U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-260)

Vulnerability Summary for the Week of September 10, 2007

Original release date: September 17, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
auraCMS -- AuraCMSMultiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
unknown
2007-09-11
7.5CVE-2007-4804
MILW0RM
BaoFeng -- StormMultiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
unknown
2007-09-11
7.5CVE-2007-4816
MILW0RM
OTHER-REF
BID
Cisco -- Content Switching Modules
Cisco -- Cisco Content Switching Module with SSL
Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478.
unknown
2007-09-10
7.8CVE-2007-4788
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Content Switching Modules
Cisco -- Cisco Content Switching Module with SSL
Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876.
unknown
2007-09-10
7.8CVE-2007-4789
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
COR Entertainment -- Alien Arena 2007Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.
unknown
2007-09-07
7.5CVE-2007-4754
BUGTRAQ
OTHER-REF
BID
XF
Debian -- debian-goodiescheckrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
unknown
2007-09-10
7.2CVE-2007-3912
OTHER-REF
BID
SECUNIA
Detodas -- Restaurante component for JoomlaUnrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.
unknown
2007-09-11
7.5CVE-2007-4817
MILW0RM
E-Smart Cart -- E-Smart CartMultiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.
unknown
2007-09-08
7.5CVE-2007-4762
OTHER-REF
BID
EDraw -- Office Viewer ComponentBuffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
unknown
2007-09-11
7.5CVE-2007-4821
MILW0RM
BID
Enriva Development -- Magellan ExplorerDirectory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-12
9.3CVE-2007-4842
BUGTRAQ
OTHER-REF
SECUNIA
ER Mapper -- Image Web Server ECW JPEG 2000 plug-inMultiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-10
9.3CVE-2007-4470
CERT-VN
FRSIRT
SECUNIA
Focus_SIS -- Focus_SISPHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
unknown
2007-09-11
7.5CVE-2007-4806
MILW0RM
BID
Focus_SIS -- Focus_SISMultiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
unknown
2007-09-11
7.5CVE-2007-4807
MILW0RM
BID
fuzzylime -- fuzzylimeDirectory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter.
unknown
2007-09-11
7.5CVE-2007-4805
MILW0RM
VIM
BID
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Service Platform
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
unknown
2007-09-08
10.0CVE-2007-4758
OTHER-REF
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
unknown
2007-09-10
7.2CVE-2007-4791
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4792
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4793
OTHER-REF
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.
unknown
2007-09-10
7.2CVE-2007-4794
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
unknown
2007-09-10
7.2CVE-2007-4795
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4796
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXMultiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4797
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803.
unknown
2007-09-12
7.5CVE-2007-4839
OTHER-REF
Immersion Games -- CellFactor RevolutionFormat string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname.
unknown
2007-09-12
7.5CVE-2007-4832
OTHER-REF
SECUNIA
Immersion Games -- CellFactor RevolutionMultiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet.
unknown
2007-09-12
7.5CVE-2007-4838
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- JoomlaSQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-????.
unknown
2007-09-10
7.5CVE-2007-4777
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- JoomlaMultiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-????.
unknown
2007-09-10
7.5CVE-2007-4778
OTHER-REF
OTHER-REF
BID
XF
lighttpd -- lighttpdBuffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
unknown
2007-09-12
7.5CVE-2007-4727
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Markus Iser -- ED EngineMultiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
unknown
2007-09-11
7.5CVE-2007-4815
MILW0RM
Matteo -- Barbo91Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-08
7.5CVE-2007-4761
BID
Microsoft -- windowsStack-based buffer overflow in the Agent.Control function in Microsoft Agent ActiveX control (agentdpv.dll) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL, a different issue than CVE-2007-1205.
unknown
2007-09-11
9.3CVE-2007-3040
BUGTRAQ
MS
FRSIRT
SECUNIA
Microsoft -- Visual BasicBuffer overflow in Microsoft Visual Basic 6.0 allows user-assisted remote attackers to execute arbitrary code via a crafted Visual Basic project (vbp) file, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
unknown
2007-09-10
9.3CVE-2007-4776
MILW0RM
Microsoft -- Visual Fox ProStack-based buffer overflow in a certain ActiveX control in FPOLE.OCX 6.0.8450.0 in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.
