U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-316)

Vulnerability Summary for the Week of November 5, 2007

Original release date: November 12, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
afcommerce -- AFCommerceSQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-05
7.5CVE-2007-5836
BID
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
unknown
2007-11-07
9.3CVE-2007-2395
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
unknown
2007-11-07
9.3CVE-2007-3750
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeUnspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
unknown
2007-11-07
9.3CVE-2007-3751
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
unknown
2007-11-07
7.6CVE-2007-4672
BUGTRAQ
OTHER-REF
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
unknown
2007-11-07
9.3CVE-2007-4675
IDEFENSE
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
unknown
2007-11-07
9.3CVE-2007-4676
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
unknown
2007-11-07
9.3CVE-2007-4677
BUGTRAQ
OTHER-REF
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Avaya -- Message Networking
Avaya -- Messaging Storage Server
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
unknown
2007-11-05
7.8CVE-2007-5830
OTHER-REF
SECUNIA
Ax Developer CMS -- Ax Developer CMSDirectory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
unknown
2007-11-05
9.3CVE-2007-5820
MILW0RM
XF
easyGB -- easyGBDirectory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-07
10.0CVE-2007-5890
BID
EDraw -- Flowchart ActiveXAbsolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
unknown
2007-11-05
9.3CVE-2007-5826
MILW0RM
FRSIRT
XF
FireFly -- Media Serverwebserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
unknown
2007-11-05
7.1CVE-2007-5824
BUGTRAQ
BUGTRAQ
BUGTRAQ
MILW0RM
Firewolf Technologies -- SynergiserDirectory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
unknown
2007-11-02
7.5CVE-2007-5802
BUGTRAQ
OTHER-REF
BID
GuppY -- GuppYDirectory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter.
unknown
2007-11-06
7.5CVE-2007-5844
MILW0RM
BID
GuppY -- GuppYDirectory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
unknown
2007-11-06
7.5CVE-2007-5845
MILW0RM
MILW0RM
OTHER-REF
IBM -- AIXStack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
unknown
2007-11-05
7.2CVE-2007-4217
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IBM -- AIXMultiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
unknown
2007-11-05
7.2CVE-2007-4513
IDEFENSE
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
BID
BID
IBM -- AIXBuffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
unknown
2007-11-05
7.2CVE-2007-4621
IDEFENSE
OTHER-REF
AIXAPAR
BID
IBM -- AIXInteger underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
unknown
2007-11-05
7.2CVE-2007-4622
IDEFENSE
OTHER-REF
AIXAPAR
BID
IBM -- AIXStack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
unknown
2007-11-05
7.2CVE-2007-4623
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IDMOS -- IDMOSMultiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.
unknown
2007-11-07
10.0CVE-2007-5889
BUGTRAQ
XF
Infuseum -- ASP Message BoardSQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-07
7.5CVE-2007-5887
MILW0RM
BID
XF
Link Grammar -- Link Grammar
AbiWord -- AbiWord Link Grammar
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
unknown
2007-11-07
10.0CVE-2007-5395
OTHER-REF
OTHER-REF
SECUNIA
SECUNIA
Microsoft -- Sysinternals DebugViewDbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
unknown
2007-11-08
7.2CVE-2007-4223
IDEFENSE
FRSIRT
SECTRACK
SECUNIA
Mozilla -- FirefoxMozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.
unknown
2007-11-08
7.1CVE-2007-5896
FULLDISC
OTHER-REF
XF
Net-SNMP -- Net-SNMPThe SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
unknown
2007-11-06
7.8CVE-2007-5846
OTHER-REF
Oracle -- E-Business Suite 11i
Oracle -- E-Business Suite 12
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.
unknown
2007-11-08
7.5CVE-2007-5766
BUGTRAQ
OTHER-REF
OTHER-REF
Oracle -- Oracle9i Database Server Release 1
Oracle -- Oracle8i Database Server Release 3
Oracle -- Oracle10g Database Server Release 1
Oracle -- Oracle9i Database Server Release 2
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.
