U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-253)

Vulnerability Summary for the Week of September 3, 2007

Original release date: September 10, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
212cafe -- 212cafeboardSQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-09-05
7.5CVE-2007-4719
BUGTRAQ
CartKeeper -- CKGold Shopping CartSQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
unknown
2007-09-06
7.5CVE-2007-4736
MILW0RM
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
unknown
2007-08-31
9.3CVE-2007-4634
CISCO
BID
SECTRACK
SECUNIA
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
unknown
2007-09-06
9.0CVE-2007-4746
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.
unknown
2007-09-06
10.0CVE-2007-4747
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- ClarolineDirectory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2007-09-05
7.5CVE-2007-4718
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Doomsday -- DoomsdayMultiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
unknown
2007-08-31
10.0CVE-2007-4642
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Doomsday -- DoomsdayFormat string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
unknown
2007-08-31
7.5CVE-2007-4644
BUGTRAQ
OTHER-REF
BID
SECUNIA
eNetman -- eNetmanPHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-09-05
7.5CVE-2007-4712
MILW0RM
SECUNIA
Firebird Project -- FirebirdUnspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
unknown
2007-09-04
7.5CVE-2007-4664
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
GForge -- GForgeSQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-06
7.5CVE-2007-3913
GNU -- tarBuffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
unknown
2007-09-04
7.5CVE-2007-4476
SUSE
SECUNIA
Hexamail -- Hexamail ServerBuffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
unknown
2007-08-31
10.0CVE-2007-4646
MILW0RM
Hitachi -- JP1_Cm2_Network Node ManagerUnspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-4720
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Intuit -- QuickbooksMultiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-0322
CERT-VN
Intuit -- QuickbooksMultiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-05
9.3CVE-2007-4471
CERT-VN
Microsoft -- MSN Messenger Service
Microsoft -- Windows Live Messenger
Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.
unknown
2007-08-31
9.3CVE-2007-2931
OTHER-REF
BID
FRSIRT
SECUNIA
MicroWorld Technologies -- eScan Anti-Virus
MicroWorld Technologies -- eScan Internet Security
MicroWorld Technologies -- eScan Virus Control
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
unknown
2007-08-31
7.2CVE-2007-4649
FULLDISC
BID
SECUNIA
XF
MIT -- Kerberos 5Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
unknown
2007-09-05
10.0CVE-2007-3999
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
unknown
2007-09-05
8.5CVE-2007-4000
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
unknown
2007-09-06
10.0CVE-2007-4743
OTHER-REF
Next Generation Software -- Virtual DJ (VDJ)Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
9.3CVE-2007-4735
MILW0RM
BID
BID
FRSIRT
SECUNIA
Norman -- Norman Virus ControlThe nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
unknown
2007-08-31
7.2CVE-2007-4648
BUGTRAQ
OTHER-REF
Novell -- Novell clientMultiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, a different vulnerability than CVE-2006-5854.
unknown
2007-08-31
9.3CVE-2007-2954
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
PHD -- Help DeskMultiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-05
7.5CVE-2007-4716
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHPMultiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
unknown
2007-09-04
7.5CVE-2007-3996
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
unknown
2007-09-04
7.5CVE-2007-3997
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPPHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
unknown
2007-09-04
7.5CVE-2007-4652
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPMultiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
unknown
2007-09-04
7.5CVE-2007-4657
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe money_format function in PHP before 5.2.4 permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
unknown
2007-09-04
7.5CVE-2007-4658
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4659
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPUnspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
unknown
2007-09-04
7.5CVE-2007-4660
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
unknown
2007-09-04
7.5CVE-2007-4661
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPBuffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4662
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPDirectory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
unknown
2007-09-04
7.5CVE-2007-4663
OTHER-REF
OTHER-REF
SECUNIA
phpBB -- phpBBSQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
unknown
2007-09-04
7.5CVE-2007-4653
MILW0RM
phpBG -- phpBGMultiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
unknown
2007-08-31
7.5CVE-2007-4636
MILW0RM
SpeedTech -- STPHPLibraryMultiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
unknown
2007-09-06
7.5CVE-2007-4737
MILW0RM
SECUNIA
SpeedTech -- STPHPLibraryMultiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawith! caption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
7.5CVE-2007-4738
SECUNIA
SuSE -- SuSE Linux Enterprise ServerUnspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE Linux Enterprise 10 has unspecified attack vectors and impact, involving the name to uid translation in NFSv4 name lookups.