unknown
2007-09-10
7.5CVE-2007-4790
MILW0RM
BID
Microsoft -- SQL ServerBuffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
unknown
2007-09-11
7.5CVE-2007-4814
BUGTRAQ
MILW0RM
OTHER-REF
BID
Mozilla -- FirefoxMozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-12
9.3CVE-2007-4841
OTHER-REF
BID
Netjuke -- NetjukeMultiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.
unknown
2007-09-11
7.5CVE-2007-4810
BUGTRAQ
BID
Online Fantasy Football League -- OFFLMultiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.
unknown
2007-09-11
7.5CVE-2007-4809
MILW0RM
BID
OpenSSH -- OpenSSHssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
unknown
2007-09-11
7.5CVE-2007-4752
OTHER-REF
OTHER-REF
PHP -- PHPDirectory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
unknown
2007-09-11
7.5CVE-2007-4825
BUGTRAQ
BUGTRAQ
BUGTRAQ
phpMyQuote -- phpMyQuoteSQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
unknown
2007-09-12
7.5CVE-2007-4835
BUGTRAQ
phpMytourney -- phpMytourneyPHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.
unknown
2007-09-08
7.5CVE-2007-4757
MILW0RM
BID
phpRealty -- phpRealtyMultiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.
unknown
2007-09-12
7.5CVE-2007-4834
MILW0RM
Proxy Anket -- Proxy AnketSQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-09-12
7.5CVE-2007-4837
BUGTRAQ
psi-labs -- Social Networking Script psisnsSQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.
unknown
2007-09-13
7.5CVE-2007-4881
BUGTRAQ
BID
SECUNIA
rwscripts.com -- rw_download liteMultiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter.
unknown
2007-09-12
7.5CVE-2007-4845
MILW0RM
Sisfo Kampus -- Sisfo KampusAbsolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
unknown
2007-09-11
7.5CVE-2007-4820
MILW0RM
BID
Tim Jackson -- PHPOFPHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHPOF 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
unknown
2007-09-08
7.5CVE-2007-4763
MILW0RM
BID
TLM CMS -- TLM CMSMultiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php.
unknown
2007-09-11
7.5CVE-2007-4808
MILW0RM
BID
Trend Micro -- ServerProtectStack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
unknown
2007-09-11
10.0CVE-2007-4731
BUGTRAQ
OTHER-REF
SECTRACK
XF
Txx CMS -- Txx CMSMultiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.
unknown
2007-09-11
7.5CVE-2007-4818
BUGTRAQ
MILW0RM
BID
webace -- webace-linkscriptSQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.
unknown
2007-09-12
7.5CVE-2007-4846
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Connect Enterprise ServerUnspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
unknown
2007-09-11
5.0CVE-2007-4651
OTHER-REF
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
unknown
2007-09-13
4.3CVE-2007-4465
BUGTRAQ
SREASONRES
OTHER-REF
BID
SREASON
Apple -- SafariBuffer overflow in Apple Safari 3.0.3 522.15.5 allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
unknown
2007-09-11
5.0CVE-2007-4812
BUGTRAQ
Atomix Productions -- AtomixMP3Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487.
unknown
2007-09-11
6.8CVE-2007-4803
MILW0RM
BID
auraCMS -- AuraCMSIncomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
unknown
2007-09-13
6.8CVE-2007-4886
MILW0RM
OTHER-REF
Autodesk -- AutodeskThe cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
unknown
2007-09-13
6.8CVE-2007-4749
BUGTRAQ
OTHER-REF
BID
XF
Avnex -- AV MP3 PlayerAvnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
unknown
2007-09-13
4.3CVE-2007-4885
FULLDISC
buffalotech -- AirStation WHR-G54SCross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.
unknown
2007-09-11
4.3CVE-2007-4822
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
Callisto -- PhotoParade PlayerBuffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property.
unknown
2007-09-13
6.8CVE-2007-1688
CERT-VN
BID
Cisco -- Adaptive Security ApplianceCisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
unknown
2007-09-10
4.3CVE-2007-4786
OTHER-REF
OTHER-REF
CERT-VN
BID
SECUNIA
COR Entertainment -- Alien Arena 2007Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries.