unknown
2007-11-08
8.5CVE-2007-5897
BUGTRAQ
OTHER-REF
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patters containing unmatched "\Q\E" sequences with orphan "\E" codes.
unknown
2007-11-07
7.5CVE-2007-1659
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
unknown
2007-11-07
7.5CVE-2007-1660
DEBIAN
FRSIRT
PCRE -- PCREMultiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
unknown
2007-11-07
7.5CVE-2007-4766
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREHeap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
unknown
2007-11-07
10.0CVE-2007-4768
DEBIAN
FRSIRT
Plone -- PlonePlone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
unknown
2007-11-07
7.5CVE-2007-5741
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Red Hat -- enterprise_linux_application_stack
Larry Wall -- Perl
MandrakeSoft -- Multi Network Firewall
OpenPKG -- OpenPKG
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
unknown
2007-11-07
10.0CVE-2007-5116
OTHER-REF
MANDRIVA
REDHAT
REDHAT
BID
FRSIRT
SECUNIA
SECUNIA
redhat -- rhel_certificate_serverCertificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
unknown
2007-11-06
7.5CVE-2007-4994
REDHAT
FRSIRT
sBLOG -- sBlogCross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators.
unknown
2007-11-05
7.6CVE-2007-5818
BUGTRAQ
OTHER-REF
XF
Scribe -- ScribeDirect static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action.
unknown
2007-11-05
7.5CVE-2007-5822
BUGTRAQ
MILW0RM
OTHER-REF
XF
Scribe -- ScribeDirectory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action.
unknown
2007-11-05
7.5CVE-2007-5823
BUGTRAQ
MILW0RM
OTHER-REF
SonicWall -- SSL VPNStack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
unknown
2007-11-05
9.3CVE-2007-5603
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
SECUNIA
SonicWall -- SSL VPNMultiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
unknown
2007-11-05
9.3CVE-2007-5814
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
SonicWall -- SSL VPNAbsolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
unknown
2007-11-05
10.0CVE-2007-5815
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
SSL-Explorer -- SSL-ExplorerDirectory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-05
7.5CVE-2007-5831
OTHER-REF
SECUNIA
SSL-Explorer -- SSL-ExplorerUnspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information.
unknown
2007-11-05
7.5CVE-2007-5832
OTHER-REF
OTHER-REF
SECUNIA
ssreader -- Ultra Star ReaderStack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources.
unknown
2007-11-07
10.0CVE-2007-5892
OTHER-REF
FRSIRT
SECUNIA
Symantec -- Altiris Deployment SolutionAclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
unknown
2007-11-06
7.2CVE-2007-5838
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Xpdf -- XpdfArray index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
unknown
2007-11-07
7.6CVE-2007-4352
OTHER-REF
SECUNIA
Xpdf -- XpdfInteger overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
unknown
2007-11-07
9.3CVE-2007-5392
OTHER-REF
SECUNIA
Xpdf -- XpdfHeap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
unknown
2007-11-07
9.3CVE-2007-5393
OTHER-REF
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.
unknown
2007-11-05
4.3CVE-2007-5809
OTHER-REF
FRSIRT
SECUNIA
alhem -- C++ Sockets LibraryHTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party sources.
unknown
2007-11-07
5.0CVE-2007-5893
OTHER-REF
SECUNIA
Altiris -- Deployment SolutionDirectory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors.
unknown
2007-11-06
6.8CVE-2007-3874
IDEFENSE
OTHER-REF
BID
SECTRACK
SECUNIA
XF
BitchX -- BitchXThe e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
unknown
2007-11-06
4.6CVE-2007-5839
OTHER-REF
BID
FRSIRT
SECUNIA
BosDev -- BosNewsCross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.
