2007-4545
BUGTRAQ
BID
X-Diesel -- Unreal CommanderUnreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.
unknown
2007-08-27
5.8CVE-2007-4546
BUGTRAQ
BID
X-Diesel -- Unreal CommanderUnreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users.
unknown
2007-08-27
4.3CVE-2007-4547
BUGTRAQ
BID
XIGLA -- Absolute Poll Manager XECross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-08-30
4.3CVE-2007-4630
BUGTRAQ

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
HP -- Ignite-UX
HP -- DynRootDisk
HP -- HP-UX
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
unknown
2007-08-28
3.3CVE-2007-4590
HP
FRSIRT
SECTRACK
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2532Gigs -- 2532GigsDirectory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2007-08-28
8.5CVE-2007-4585
MILW0RM
BID
FRSIRT
SECUNIA
ACTi -- Network Video RecorderBuffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.
unknown
2007-08-28
7.5CVE-2007-4582
MILW0RM
ACTi -- Network Video RecorderMultiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
unknown
2007-08-28
7.8CVE-2007-4583
MILW0RM
MILW0RM
Agares Media -- ArcademPHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
unknown
2007-08-27
7.5CVE-2007-4551
OTHER-REF
OTHER-REF
BID
SECUNIA
Agares Media -- ArcademSQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.
unknown
2007-08-27
7.5CVE-2007-4552
OTHER-REF
OTHER-REF
BID
SECUNIA
Algera -- ABC eStoreSQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
unknown
2007-08-30
7.5CVE-2007-4627
MILW0RM
BID
XF
Alpha Centauri Software -- SIDVault LDAP ServerMultiple buffer overflows in the login mechanism in sidvault in Alpha Centauri Software SIDVault LDAP Server before 2.0f allow remote attackers to execute arbitrary code via crafted LDAP packets, as demonstrated by a long dc entry in an LDAP bind.
unknown
2007-08-27
9.3CVE-2007-4566
FULLDISC
FRSIRT
SECUNIA
AlterCoder -- ACG NewsMultiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.
unknown
2007-08-30
7.5CVE-2007-4603
MILW0RM
OTHER-REF
BID
XF
Apache Software Foundation -- GeronimoThe login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
unknown
2007-08-27
10.0CVE-2007-4548
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BEA Systems -- WebLogic ServerBEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426.
unknown
2007-08-30
7.5CVE-2007-4614
BEA
BID
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP4 allows remote attackers to cause a denial of service (server thread hang) via unspecified vectors.
unknown
2007-08-30
7.8CVE-2007-4617
BEA
FRSIRT
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote attackers to cause a denial of service (disk consumption) via certain malformed HTTP headers.
unknown
2007-08-30
7.8CVE-2007-4618
BEA
BID
FRSIRT
SECUNIA
BitchX -- BitchXStack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
unknown
2007-08-28
10.0CVE-2007-4584
MILW0RM
SECUNIA
Clam Anti-Virus -- ClamAVclamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
unknown
2007-08-27
10.0CVE-2007-4560
BUGTRAQ
OTHER-REF
BID
Dale Mooney -- Calendar EventsSQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
7.5CVE-2007-4611
BUGTRAQ
BID
XF
DinkumSoft.com -- DL PayCartSQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
unknown
2007-08-30
7.5CVE-2007-4604
MILW0RM
InterWorx -- InterWorx-CPMultiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
unknown
2007-08-28
7.5CVE-2007-4588
BUGTRAQ
BID
InterWorx -- InterWorx-CPMultiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Webmaster Level (SiteWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) siteworx.php, (3) users.php, (4) ftp.php, (5) mysql.php, (6) domains.php, (7) htaccess.php, (8) scriptworx.php, (9) stats.php, (10) backup.php, (11) restore.php, and (12) httpd.php; and unspecified vectors to (13) cron.php and (14) prefs.php.
unknown
2007-08-28
7.5CVE-2007-4589
BUGTRAQ
BID
Microsoft -- MSN Messenger Service
Microsoft -- Windows Live Messenger
Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.
unknown
2007-08-28
9.3CVE-2007-4579
OTHER-REF
FRSIRT
SECUNIA
Motorola -- TimbuktuDirectory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. (dot dot) in a Send request, probably related to the (1) Send and (2) Exchange services.
unknown
2007-08-28
7.8CVE-2007-4220
IDEFENSE
OTHER-REF
BID
SECUNIA
Motorola -- TimbuktuMultiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for Windows allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via (1) a long user name and (2) certain malformed requests; and (3) allow remote Timbuktu servers to have an unknown impact via a malformed HELLO response, related to the Scanner component and possibly related to a malformed computer name.