unknown
2007-09-07
5.0CVE-2007-4755
BUGTRAQ
OTHER-REF
BID
XF
Deutsche Post -- Stampit WebStampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed.
unknown
2007-09-12
5.0CVE-2007-3871
FULLDISC
OTHER-REF
OTHER-REF
XF
DirectAdmin -- DirectAdminCross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-09-12
4.3CVE-2007-4830
OTHER-REF
Domino Blogsphere -- Domino BlogsphereCross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-11
4.3CVE-2007-4813
BID
Ghisler -- Total CommanderDirectory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-07
6.8CVE-2007-4756
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Google -- PicasaMultiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-11
5.0CVE-2007-4823
OTHER-REF
Google -- PicasaMultiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-11
4.3CVE-2007-4824
OTHER-REF
Google -- PicasaGoogle Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-12
5.0CVE-2007-4847
OTHER-REF
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Service Platform
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
unknown
2007-09-08
5.0CVE-2007-4759
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Developer Standard
Hitachi -- uCosminexus Service Platform
The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503.
unknown
2007-09-08
4.3CVE-2007-4760
OTHER-REF
BID
FRSIRT
SECUNIA
XF
IBM -- AIXUnspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".
unknown
2007-09-10
6.6CVE-2007-4798
OTHER-REF
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXThe perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
unknown
2007-09-10
4.9CVE-2007-4799
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789.
unknown
2007-09-12
5.0CVE-2007-4833
OTHER-REF
FRSIRT
SECUNIA
ISC -- BINDThe (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
unknown
2007-09-11
4.3CVE-2007-2930
OTHER-REF
OTHER-REF
CERT-VN
CIAC
Joomla -- JoomlaCross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
unknown
2007-09-10
4.3CVE-2007-4779
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- JoomlaJoomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
unknown
2007-09-10
6.8CVE-2007-4780
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- Joomlaadministrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
unknown
2007-09-10
6.6CVE-2007-4781
MILW0RM
BID
XF
Media Player Classic -- Media Player ClassicMedia Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
unknown
2007-09-13
4.3CVE-2007-4884
FULLDISC
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-12
4.3CVE-2007-4828
MLIST
SECUNIA
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.
unknown
2007-09-13
4.3CVE-2007-4883
MLIST
Microsoft -- Windows Services for UNIX
Microsoft -- windows-nt
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
unknown
2007-09-11
4.4CVE-2007-3036
MS
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
unknown
2007-09-12
4.3CVE-2007-4848
OTHER-REF
Microsoft -- Visual StudioAbsolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
unknown
2007-09-13
5.8CVE-2007-4890
MILW0RM
BID
Microsoft -- Visual StudioA certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
unknown
2007-09-13
6.8CVE-2007-4891
MILW0RM
BID
Mozilla -- FirefoxMozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
unknown
2007-09-13
5.0CVE-2007-4879
OTHER-REF
OTHER-REF
Netjuke -- NetjukeMultiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.
unknown
2007-09-11
4.3CVE-2007-4811
BUGTRAQ
BID
One Laptop Per Child -- OLPC LinuxJFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.
unknown
2007-09-12
4.4CVE-2007-4849
MLIST
OTHER-REF
OTHER-REF
ourgame.com -- GlobalLinkMultiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll.
unknown
2007-09-11
6.8CVE-2007-4802
MILW0RM
MILW0RM
BID
BID
XF
XF
pawfaliki -- pawfalikiDirectory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-08
5.0CVE-2007-4764
BID
SECUNIA
XF
PHP -- PHPPHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4782
BUGTRAQ
BUGTRAQ
BUGTRAQ
PHP -- PHPThe iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4783
BUGTRAQ
PHP -- PHPThe setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4784
BUGTRAQ
PHP -- PHPPHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-12
5.0CVE-2007-4840
BUGTRAQ
PHP -- PHPThe dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
unknown
2007-09-13
4.3CVE-2007-4887
BUGTRAQ
BUGTRAQ
PHP -- PHP
PHP -- MySQL extension
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
unknown
2007-09-13
6.8CVE-2007-4889
BUGTRAQ
phpMyQuote -- phpMyQuoteCross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action.