unknown
2007-11-05
4.3CVE-2007-5834
BUGTRAQ
BosDev -- BosNewsInstall.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
unknown
2007-11-05
5.0CVE-2007-5835
BUGTRAQ
Cisco -- Unified MeetingPlaceMultiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
unknown
2007-11-07
4.3CVE-2007-5581
CISCO
FRSIRT
SECUNIA
Citrix -- Advanced Access Control
Citrix -- Access Gateway
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
unknown
2007-11-05
5.0CVE-2007-0011
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
CONTENTCustomizer -- CONTENTCustomizerdialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
unknown
2007-11-05
5.0CVE-2007-5816
OTHER-REF
SECUNIA
CONTENTCustomizer -- CONTENTCustomizerdialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
unknown
2007-11-05
4.3CVE-2007-5817
OTHER-REF
Coppermine -- Coppermine Photo GalleryCross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
unknown
2007-11-07
4.3CVE-2007-5888
OTHER-REF
SECUNIA
Django Project -- DjangoCross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/.
unknown
2007-11-05
6.8CVE-2007-5828
BUGTRAQ
DM Guestbook -- DM GuestbookMultiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.
unknown
2007-11-05
6.8CVE-2007-5821
MILW0RM
XF
FireFly -- Media ServerFormat string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.
unknown
2007-11-05
6.8CVE-2007-5825
BUGTRAQ
BUGTRAQ
Hitachi -- Groupmax Collaboration Web Client
Hitachi -- Groupmax Collaboration Portal
Hitachi -- uCosminexus Collaboration Portal
Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets.
unknown
2007-11-05
5.0CVE-2007-5808
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- uCosminexus Application Server EnterpriseHitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
unknown
2007-11-05
5.0CVE-2007-5810
OTHER-REF
FRSIRT
SECUNIA
IBM -- AIXcfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
unknown
2007-11-05
6.9CVE-2007-5804
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IBM -- AIXcfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
unknown
2007-11-05
6.9CVE-2007-5805
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
ILIAS -- ILIASCross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.
unknown
2007-11-05
4.3CVE-2007-5806
BUGTRAQ
OTHER-REF
OTHER-REF
BID
ISPworker -- ISPworkerMultiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.
unknown
2007-11-05
5.0CVE-2007-5813
MILW0RM
Linux -- KernelInteger underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
unknown
2007-11-06
6.8CVE-2007-4997
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
ManageEngine -- OpManager
ManageEngine -- OpManager MSP
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-07
4.3CVE-2007-5891
BID
SECUNIA
ModuleBuilder -- ModuleBuilderDirectory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-11-05
5.0CVE-2007-5812
MILW0RM
nuBoard -- nuBoardPHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
unknown
2007-11-06
6.8CVE-2007-5841
MILW0RM
Oracle -- Oracle10g Database ServerBuffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
unknown
2007-11-08
6.0CVE-2007-4517
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
PCRE -- PCREMultiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 6.7 allow context-dependent attackers to execute arbitrary code via a regular expression containing (1) a large number of named subpatterns (name_count), (2) long subpattern names (max_name_size), (3) a repeated subpattern with a long name, or (4) an unspecified vector involving the (a) max, (b) min, and (c) duplength variables in the length calculation in pcre_compile.
unknown
2007-11-08
6.8CVE-2006-7224
OTHER-REF
OTHER-REF
SECUNIA
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
unknown
2007-11-07
6.4CVE-2007-1661
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
unknown
2007-11-07
5.0CVE-2007-1662
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
unknown
2007-11-07
5.0CVE-2007-4767
OTHER-REF
DEBIAN
FRSIRT
phpMyConferences -- phpMyConferences** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed.
unknown
2007-11-05
5.0CVE-2007-5811
MILW0RM
VIM
VIM
scwiki -- scWikiPHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
unknown
2007-11-06
6.8CVE-2007-5843
MILW0RM
BID
ssreader -- Ultra Star ReaderBuffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-05
6.8CVE-2007-5807
BID
Symantec -- AntiVirus
Symantec -- Norton Antivirus
Symantec -- Norton Internet Security
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing certain files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
unknown
2007-11-05
6.0CVE-2007-5829
OTHER-REF
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SyndeoCMS -- SyndeoCMSPHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
unknown
2007-11-06
6.8CVE-2007-5840
MILW0RM
Vortex Portal -- Vortex PortalMultiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.