unknown
2007-09-04
7.5CVE-2007-4135
SUSE
SECUNIA
Telecom Italy -- Alice MessengerThe HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
unknown
2007-09-06
9.3CVE-2007-4740
BUGTRAQ
OTHER-REF
SECTRACK
Weblogicnet -- WeblogicnetMultiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php.
unknown
2007-09-05
7.5CVE-2007-4715
BUGTRAQ
MILW0RM
OTHER-REF
BID
Yahoo -- MessengerBuffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-08-31
9.3CVE-2007-4515
IDEFENSE
OTHER-REF
SECUNIA
Yvora -- YvoraSQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2007-09-05
7.5CVE-2007-4714
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2coolcode -- Our Spacenewswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
unknown
2007-08-31
5.0CVE-2007-4647
MILW0RM
AnyInventory -- AnyInventoryPHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.
unknown
2007-09-06
6.8CVE-2007-4744
MILW0RM
BID
SECUNIA
XF
Apache Software Foundation -- Apache HTTP Server
Jasio.net -- Ragnarok Online Control Panel
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
unknown
2007-09-05
6.8CVE-2007-4723
BUGTRAQ
Apache Software Foundation -- TomcatCross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
unknown
2007-09-05
4.3CVE-2007-4724
BUGTRAQ
Apple -- iTunesBuffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a music file with crafted album cover art.
unknown
2007-09-06
6.8CVE-2007-3752
OTHER-REF
SECUNIA
SECUNIA
Aztech -- DSL 600EU routerThe Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
unknown
2007-09-06
4.3CVE-2007-4733
BUGTRAQ
SECTRACK
Bharat Mediratta -- GalleryMultiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
unknown
2007-09-04
6.4CVE-2007-4650
OTHER-REF
Blizzard Entertainment -- Starcraft Brood WarBlizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
unknown
2007-08-31
4.3CVE-2007-4638
BUGTRAQ
BID
Broderbund -- Expressit 3DGreetings PlayerMultiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-06
6.8CVE-2007-4472
CERT-VN
SECUNIA
CGI-RESCUE -- Shopping Basket ProfessionalMultiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
unknown
2007-09-04
5.0CVE-2007-4655
OTHER-REF
SECUNIA
Cisco -- Cisco IOSCisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
unknown
2007-08-31
4.3CVE-2007-4632
CISCO
BID
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
unknown
2007-08-31
6.4CVE-2007-4633
CISCO
BID
SECTRACK
SECUNIA
Cisco -- WebNS
TeamF1 -- SSHield
OpenBSD -- OpenSSH
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
unknown
2007-09-04
5.0CVE-2007-4654
BUGTRAQ
Claroline -- ClarolineClaroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
unknown
2007-09-06
4.3CVE-2007-4742
OTHER-REF
OTHER-REF
Debian -- repreproreprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
unknown
2007-09-06
5.0CVE-2007-4739
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Doomsday -- DoomsdayInteger underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c.
unknown
2007-08-31
5.0CVE-2007-4643
BUGTRAQ
OTHER-REF
BID
SECUNIA
EnterpriseDB -- EnterpriseDB Advanced ServerEnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
unknown
2007-08-31
6.5CVE-2007-4639
BUGTRAQ
BID
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
unknown
2007-09-04
5.0CVE-2007-4665
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
unknown
2007-09-04
5.0CVE-2007-4666
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
unknown
2007-09-04
5.0CVE-2007-4667
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
unknown
2007-09-04
5.0CVE-2007-4668
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
Firebird Project -- FirebirdThe Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
unknown
2007-09-04
4.0CVE-2007-4669
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Igor Pavlov -- 7-ZipStack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
unknown
2007-09-05
6.8CVE-2007-4725
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- AkoBook
Mambo -- Mambo Site Server
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
unknown
2007-09-06
4.3CVE-2007-4745
OTHER-REF
SECUNIA
Move Networks Inc -- Qunatum Streaming PlayerMultiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-05
6.8CVE-2007-4722
SECUNIA
NMDeluxe -- NMDeluxeSQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108.