unknown
2007-09-12
4.3CVE-2007-4836
BUGTRAQ
Quagga -- Quagga Routing Software Suitebgpd in Quagga before 0.99.9 allows remote BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) COMMUNITY attribute.
unknown
2007-09-12
4.3CVE-2007-4826
OTHER-REF
BID
SECUNIA
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
unknown
2007-09-13
6.9CVE-2007-3740
OTHER-REF
REDHAT
SECUNIA
Samba -- SambaThe Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
unknown
2007-09-13
6.9CVE-2007-4138
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Sony -- Micro Vault Fingerprint Access SoftwareSony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
unknown
2007-09-10
6.8CVE-2007-4785
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Sophos -- Anti-VirusCross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file with a crafted filename and whose content matches a virus signature, which is not properly handled by the print function in SavMain.exe.
unknown
2007-09-10
4.3CVE-2007-4512
BUGTRAQ
OTHER-REF
BID
Sophos -- Scanning Engine
Sophos -- Sophos Anti-Virus
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
unknown
2007-09-10
5.0CVE-2007-4787
OTHER-REF
BID
TechExcel Inc. -- CustomerWiseMultiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-13
4.3CVE-2007-4882
OTHER-REF
OTHER-REF
BID
Thomson -- ST 2030 SIP phoneThe Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.
unknown
2007-09-07
5.0CVE-2007-4753
FULLDISC
FULLDISC
SECTRACK
SECTRACK
SECUNIA
XF
Txx CMS -- Txx CMSMultiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-11
4.3CVE-2007-4819
BUGTRAQ
MILW0RM
X-Diesel -- Unreal CommanderDirectory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-12
5.8CVE-2007-4843
BUGTRAQ
OTHER-REF
BID
X-Diesel -- Unreal CommanderX-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting.
unknown
2007-09-12
4.3CVE-2007-4844
BUGTRAQ
OTHER-REF
BID
X.Org -- xorg-serverBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
unknown
2007-09-11
4.6CVE-2007-4730
MLIST
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
XWiki -- XWikiPreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
unknown
2007-09-13
6.5CVE-2006-7223
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
unknown
2007-09-13
1.9CVE-2007-3739
MLIST
OTHER-REF
REDHAT
SECUNIA
TorrentTrader -- TorrentTraderMultiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
unknown
2007-09-12
2.6CVE-2007-4831
OTHER-REF
SECUNIA
XWiki -- XWikiThe "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
unknown
2007-09-13
3.5CVE-2007-4888
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
auraCMS -- AuraCMSMultiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
unknown
2007-09-11
7.5CVE-2007-4804
MILW0RM
BaoFeng -- StormMultiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
unknown
2007-09-11
7.5CVE-2007-4816
MILW0RM
OTHER-REF
BID
Cisco -- Content Switching Modules
Cisco -- Cisco Content Switching Module with SSL
Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478.
unknown
2007-09-10
7.8CVE-2007-4788
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Cisco -- Content Switching Modules
Cisco -- Cisco Content Switching Module with SSL
Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876.
unknown
2007-09-10
7.8CVE-2007-4789
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
COR Entertainment -- Alien Arena 2007Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.
unknown
2007-09-07
7.5CVE-2007-4754
BUGTRAQ
OTHER-REF
BID
XF
Debian -- debian-goodiescheckrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
unknown
2007-09-10
7.2CVE-2007-3912
OTHER-REF
BID
SECUNIA
Detodas -- Restaurante component for JoomlaUnrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.
unknown
2007-09-11
7.5CVE-2007-4817
MILW0RM
E-Smart Cart -- E-Smart CartMultiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.
unknown
2007-09-08
7.5CVE-2007-4762
OTHER-REF
BID
EDraw -- Office Viewer ComponentBuffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
unknown
2007-09-11
7.5CVE-2007-4821
MILW0RM
BID
Enriva Development -- Magellan ExplorerDirectory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-12
9.3CVE-2007-4842
BUGTRAQ
OTHER-REF
SECUNIA
ER Mapper -- Image Web Server ECW JPEG 2000 plug-inMultiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
unknown
2007-09-10
9.3CVE-2007-4470
CERT-VN
FRSIRT
SECUNIA
Focus_SIS -- Focus_SISPHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter.