unknown
2007-11-06
6.8CVE-2007-5842
MILW0RM
yarssr -- yarssrGUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
unknown
2007-11-05
6.8CVE-2007-5837
OTHER-REF
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
BosDev -- BosMarket Business Directory SystemMultiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post.
unknown
2007-11-05
3.5CVE-2007-5833
BUGTRAQ
fedoraproject -- CoolkeyCoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
unknown
2007-11-08
3.3CVE-2007-4129
OTHER-REF
REDHAT
BID
GForge -- GForgegforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
unknown
2007-11-08
3.3CVE-2007-3921
DEBIAN
IBM -- Tivoli Continuous Data Protection for FilesIBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.
unknown
2007-11-05
2.1CVE-2007-5819
AIXAPAR
FRSIRT
SECUNIA
XF
iscsitarget -- iscsitargetiSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
unknown
2007-11-05
2.1CVE-2007-5827
OTHER-REF
BID
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
afcommerce -- AFCommerceSQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-05
7.5CVE-2007-5836
BID
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
unknown
2007-11-07
9.3CVE-2007-2395
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.
unknown
2007-11-07
9.3CVE-2007-3750
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeUnspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
unknown
2007-11-07
9.3CVE-2007-3751
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.
unknown
2007-11-07
7.6CVE-2007-4672
BUGTRAQ
OTHER-REF
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
unknown
2007-11-07
9.3CVE-2007-4675
IDEFENSE
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
unknown
2007-11-07
9.3CVE-2007-4676
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
APPLE
FRSIRT
SECTRACK
SECUNIA
Apple -- QuicktimeHeap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
unknown
2007-11-07
9.3CVE-2007-4677
BUGTRAQ
OTHER-REF
OTHER-REF
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Avaya -- Message Networking
Avaya -- Messaging Storage Server
Unspecified vulnerability in the administrative interface in Avaya Messaging Storage Server (MSS) 3.1 before SP1, and Message Networking (MN) 3.1, allows remote attackers to cause a denial of service via unspecified vectors related to "input validation."
unknown
2007-11-05
7.8CVE-2007-5830
OTHER-REF
SECUNIA
Ax Developer CMS -- Ax Developer CMSDirectory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
unknown
2007-11-05
9.3CVE-2007-5820
MILW0RM
XF
easyGB -- easyGBDirectory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-07
10.0CVE-2007-5890
BID
EDraw -- Flowchart ActiveXAbsolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
unknown
2007-11-05
9.3CVE-2007-5826
MILW0RM
FRSIRT
XF
FireFly -- Media Serverwebserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
unknown
2007-11-05
7.1CVE-2007-5824
BUGTRAQ
BUGTRAQ
BUGTRAQ
MILW0RM
Firewolf Technologies -- SynergiserDirectory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
unknown
2007-11-02
7.5CVE-2007-5802
BUGTRAQ
OTHER-REF
BID
GuppY -- GuppYDirectory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the selskin parameter to index.php. NOTE: this can be leveraged for remote file inclusion by including inc/boxleft.inc and specifying a URL in the xposbox[L][] array parameter.
unknown
2007-11-06
7.5CVE-2007-5844
MILW0RM
BID
GuppY -- GuppYDirectory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
unknown
2007-11-06
7.5CVE-2007-5845
MILW0RM
MILW0RM
OTHER-REF
IBM -- AIXStack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
unknown
2007-11-05
7.2CVE-2007-4217
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IBM -- AIXMultiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
unknown
2007-11-05
7.2CVE-2007-4513
IDEFENSE
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
AIXAPAR
AIXAPAR
BID
BID
IBM -- AIXBuffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
unknown
2007-11-05
7.2CVE-2007-4621
IDEFENSE
OTHER-REF
AIXAPAR
BID
IBM -- AIXInteger underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
unknown
2007-11-05
7.2CVE-2007-4622
IDEFENSE
OTHER-REF
AIXAPAR
BID
IBM -- AIXStack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
unknown
2007-11-05
7.2CVE-2007-4623
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IDMOS -- IDMOSMultiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.