unknown
2007-08-31
6.4CVE-2007-4645
MILW0RM
Ots Labs -- OTSTurntablesBuffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
4.3CVE-2007-4734
MILW0RM
BID
SECUNIA
Pakupaku -- Pakupaku CMSUnrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
unknown
2007-08-31
6.4CVE-2007-4640
MILW0RM
SECUNIA
Pakupaku -- Pakupaku CMSDirectory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
unknown
2007-08-31
6.4CVE-2007-4641
MILW0RM
SECUNIA
PHP -- PHPThe wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
unknown
2007-09-04
5.0CVE-2007-3998
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPUnspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
unknown
2007-09-04
5.0CVE-2007-4670
OTHER-REF
OTHER-REF
PPStream -- PPStreamBuffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
unknown
2007-09-06
6.8CVE-2007-4748
MILW0RM
BID
XF
QGit -- QGitThe DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbtirary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
unknown
2007-08-31
4.6CVE-2007-4631
OTHER-REF
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
Red Hat Enterprise Linux (RHEL) 5 creates the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 rpm with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
unknown
2007-09-04
5.0CVE-2007-3849
OTHER-REF
REDHAT
ROI Revolution -- UrchinMultiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
unknown
2007-09-05
4.3CVE-2007-4713
OTHER-REF
Sun -- SolarisUnspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
unknown
2007-09-06
4.9CVE-2007-4732
SUNALERT
FRSIRT
SECTRACK
SECUNIA
WebOddity -- WebOddityDirectory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2007-09-05
5.0CVE-2007-4726
MILW0RM
BID
Wireshark -- WiresharkInteger signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet.
unknown
2007-09-05
5.0CVE-2007-4721
BUGTRAQ
MILW0RM
OTHER-REF
SECTRACK
XF
www.toms-seiten.at -- Toms GaestebuchMultiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.
unknown
2007-09-05
4.3CVE-2007-4711
BUGTRAQ
BID
SECUNIA
xGB -- xGBxGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
unknown
2007-08-31
6.4CVE-2007-4637
MILW0RM
Yahoo -- MessengerYahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-31
5.0CVE-2007-4635
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Backup Manager -- Backup Managerbackup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
unknown
2007-09-04
2.1CVE-2007-4656
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Claroline -- ClarolineMultiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
unknown
2007-09-05
3.5CVE-2007-4717
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Claroline -- ClarolineCross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
3.5CVE-2007-4741
OTHER-REF
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
212cafe -- 212cafeboardSQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-09-05
7.5CVE-2007-4719
BUGTRAQ
CartKeeper -- CKGold Shopping CartSQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
unknown
2007-09-06
7.5CVE-2007-4736
MILW0RM
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
unknown
2007-08-31
9.3CVE-2007-4634
CISCO
BID
SECTRACK
SECUNIA
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
unknown
2007-09-06
9.0CVE-2007-4746
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Video Surveillance SP_ISP Decoder Software
Cisco -- Video Surveillance IP Gateway Encoder_Decoder
Cisco -- Video Surveillance SP_ISP
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.
unknown
2007-09-06
10.0CVE-2007-4747
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- ClarolineDirectory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.
unknown
2007-09-05
7.5CVE-2007-4718
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Doomsday -- DoomsdayMultiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
unknown
2007-08-31
10.0CVE-2007-4642
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Doomsday -- DoomsdayFormat string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
unknown
2007-08-31
7.5CVE-2007-4644
BUGTRAQ
OTHER-REF
BID
SECUNIA
eNetman -- eNetmanPHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2007-09-05
7.5CVE-2007-4712
MILW0RM
SECUNIA
Firebird Project -- FirebirdUnspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
unknown
2007-09-04
7.5CVE-2007-4664
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
GForge -- GForgeSQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-06
7.5CVE-2007-3913
GNU -- tarBuffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
unknown
2007-09-04
7.5CVE-2007-4476
SUSE
SECUNIA
Hexamail -- Hexamail ServerBuffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
unknown
2007-08-31
10.0CVE-2007-4646
MILW0RM
Hitachi -- JP1_Cm2_Network Node ManagerUnspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-4720
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Intuit -- QuickbooksMultiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-05
9.3CVE-2007-0322
CERT-VN
Intuit -- QuickbooksMultiple unspecified vulnerabilities in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to create or overwrite arbitrary files via unspecified arguments to the (1) httpGETToFile, (2) httpPOSTFromFile, and possibly other methods, probably involving path traversal vulnerabilities in exposed dangerous methods. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-05
9.3CVE-2007-4471
CERT-VN
Microsoft -- MSN Messenger Service
Microsoft -- Windows Live Messenger
Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live Messenger before 8.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam sessions.