unknown
2007-08-28
9.3CVE-2007-4221
IDEFENSE
OTHER-REF
BID
SECUNIA
Olate -- OlateDownloadMultiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
unknown
2007-08-27
7.5CVE-2007-4540
BUGTRAQ
OTHER-REF
BID
XF
Oracle -- JInitiatorMultiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier allow remote attackers to execute arbitrary code via unspecified "initialization parameters."
unknown
2007-08-30
9.3CVE-2007-4467
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
PHP -- PHPMultiple buffer overflows in php_iisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iis_getservicestate function, related to the ServiceId argument to the (1) fnStartService, (2) fnGetServiceState, (3) fnStopService, and possibly other functions.
unknown
2007-08-28
7.5CVE-2007-4586
MILW0RM
XF
PHP -- PHPThe perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
unknown
2007-08-30
7.5CVE-2007-4596
MILW0RM
phpns -- phpnsSQL injection vulnerability in shownews.php in phpns 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
7.5CVE-2007-4628
MILW0RM
OTHER-REF
BID
XF
PHPNuke-Clan -- PHPNuke-ClanPHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself.
unknown
2007-08-30
7.5CVE-2007-4606
MILW0RM
Quicksoft -- EasyMail Objects
Gate Comm Software -- Postcast Server Pro
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029.
unknown
2007-08-30
7.5CVE-2007-4607
MILW0RM
BID
RealNetworks -- Helix DNA ServerHeap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers.
unknown
2007-08-27
7.5CVE-2007-4561
FULLDISC
OTHER-REF
BID
SECTRACK
Sophos -- Anti-Virus
Sophos -- Scanning Engine
Sophos -- Small Business Suite
Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UPX packed file, resulting from an "integer cast around". NOTE: as of 20070828, the vendor says this is a DoS and the researcher says this allows code execution, but the researcher is reliable.
unknown
2007-08-28
7.1CVE-2007-4578
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Trustware -- BufferZoneBuffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by sending a small buffer size value to the FsSetVolumeInformation IOCTL handler code with a FsSetDirectoryInformation subcode containing a large buffer.
2007-06-13
2007-08-28
7.2CVE-2007-4580
BUGTRAQ
SECUNIA
XF
Turnkey Web Tools -- SunShop Shopping CartSQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
unknown
2007-08-30
7.5CVE-2007-4597
MILW0RM
University of Minnesota -- MapserverBuffer overflow in the processLine funtion in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
unknown
2007-08-30
7.5CVE-2007-4629
OTHER-REF
OTHER-REF
FRSIRT
VWar -- Virtual WarPHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747.
unknown
2007-08-30
7.5CVE-2007-4605
MILW0RM
WBB2-Addon -- AcrotxtSQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.
unknown
2007-08-28
7.5CVE-2007-4581
MILW0RM
Winterburns.co.uk -- ePersonnelPHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.
unknown
2007-08-30
7.5CVE-2007-4608
BUGTRAQ
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AbleDesign -- Dynamic Picture FrameCross-site scripting (XSS) vulnerability in pframe.php in AbleDesign Dynamic Picture Frame 1.00 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-08-30
4.3CVE-2007-4624
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
ALTools -- ALPassMultiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow user-assisted remote attackers to execute arbitrary code via an ALPass DB (APW) file containing (1) a long file-key or (2) a "Site Information and Folder entry" with a ciphertext_length value much larger than the plaintext_length value.
unknown
2007-08-27
6.8CVE-2007-4549
OTHER-REF
BID
XF
ALTools -- ALPassFormat string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.
unknown
2007-08-27
5.1CVE-2007-4550
OTHER-REF
BID
Asterisk -- AsteriskAsterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.
unknown
2007-08-27
5.0CVE-2007-4521
BUGTRAQ
OTHER-REF
DEBIAN
BID
SECTRACK
SECUNIA
SECUNIA
BEA Systems -- WebLogic ServerSSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold through SP7, and 8.1 Gold through SP5 might allow remote attackers to obtain plaintext from an SSL stream via a man-in-the-middle attack that injects crafted data and measures the elapsed time before an error response, a different vulnerability than CVE-2006-2461.
unknown
2007-08-30
6.8CVE-2007-4613
BEA
BID
BEA Systems -- WebLogic ServerThe SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications.
unknown
2007-08-30
6.4CVE-2007-4615
BEA
FRSIRT
SECTRACK
SECUNIA
BEA Systems -- WebLogic Server
BEA Systems -- WebLogic Express
The SSL server implementation in BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP1, and 10.0 sometimes selects the null cipher when no other cipher is compatible between the server and client, which might allow remote attackers to intercept communications.