unknown
2007-11-07
10.0CVE-2007-5889
BUGTRAQ
XF
Infuseum -- ASP Message BoardSQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-07
7.5CVE-2007-5887
MILW0RM
BID
XF
Link Grammar -- Link Grammar
AbiWord -- AbiWord Link Grammar
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.
unknown
2007-11-07
10.0CVE-2007-5395
OTHER-REF
OTHER-REF
SECUNIA
SECUNIA
Microsoft -- Sysinternals DebugViewDbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an unspecified mechanism for copying data into kernel memory, which allows local users to gain privileges via unspecified vectors.
unknown
2007-11-08
7.2CVE-2007-4223
IDEFENSE
FRSIRT
SECTRACK
SECUNIA
Mozilla -- FirefoxMozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.
unknown
2007-11-08
7.1CVE-2007-5896
FULLDISC
OTHER-REF
XF
Net-SNMP -- Net-SNMPThe SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
unknown
2007-11-06
7.8CVE-2007-5846
OTHER-REF
Oracle -- E-Business Suite 11i
Oracle -- E-Business Suite 12
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.
unknown
2007-11-08
7.5CVE-2007-5766
BUGTRAQ
OTHER-REF
OTHER-REF
Oracle -- Oracle9i Database Server Release 1
Oracle -- Oracle8i Database Server Release 3
Oracle -- Oracle10g Database Server Release 1
Oracle -- Oracle9i Database Server Release 2
Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.
unknown
2007-11-08
8.5CVE-2007-5897
BUGTRAQ
OTHER-REF
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patters containing unmatched "\Q\E" sequences with orphan "\E" codes.
unknown
2007-11-07
7.5CVE-2007-1659
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.
unknown
2007-11-07
7.5CVE-2007-1660
DEBIAN
FRSIRT
PCRE -- PCREMultiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.
unknown
2007-11-07
7.5CVE-2007-4766
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREHeap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.
unknown
2007-11-07
10.0CVE-2007-4768
DEBIAN
FRSIRT
Plone -- PlonePlone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
unknown
2007-11-07
7.5CVE-2007-5741
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Red Hat -- enterprise_linux_application_stack
Larry Wall -- Perl
MandrakeSoft -- Multi Network Firewall
OpenPKG -- OpenPKG
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
unknown
2007-11-07
10.0CVE-2007-5116
OTHER-REF
MANDRIVA
REDHAT
REDHAT
BID
FRSIRT
SECUNIA
SECUNIA
redhat -- rhel_certificate_serverCertificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.
unknown
2007-11-06
7.5CVE-2007-4994
REDHAT
FRSIRT
sBLOG -- sBlogCross-site request forgery (CSRF) vulnerability in blocks_edit_do.php in sBlog 0.7.3 Beta allows remote attackers to change arbitrary blocks as administrators.
unknown
2007-11-05
7.6CVE-2007-5818
BUGTRAQ
OTHER-REF
XF
Scribe -- ScribeDirect static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action.
unknown
2007-11-05
7.5CVE-2007-5822
BUGTRAQ
MILW0RM
OTHER-REF
XF
Scribe -- ScribeDirectory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the username parameter in a Register action.
unknown
2007-11-05
7.5CVE-2007-5823
BUGTRAQ
MILW0RM
OTHER-REF
SonicWall -- SSL VPNStack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
unknown
2007-11-05
9.3CVE-2007-5603
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
OTHER-REF
CERT-VN
BID
SECUNIA
SonicWall -- SSL VPNMultiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
unknown
2007-11-05
9.3CVE-2007-5814
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
SonicWall -- SSL VPNAbsolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
unknown
2007-11-05
10.0CVE-2007-5815
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
SSL-Explorer -- SSL-ExplorerDirectory traversal vulnerability in fileSystem.do in SSL-Explorer before 0.2.14 allows remote attackers to access arbitrary files via directory traversal sequences in the path parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-05
7.5CVE-2007-5831
OTHER-REF
SECUNIA
SSL-Explorer -- SSL-ExplorerUnspecified vulnerability in selectLanguage.do in SSL-Explorer before 0.2.15 allows remote attackers to inject (1) headers or (2) body data in an HTTP transaction, a different vulnerability than CVE-2007-2907. NOTE: some of these details are obtained from third party information.