unknown
2007-09-11
7.5CVE-2007-4806
MILW0RM
BID
Focus_SIS -- Focus_SISMultiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.
unknown
2007-09-11
7.5CVE-2007-4807
MILW0RM
BID
fuzzylime -- fuzzylimeDirectory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the p parameter.
unknown
2007-09-11
7.5CVE-2007-4805
MILW0RM
VIM
BID
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Service Platform
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
unknown
2007-09-08
10.0CVE-2007-4758
OTHER-REF
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
unknown
2007-09-10
7.2CVE-2007-4791
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4792
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4793
OTHER-REF
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.
unknown
2007-09-10
7.2CVE-2007-4794
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
unknown
2007-09-10
7.2CVE-2007-4795
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXBuffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4796
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXMultiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
unknown
2007-09-10
7.2CVE-2007-4797
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803.
unknown
2007-09-12
7.5CVE-2007-4839
OTHER-REF
Immersion Games -- CellFactor RevolutionFormat string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname.
unknown
2007-09-12
7.5CVE-2007-4832
OTHER-REF
SECUNIA
Immersion Games -- CellFactor RevolutionMultiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet.
unknown
2007-09-12
7.5CVE-2007-4838
OTHER-REF
OTHER-REF
SECUNIA
Joomla -- JoomlaSQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-????.
unknown
2007-09-10
7.5CVE-2007-4777
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- JoomlaMultiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-????.
unknown
2007-09-10
7.5CVE-2007-4778
OTHER-REF
OTHER-REF
BID
XF
lighttpd -- lighttpdBuffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."
unknown
2007-09-12
7.5CVE-2007-4727
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Markus Iser -- ED EngineMultiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
unknown
2007-09-11
7.5CVE-2007-4815
MILW0RM
Matteo -- Barbo91Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 allows remote attackers to upload and execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-08
7.5CVE-2007-4761
BID
Microsoft -- windowsStack-based buffer overflow in the Agent.Control function in Microsoft Agent ActiveX control (agentdpv.dll) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL, a different issue than CVE-2007-1205.
unknown
2007-09-11
9.3CVE-2007-3040
BUGTRAQ
MS
FRSIRT
SECUNIA
Microsoft -- Visual BasicBuffer overflow in Microsoft Visual Basic 6.0 allows user-assisted remote attackers to execute arbitrary code via a crafted Visual Basic project (vbp) file, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
unknown
2007-09-10
9.3CVE-2007-4776
MILW0RM
Microsoft -- Visual Fox ProStack-based buffer overflow in a certain ActiveX control in FPOLE.OCX 6.0.8450.0 in the Microsoft Visual FoxPro 6.0 fpole 1.0 Type Library allows remote attackers to execute arbitrary code via a long first argument to the FoxDoCmd function.
unknown
2007-09-10
7.5CVE-2007-4790
MILW0RM
BID
Microsoft -- SQL ServerBuffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
unknown
2007-09-11
7.5CVE-2007-4814
BUGTRAQ
MILW0RM
OTHER-REF
BID
Mozilla -- FirefoxMozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-12
9.3CVE-2007-4841
OTHER-REF
BID
Netjuke -- NetjukeMultiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.
unknown
2007-09-11
7.5CVE-2007-4810
BUGTRAQ
BID
Online Fantasy Football League -- OFFLMultiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.
unknown
2007-09-11
7.5CVE-2007-4809
MILW0RM
BID
OpenSSH -- OpenSSHssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
unknown
2007-09-11
7.5CVE-2007-4752
OTHER-REF
OTHER-REF
PHP -- PHPDirectory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
unknown
2007-09-11
7.5CVE-2007-4825
BUGTRAQ
BUGTRAQ
BUGTRAQ
phpMyQuote -- phpMyQuoteSQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
unknown
2007-09-12
7.5CVE-2007-4835
BUGTRAQ
phpMytourney -- phpMytourneyPHP remote file inclusion vulnerability in menu.php in phpMytourney allows remote attackers to execute arbitrary PHP code via a URL in the functions_file parameter.