unknown
2007-08-30
6.4CVE-2007-4616
BEA
FRSIRT
SECTRACK
SECUNIA
Dale Mooney -- Moon GalleryUnrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.
unknown
2007-08-30
6.8CVE-2007-4610
BUGTRAQ
BID
SECUNIA
XF
Dale Mooney -- Contact FormCRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.
unknown
2007-08-30
4.3CVE-2007-4612
BUGTRAQ
BID
XF
Entrust -- Entelligence Security ProviderEntrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-29
6.4CVE-2007-4594
BID
SECUNIA
Eric Raymond -- Fetchmailfetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
unknown
2007-08-27
5.0CVE-2007-4565
OTHER-REF
eyeOS Project -- eyeOSeyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessing valid parameter values.
unknown
2007-08-30
6.4CVE-2007-4609
BUGTRAQ
GNU -- tarDirectory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-24
6.8CVE-2007-4131
OTHER-REF
REDHAT
BID
guliverkli -- Media Player ClassicBuffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file.
unknown
2007-08-27
6.8CVE-2006-7222
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus DABroker
Hitachi -- DABroker
Unspecified vulnerability in Hitachi DABroker before 03-02-/D and Cosminexus DABroker before 02-04-/C and 03-05-/E allows remote attackers to cause a denial of service (connection prevention) by sending "data unexpectedly through a port."
unknown
2007-08-27
4.3CVE-2007-4562
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus Application Server Enterprise
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Electronic Form Workflow - Standard Set
Hitachi -- Electronic Form Workflow -Professional Library Set
Hitachi -- Cosminexus Application Server Standard
Hitachi -- uCosminexus Service Platform
Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.
unknown
2007-08-27
4.4CVE-2007-4563
OTHER-REF
BID
SECUNIA
XF
Hitachi -- Cosminexus Application Server Enterprise
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- Electronic Form Workflow - Standard Set
Hitachi -- Electronic Form Workflow -Professional Library Set
Hitachi -- Cosminexus Application Server Standard
Hitachi -- uCosminexus Service Platform
Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.
unknown
2007-08-27
4.6CVE-2007-4564
OTHER-REF
BID
SECUNIA
XF
IBM -- SurePOS 500 seriesIBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts.
unknown
2007-08-30
4.6CVE-2007-4598
OTHER-REF
OTHER-REF
OTHER-REF
Implied by Design -- Micro CMSSQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-08-30
6.8CVE-2007-4602
MILW0RM
SECUNIA
Ipswitch -- WS_FTPCross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows remote attackers to inject arbitrary web script or HTML via arguments to a valid command, which is not properly handled when it is displayed by the view log option in the administration interface. NOTE: this can be leveraged to create a new admin account.
unknown
2007-08-27
4.3CVE-2007-4555
FULLDISC
SECUNIA
XF
Mozilla -- Bugzillaemail_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers to execute arbitrary commands via the -f (From address) option to the Email::Send::Sendmail function, probably involving shell metacharacters.
unknown
2007-08-27
5.0CVE-2007-4538
OTHER-REF
OTHER-REF
BID
SECUNIA
Mozilla -- BugzillaThe WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline and (2) Estimated Time fields.
unknown
2007-08-27
5.0CVE-2007-4539
OTHER-REF
OTHER-REF
BID
SECUNIA
Mozilla -- BugzillaCross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."
unknown
2007-08-27
4.3CVE-2007-4543
OTHER-REF
OTHER-REF
BID
SECUNIA
Novell -- GroupWise WebAccessCross-site scripting (XSS) vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for CVE-2004-2103.2.
unknown
2007-08-27
4.3CVE-2007-4557
OTHER-REF
Olate -- OlateDownloadMultiple cross-site scripting (XSS) vulnerabilities in Olate Download (od) 3.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the PHP_SELF variable in modules/core/uim.php and (2) [url] tags in a comment in modules/core/fldm.php.
unknown
2007-08-27
4.3CVE-2007-4541
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
OpenSymphony -- XWorkStruts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
unknown
2007-08-27
6.8CVE-2007-4556
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Polipo -- PolipoPolipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
unknown
2007-08-30
4.3CVE-2007-4625
OTHER-REF
FRSIRT
SECUNIA
XF
Polipo -- PolipoUnspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
unknown
2007-08-30
5.0CVE-2007-4626
OTHER-REF
SECUNIA
Python Software Foundation -- PythonDirectory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
unknown
2007-08-27
6.8CVE-2007-4559
MLIST
MLIST
Red Hat -- Network Satelite ServerUnspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."