unknown
2007-08-31
9.3CVE-2007-2931
OTHER-REF
BID
FRSIRT
SECUNIA
MicroWorld Technologies -- eScan Anti-Virus
MicroWorld Technologies -- eScan Internet Security
MicroWorld Technologies -- eScan Virus Control
MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and Internet Security 9.0.722.1 use weak permissions (Everyone:Full Control) for their installation directory trees, which allows local users to gain privileges by replacing application files, as demonstrated by traysser.exe.
unknown
2007-08-31
7.2CVE-2007-4649
FULLDISC
BID
SECUNIA
XF
MIT -- Kerberos 5Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.
unknown
2007-09-05
10.0CVE-2007-3999
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.
unknown
2007-09-05
8.5CVE-2007-4000
OTHER-REF
OTHER-REF
REDHAT
MIT -- Kerberos 5The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
unknown
2007-09-06
10.0CVE-2007-4743
OTHER-REF
Next Generation Software -- Virtual DJ (VDJ)Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
9.3CVE-2007-4735
MILW0RM
BID
BID
FRSIRT
SECUNIA
Norman -- Norman Virus ControlThe nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
unknown
2007-08-31
7.2CVE-2007-4648
BUGTRAQ
OTHER-REF
Novell -- Novell clientMultiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, a different vulnerability than CVE-2006-5854.
unknown
2007-08-31
9.3CVE-2007-2954
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
PHD -- Help DeskMultiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-09-05
7.5CVE-2007-4716
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
PHP -- PHPMultiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
unknown
2007-09-04
7.5CVE-2007-3996
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
unknown
2007-09-04
7.5CVE-2007-3997
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPPHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
unknown
2007-09-04
7.5CVE-2007-4652
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPMultiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
unknown
2007-09-04
7.5CVE-2007-4657
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe money_format function in PHP before 5.2.4 permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
unknown
2007-09-04
7.5CVE-2007-4658
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4659
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPUnspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
unknown
2007-09-04
7.5CVE-2007-4660
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPThe chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
unknown
2007-09-04
7.5CVE-2007-4661
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPBuffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
unknown
2007-09-04
7.5CVE-2007-4662
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPDirectory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
unknown
2007-09-04
7.5CVE-2007-4663
OTHER-REF
OTHER-REF
SECUNIA
phpBB -- phpBBSQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
unknown
2007-09-04
7.5CVE-2007-4653
MILW0RM
phpBG -- phpBGMultiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to (1) intern/admin/other/backup.php, (2) intern/admin/, (3) intern/clan/member_add.php, (4) intern/config/key_2.php, or (5) intern/config/forum.php.
unknown
2007-08-31
7.5CVE-2007-4636
MILW0RM
SpeedTech -- STPHPLibraryMultiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
unknown
2007-09-06
7.5CVE-2007-4737
MILW0RM
SECUNIA
SpeedTech -- STPHPLibraryMultiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawith! caption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
7.5CVE-2007-4738
SECUNIA
SuSE -- SuSE Linux Enterprise ServerUnspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE Linux Enterprise 10 has unspecified attack vectors and impact, involving the name to uid translation in NFSv4 name lookups.
unknown
2007-09-04
7.5CVE-2007-4135
SUSE
SECUNIA
Telecom Italy -- Alice MessengerThe HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
unknown
2007-09-06
9.3CVE-2007-4740
BUGTRAQ
OTHER-REF
SECTRACK
Weblogicnet -- WeblogicnetMultiple PHP remote file inclusion vulnerabilities in Weblogicnet allow remote attackers to execute arbitrary PHP code via a URL in the files_dir parameter in (1) es_desp.php, (2) es_custom_menu.php, and (3) es_offer.php.