unknown
2007-09-08
7.5CVE-2007-4757
MILW0RM
BID
phpRealty -- phpRealtyMultiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.
unknown
2007-09-12
7.5CVE-2007-4834
MILW0RM
Proxy Anket -- Proxy AnketSQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-09-12
7.5CVE-2007-4837
BUGTRAQ
psi-labs -- Social Networking Script psisnsSQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.
unknown
2007-09-13
7.5CVE-2007-4881
BUGTRAQ
BID
SECUNIA
rwscripts.com -- rw_download liteMultiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter.
unknown
2007-09-12
7.5CVE-2007-4845
MILW0RM
Sisfo Kampus -- Sisfo KampusAbsolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.
unknown
2007-09-11
7.5CVE-2007-4820
MILW0RM
BID
Tim Jackson -- PHPOFPHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHPOF 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter.
unknown
2007-09-08
7.5CVE-2007-4763
MILW0RM
BID
TLM CMS -- TLM CMSMultiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php.
unknown
2007-09-11
7.5CVE-2007-4808
MILW0RM
BID
Trend Micro -- ServerProtectStack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
unknown
2007-09-11
10.0CVE-2007-4731
BUGTRAQ
OTHER-REF
SECTRACK
XF
Txx CMS -- Txx CMSMultiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.
unknown
2007-09-11
7.5CVE-2007-4818
BUGTRAQ
MILW0RM
BID
webace -- webace-linkscriptSQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.
unknown
2007-09-12
7.5CVE-2007-4846
MILW0RM

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Connect Enterprise ServerUnspecified vulnerability in Adobe Connect Enterprise Server 6 allows remote attackers to read certain pages that are restricted to the administrator via unknown vectors.
unknown
2007-09-11
5.0CVE-2007-4651
OTHER-REF
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
unknown
2007-09-13
4.3CVE-2007-4465
BUGTRAQ
SREASONRES
OTHER-REF
BID
SREASON
Apple -- SafariBuffer overflow in Apple Safari 3.0.3 522.15.5 allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
unknown
2007-09-11
5.0CVE-2007-4812
BUGTRAQ
Atomix Productions -- AtomixMP3Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487.
unknown
2007-09-11
6.8CVE-2007-4803
MILW0RM
BID
auraCMS -- AuraCMSIncomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftp, (3) ftps, or (4) ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs.
unknown
2007-09-13
6.8CVE-2007-4886
MILW0RM
OTHER-REF
Autodesk -- AutodeskThe cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
unknown
2007-09-13
6.8CVE-2007-4749
BUGTRAQ
OTHER-REF
BID
XF
Avnex -- AV MP3 PlayerAvnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
unknown
2007-09-13
4.3CVE-2007-4885
FULLDISC
buffalotech -- AirStation WHR-G54SCross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.
unknown
2007-09-11
4.3CVE-2007-4822
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
Callisto -- PhotoParade PlayerBuffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in Callisto PhotoParade Player allows remote attackers to execute arbitrary code via the FileVersionof property.
unknown
2007-09-13
6.8CVE-2007-1688
CERT-VN
BID
Cisco -- Adaptive Security ApplianceCisco Adaptive Security Appliance (ASA) running PIX 7.0 before 7.0.7.1, 7.1 before 7.1.2.61, 7.2 before 7.2.2.34, and 8.0 before 8.0.2.11, when AAA is enabled, composes %ASA-5-111008 messages from the "test aaa" command with cleartext passwords and sends them over the network to a remote syslog server or places them in a local logging buffer, which allows context-dependent attackers to obtain sensitive information.
unknown
2007-09-10
4.3CVE-2007-4786
OTHER-REF
OTHER-REF
CERT-VN
BID
SECUNIA
COR Entertainment -- Alien Arena 2007Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries.
unknown
2007-09-07
5.0CVE-2007-4755
BUGTRAQ
OTHER-REF
BID
XF
Deutsche Post -- Stampit WebStampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed.