unknown
2007-08-30
6.5CVE-2007-4132
REDHAT
BID
Red Hat -- FedoraDirectory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-30
6.8CVE-2007-4134
FEDORA
OTHER-REF
OTHER-REF
Skulltag Team -- SkulltagHeap-based buffer overflow in the Huffman decompression algorithm implemented in Skulltag 0.97d-beta4.1 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet.
unknown
2007-08-27
6.8CVE-2007-4537
OTHER-REF
BID
SECUNIA
Sophos -- Anti-Virus
Sophos -- Scanning Engine
Sophos -- Small Business Suite
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
unknown
2007-08-28
5.0CVE-2007-4577
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
star -- starDirectory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
unknown
2007-08-27
5.0CVE-2007-4558
OTHER-REF
OTHER-REF
Subversion -- Subversion
TortoiseSVN -- TortoiseSVN
Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.
unknown
2007-08-28
6.0CVE-2007-3846
MLIST
OTHER-REF
OTHER-REF
SECUNIA
SECUNIA
The Seasar Foundation -- escafeWebCross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.
unknown
2007-08-28
4.3CVE-2007-4587
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
The Seasar Foundation -- MayaaCross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies an unrecognized charset, which trigger automatic character set recognition by the web browser, as demonstrated by improper handling of UTF-7 data.
unknown
2007-08-29
4.3CVE-2007-4595
OTHER-REF
OTHER-REF
SECUNIA
XF
Thomson -- ST 2030 SIP phoneThe Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via an INVITE message with a Via header that contains a '/' (slash) instead of the required space following the SIP version number.
unknown
2007-08-27
5.0CVE-2007-4553
FULLDISC
XF
TikiWiki Project -- TikiWikiCross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7.
unknown
2007-08-27
4.3CVE-2007-4554
BUGTRAQ
BID
Ubuntu -- Ubuntu LinuxA regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 does not properly handle connections to services that use libwrap but do not specify server connection information, which might allow remote attackers to bypass intended access restrictions.
unknown
2007-08-30
5.0CVE-2007-4601
OTHER-REF
OTHER-REF
UBUNTU
University of Minnesota -- MapserverMultiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
unknown
2007-08-27
4.3CVE-2007-4542
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Vavoom -- VavoomFormat string vulnerability in the Say command in sv_main.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a chat message, related to a call to the BroadcastPrintf function.
unknown
2007-08-24
6.8CVE-2007-4533
OTHER-REF
SECUNIA
VMWare -- VMWare Workstationvstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) and possibly gain privileges by sending a small file buffer size value to the FsSetVolumeInformation IOCTL handler with an FsSetFileInformation subcode.
unknown
2007-08-29
6.9CVE-2007-4591
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
VMWare -- VMWare WorkstationUnspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 allows local users to cause a denial of service (host operating system crash) via unspecified vectors, as demonstrated by the DC2 test suite, possibly a related issue to CVE-2007-4591. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-29
6.9CVE-2007-4593
SECUNIA
WordPress -- WordPress MUCross-site scripting (XSS) vulnerability in wp-newblog.php in WordPress multi-user (MU) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblog_id parameter (Username field).
unknown
2007-08-27
4.3CVE-2007-4544
OTHER-REF
X-Diesel -- Unreal CommanderMultiple directory traversal vulnerabilities in Unreal Commander 0.92 build 565 and 573 allow user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) ZIP or (2) RAR archive.
unknown
2007-08-27
6.8CVE-2007-4545
BUGTRAQ
BID
X-Diesel -- Unreal CommanderUnreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.
unknown
2007-08-27
5.8CVE-2007-4546
BUGTRAQ
BID
X-Diesel -- Unreal CommanderUnreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users.
unknown
2007-08-27
4.3CVE-2007-4547
BUGTRAQ
BID
XIGLA -- Absolute Poll Manager XECross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute Poll Manager XE 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2007-08-30
4.3CVE-2007-4630
BUGTRAQ

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
HP -- Ignite-UX
HP -- DynRootDisk
HP -- HP-UX
The get_system_info command in Ignite-UX C.7.0 through C.7.3, and DynRootDisk (DRD) A.1.0.16.417 through A.2.0.0.592, on HP-UX B.11.11, B.11.23, and B.11.31 does not inform local users of networking changes made by the command, which has unknown impact and attack vectors.
unknown
2007-08-28
3.3CVE-2007-4590
HP
FRSIRT
SECTRACK
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top