unknown
2007-09-05
7.5CVE-2007-4715
BUGTRAQ
MILW0RM
OTHER-REF
BID
Yahoo -- MessengerBuffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-08-31
9.3CVE-2007-4515
IDEFENSE
OTHER-REF
SECUNIA
Yvora -- YvoraSQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2007-09-05
7.5CVE-2007-4714
MILW0RM
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2coolcode -- Our Spacenewswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi.
unknown
2007-08-31
5.0CVE-2007-4647
MILW0RM
AnyInventory -- AnyInventoryPHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.
unknown
2007-09-06
6.8CVE-2007-4744
MILW0RM
BID
SECUNIA
XF
Apache Software Foundation -- Apache HTTP Server
Jasio.net -- Ragnarok Online Control Panel
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
unknown
2007-09-05
6.8CVE-2007-4723
BUGTRAQ
Apache Software Foundation -- TomcatCross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
unknown
2007-09-05
4.3CVE-2007-4724
BUGTRAQ
Apple -- iTunesBuffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a music file with crafted album cover art.
unknown
2007-09-06
6.8CVE-2007-3752
OTHER-REF
SECUNIA
SECUNIA
Aztech -- DSL 600EU routerThe Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
unknown
2007-09-06
4.3CVE-2007-4733
BUGTRAQ
SECTRACK
Bharat Mediratta -- GalleryMultiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
unknown
2007-09-04
6.4CVE-2007-4650
OTHER-REF
Blizzard Entertainment -- Starcraft Brood WarBlizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed map, which triggers an out-of-bounds read during a minimap preview.
unknown
2007-08-31
4.3CVE-2007-4638
BUGTRAQ
BID
Broderbund -- Expressit 3DGreetings PlayerMultiple buffer overflows in the Broderbund Expressit 3DGreetings Player ActiveX control could allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-06
6.8CVE-2007-4472
CERT-VN
SECUNIA
CGI-RESCUE -- Shopping Basket ProfessionalMultiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
unknown
2007-09-04
5.0CVE-2007-4655
OTHER-REF
SECUNIA
Cisco -- Cisco IOSCisco IOS 12.2E, 12.2F, and 12.2S places a "no login" line into the VTY configuration when an administrator makes certain changes to a (1) VTY/AUX or (2) CONSOLE setting on a device without AAA enabled, which allows remote attackers to bypass authentication and obtain a terminal session, a different vulnerability than CVE-1999-0293 and CVE-2005-2105.
unknown
2007-08-31
4.3CVE-2007-4632
CISCO
BID
Cisco -- Call Manager
Cisco -- Unified Communications Manager
Multiple cross-site scripting (XSS) vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to inject arbitrary web script or HTML via the lang variable to the (1) user or (2) admin logon page, aka CSCsi10728.
unknown
2007-08-31
6.4CVE-2007-4633
CISCO
BID
SECTRACK
SECUNIA
Cisco -- WebNS
TeamF1 -- SSHield
OpenBSD -- OpenSSH
Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
unknown
2007-09-04
5.0CVE-2007-4654
BUGTRAQ
Claroline -- ClarolineClaroline before 1.8.6 allows remote authenticated administrators to obtain sensitive information via an invalid value in the sort parameter to admin/adminusers.php, which reveals the path in an error message in some circumstances, as demonstrated by a parameter value containing an XSS sequence.
unknown
2007-09-06
4.3CVE-2007-4742
OTHER-REF
OTHER-REF
Debian -- repreproreprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
unknown
2007-09-06
5.0CVE-2007-4739
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Doomsday -- DoomsdayInteger underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a PKT_CHAT packet with a data length less than 3, which triggers an erroneous malloc, possibly related to the Sv_HandlePacket function in sv_main.c.
unknown
2007-08-31
5.0CVE-2007-4643
BUGTRAQ
OTHER-REF
BID
SECUNIA
EnterpriseDB -- EnterpriseDB Advanced ServerEnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbg_create_listener, which allows remote authenticated users to cause a denial of service (daemon crash) and possibly execute arbitrary code via a SELECT statement that invokes a pldbg_ function, as demonstrated by (1) pldbg_get_stack and (2) pldbg_abort_target, which triggers use of an uninitialized pointer.