unknown
2007-09-12
5.0CVE-2007-3871
FULLDISC
OTHER-REF
OTHER-REF
XF
DirectAdmin -- DirectAdminCross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
unknown
2007-09-12
4.3CVE-2007-4830
OTHER-REF
Domino Blogsphere -- Domino BlogsphereCross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-11
4.3CVE-2007-4813
BID
Ghisler -- Total CommanderDirectory traversal vulnerability in the FTP client in Total Commander before 7.02 allows remote FTP servers to create or overwrite arbitrary files via "..\" (dot dot backslash) sequences in a filename. NOTE: the "..\" are not displayed when the user lists files. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-07
6.8CVE-2007-4756
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Google -- PicasaMultiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-11
5.0CVE-2007-4823
OTHER-REF
Google -- PicasaMultiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-11
4.3CVE-2007-4824
OTHER-REF
Google -- PicasaGoogle Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
unknown
2007-09-12
5.0CVE-2007-4847
OTHER-REF
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Service Platform
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
unknown
2007-09-08
5.0CVE-2007-4759
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- uCosminexus Application Server Standard
Hitachi -- uCosminexus Application Server Enterprise
Hitachi -- uCosminexus Developer Standard
Hitachi -- uCosminexus Service Platform
The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503.
unknown
2007-09-08
4.3CVE-2007-4760
OTHER-REF
BID
FRSIRT
SECUNIA
XF
IBM -- AIXUnspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".
unknown
2007-09-10
6.6CVE-2007-4798
OTHER-REF
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- AIXThe perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
unknown
2007-09-10
4.9CVE-2007-4799
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- WebSphere Application ServerUnspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789.
unknown
2007-09-12
5.0CVE-2007-4833
OTHER-REF
FRSIRT
SECUNIA
ISC -- BINDThe (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.
unknown
2007-09-11
4.3CVE-2007-2930
OTHER-REF
OTHER-REF
CERT-VN
CIAC
Joomla -- JoomlaCross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
unknown
2007-09-10
4.3CVE-2007-4779
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- JoomlaJoomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories.
unknown
2007-09-10
6.8CVE-2007-4780
BUGTRAQ
OTHER-REF
BID
XF
Joomla -- Joomlaadministrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
unknown
2007-09-10
6.6CVE-2007-4781
MILW0RM
BID
XF
Media Player Classic -- Media Player ClassicMedia Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
unknown
2007-09-13
4.3CVE-2007-4884
FULLDISC
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-12
4.3CVE-2007-4828
MLIST
SECUNIA
MediaWiki -- MediaWikiCross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.
unknown
2007-09-13
4.3CVE-2007-4883
MLIST
Microsoft -- Windows Services for UNIX
Microsoft -- windows-nt
Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
unknown
2007-09-11
4.4CVE-2007-3036
MS
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 4.0 through 7 allows remote attackers to determine the existence of local files that have associated images via a res:// URI in the src property of a JavaScript Image object, as demonstrated by the URI for a bitmap image resource within a (1) .exe or (2) .dll file.
unknown
2007-09-12
4.3CVE-2007-4848
OTHER-REF
Microsoft -- Visual StudioAbsolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
unknown
2007-09-13
5.8CVE-2007-4890
MILW0RM
BID
Microsoft -- Visual StudioA certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
unknown
2007-09-13
6.8CVE-2007-4891
MILW0RM
BID
Mozilla -- FirefoxMozilla Firefox 2.0.x can automatically install TLS client certificates withminimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
unknown
2007-09-13
5.0CVE-2007-4879
OTHER-REF
OTHER-REF
Netjuke -- NetjukeMultiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.
unknown
2007-09-11
4.3CVE-2007-4811
BUGTRAQ
BID
One Laptop Per Child -- OLPC LinuxJFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.
unknown
2007-09-12
4.4CVE-2007-4849
MLIST
OTHER-REF
OTHER-REF
ourgame.com -- GlobalLinkMultiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll.
unknown
2007-09-11
6.8CVE-2007-4802
MILW0RM
MILW0RM
BID
BID
XF
XF
pawfaliki -- pawfalikiDirectory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 allows remote attackers to list arbitrary files via a .. (dot dot) in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-09-08
5.0CVE-2007-4764
BID
SECUNIA
XF
PHP -- PHPPHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4782
BUGTRAQ
BUGTRAQ
BUGTRAQ
PHP -- PHPThe iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4783
BUGTRAQ
PHP -- PHPThe setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
unknown
2007-09-10
5.0CVE-2007-4784
BUGTRAQ
PHP -- PHPPHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.
unknown
2007-09-12
5.0CVE-2007-4840
BUGTRAQ
PHP -- PHPThe dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.
unknown
2007-09-13
4.3CVE-2007-4887
BUGTRAQ
BUGTRAQ
PHP -- PHP
PHP -- MySQL extension
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
unknown
2007-09-13
6.8CVE-2007-4889
BUGTRAQ
phpMyQuote -- phpMyQuoteCross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action.
unknown
2007-09-12
4.3CVE-2007-4836
BUGTRAQ
Quagga -- Quagga Routing Software Suitebgpd in Quagga before 0.99.9 allows remote BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) COMMUNITY attribute.
unknown
2007-09-12
4.3CVE-2007-4826
OTHER-REF
BID
SECUNIA
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
unknown
2007-09-13
6.9CVE-2007-3740
OTHER-REF
REDHAT
SECUNIA
Samba -- SambaThe Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
unknown
2007-09-13
6.9CVE-2007-4138
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Sony -- Micro Vault Fingerprint Access SoftwareSony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
unknown
2007-09-10
6.8CVE-2007-4785
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Sophos -- Anti-VirusCross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file with a crafted filename and whose content matches a virus signature, which is not properly handled by the print function in SavMain.exe.
unknown
2007-09-10
4.3CVE-2007-4512
BUGTRAQ
OTHER-REF
BID
Sophos -- Scanning Engine
Sophos -- Sophos Anti-Virus
The virus detection engine in Sophos Anti-Virus before 2.49.0 does not properly process malformed (1) CAB, (2) LZH, and (3) RAR files with modified headers, which might allow remote attackers to bypass malware detection.
unknown
2007-09-10
5.0CVE-2007-4787
OTHER-REF
BID
TechExcel Inc. -- CustomerWiseMultiple cross-site scripting (XSS) vulnerabilities in TechExcel CustomerWise (formerly TechExcel CRM) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-13
4.3CVE-2007-4882
OTHER-REF
OTHER-REF
BID
Thomson -- ST 2030 SIP phoneThe Thomson ST 2030 SIP phone with software 1.52.1 allows remote attackers to cause a denial of service (device hang) via (1) an empty SIP message or (2) a SIP INVITE message with a malformed To header, different vectors than CVE-2007-4553.
unknown
2007-09-07
5.0CVE-2007-4753
FULLDISC
FULLDISC
SECTRACK
SECTRACK
SECUNIA
XF
Txx CMS -- Txx CMSMultiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-09-11
4.3CVE-2007-4819
BUGTRAQ
MILW0RM
X-Diesel -- Unreal CommanderDirectory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
unknown
2007-09-12
5.8CVE-2007-4843
BUGTRAQ
OTHER-REF
BID
X-Diesel -- Unreal CommanderX-Diesel Unreal Commander 0.92 build 565 and 573 does not properly react to an FTP server's behavior after sending a "CWD /" command, which allows remote FTP servers to cause a denial of service (infinite loop) by (1) repeatedly sending a 550 error response, or (2) sending a 550 error response and then disconnecting.
unknown
2007-09-12
4.3CVE-2007-4844
BUGTRAQ
OTHER-REF
BID
X.Org -- xorg-serverBuffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
unknown
2007-09-11
4.6CVE-2007-4730
MLIST
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
XWiki -- XWikiPreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document.
unknown
2007-09-13
6.5CVE-2006-7223
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Red Hat -- Enterprise Linux Desktop
Red Hat -- Enterprise Linux
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
unknown
2007-09-13
1.9CVE-2007-3739
MLIST
OTHER-REF
REDHAT
SECUNIA
TorrentTrader -- TorrentTraderMultiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.
unknown
2007-09-12
2.6CVE-2007-4831
OTHER-REF
SECUNIA
XWiki -- XWikiThe "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribute of the doc variable.
unknown
2007-09-13
3.5CVE-2007-4888
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top