unknown
2007-08-31
6.5CVE-2007-4639
BUGTRAQ
BID
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
unknown
2007-09-04
5.0CVE-2007-4665
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
unknown
2007-09-04
5.0CVE-2007-4666
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
unknown
2007-09-04
5.0CVE-2007-4667
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Firebird Project -- FirebirdUnspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
unknown
2007-09-04
5.0CVE-2007-4668
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
Firebird Project -- FirebirdThe Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
unknown
2007-09-04
4.0CVE-2007-4669
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
Igor Pavlov -- 7-ZipStack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before 4.42.00.04, as derived from Igor Pavlov 7-Zip before 4.53 beta, allows user-assisted remote attackers to execute arbitrary code via a long filename in an archive, leading to a heap-based buffer overflow.
unknown
2007-09-05
6.8CVE-2007-4725
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- AkoBook
Mambo -- Mambo Site Server
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
unknown
2007-09-06
4.3CVE-2007-4745
OTHER-REF
SECUNIA
Move Networks Inc -- Qunatum Streaming PlayerMultiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-05
6.8CVE-2007-4722
SECUNIA
NMDeluxe -- NMDeluxeSQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108.
unknown
2007-08-31
6.4CVE-2007-4645
MILW0RM
Ots Labs -- OTSTurntablesBuffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
unknown
2007-09-06
4.3CVE-2007-4734
MILW0RM
BID
SECUNIA
Pakupaku -- Pakupaku CMSUnrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action.
unknown
2007-08-31
6.4CVE-2007-4640
MILW0RM
SECUNIA
Pakupaku -- Pakupaku CMSDirectory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
unknown
2007-08-31
6.4CVE-2007-4641
MILW0RM
SECUNIA
PHP -- PHPThe wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
unknown
2007-09-04
5.0CVE-2007-3998
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
PHP -- PHPUnspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
unknown
2007-09-04
5.0CVE-2007-4670
OTHER-REF
OTHER-REF
PPStream -- PPStreamBuffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
unknown
2007-09-06
6.8CVE-2007-4748
MILW0RM
BID
XF
QGit -- QGitThe DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbtirary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
unknown
2007-08-31
4.6CVE-2007-4631
OTHER-REF
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
Red Hat Enterprise Linux (RHEL) 5 creates the Advanced Intrusion Detection Environment (AIDE) before 0.13.1 rpm with a database that lacks checksum information, which allows context-dependent attackers to bypass file integrity checks and modify certain files.
unknown
2007-09-04
5.0CVE-2007-3849
OTHER-REF
REDHAT
ROI Revolution -- UrchinMultiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.
unknown
2007-09-05
4.3CVE-2007-4713
OTHER-REF
Sun -- SolarisUnspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
unknown
2007-09-06
4.9CVE-2007-4732
SUNALERT
FRSIRT
SECTRACK
SECUNIA
WebOddity -- WebOddityDirectory traversal vulnerability in Web Oddity 0.09b allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2007-09-05
5.0CVE-2007-4726
MILW0RM
BID
Wireshark -- WiresharkInteger signedness error in the DNP3 dissector in Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain DNP3 packet.
unknown
2007-09-05
5.0CVE-2007-4721
BUGTRAQ
MILW0RM
OTHER-REF
SECTRACK
XF
www.toms-seiten.at -- Toms GaestebuchMultiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706.
unknown
2007-09-05
4.3CVE-2007-4711
BUGTRAQ
BID
SECUNIA
xGB -- xGBxGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote attackers to make unspecified changes via an unknown series of steps.
unknown
2007-08-31
6.4CVE-2007-4637
MILW0RM
Yahoo -- MessengerYahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to cause a denial of service (application crash) via certain file-transfer packets, possibly involving a buffer overflow, as demonstrated by ym8bug.exe. NOTE: this might be related to CVE-2007-4515. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-08-31
5.0CVE-2007-4635
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Backup Manager -- Backup Managerbackup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
unknown
2007-09-04
2.1CVE-2007-4656
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Claroline -- ClarolineMultiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
unknown
2007-09-05
3.5CVE-2007-4717
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Claroline -- ClarolineCross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-06
3.5CVE-2007-4741
OTHER-REF
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top