unknown
2007-11-05
7.5CVE-2007-5832
OTHER-REF
OTHER-REF
SECUNIA
ssreader -- Ultra Star ReaderStack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources.
unknown
2007-11-07
10.0CVE-2007-5892
OTHER-REF
FRSIRT
SECUNIA
Symantec -- Altiris Deployment SolutionAclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows local users to gain local System privileges via the "Enable key-based authentication to Deployment server" browser option, a different issue than CVE-2007-4380.
unknown
2007-11-06
7.2CVE-2007-5838
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Xpdf -- XpdfArray index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
unknown
2007-11-07
7.6CVE-2007-4352
OTHER-REF
SECUNIA
Xpdf -- XpdfInteger overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
unknown
2007-11-07
9.3CVE-2007-5392
OTHER-REF
SECUNIA
Xpdf -- XpdfHeap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
unknown
2007-11-07
9.3CVE-2007-5393
OTHER-REF
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
 Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.
unknown
2007-11-05
4.3CVE-2007-5809
OTHER-REF
FRSIRT
SECUNIA
alhem -- C++ Sockets LibraryHTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote attackers to cause a denial of service (crash) via an HTTP request with a missing protocol version number, which triggers an exception. NOTE: some of these details were obtained from third party sources.
unknown
2007-11-07
5.0CVE-2007-5893
OTHER-REF
SECUNIA
Altiris -- Deployment SolutionDirectory traversal vulnerability in the tftp/mftp daemon in the PXE server component (pxemtftp.exe) in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 allows remote attackers to read arbitrary files via unspecified vectors.
unknown
2007-11-06
6.8CVE-2007-3874
IDEFENSE
OTHER-REF
BID
SECTRACK
SECUNIA
XF
BitchX -- BitchXThe e_hostname function in commands.c in BitchX 1.1a allows local users to overwrite arbitrary files via a symlink attack on temporary files when using the (1) HOSTNAME or (2) IRCHOST command.
unknown
2007-11-06
4.6CVE-2007-5839
OTHER-REF
BID
FRSIRT
SECUNIA
BosDev -- BosNewsCross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post.
unknown
2007-11-05
4.3CVE-2007-5834
BUGTRAQ
BosDev -- BosNewsInstall.php in BosDev BosNews 4 and 5 does not require authentication for replacing an existing product installation or creating a new admin account, which allows remote attackers to cause a denial of service (overwritten files) and possibly obtain administrative access.
unknown
2007-11-05
5.0CVE-2007-5835
BUGTRAQ
Cisco -- Unified MeetingPlaceMultiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters.
unknown
2007-11-07
4.3CVE-2007-5581
CISCO
FRSIRT
SECUNIA
Citrix -- Advanced Access Control
Citrix -- Access Gateway
The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache.
unknown
2007-11-05
5.0CVE-2007-0011
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
CONTENTCustomizer -- CONTENTCustomizerdialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to obtain sensitive author credentials by making a request with an editauthor action, then reading the value of the newlocalpassword password input field in the HTML source of the resulting page.
unknown
2007-11-05
5.0CVE-2007-5816
OTHER-REF
SECUNIA
CONTENTCustomizer -- CONTENTCustomizerdialog.php in CONTENTCustomizer 3.1mp and earlier allows remote attackers to perform certain privileged actions via a (1) del, (2) delbackup, (3) res, or (4) ren action. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) and possibly other attacks.
unknown
2007-11-05
4.3CVE-2007-5817
OTHER-REF
Coppermine -- Coppermine Photo GalleryCross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
unknown
2007-11-07
4.3CVE-2007-5888
OTHER-REF
SECUNIA
Django Project -- DjangoCross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/.
unknown
2007-11-05
6.8CVE-2007-5828
BUGTRAQ
DM Guestbook -- DM GuestbookMultiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.
unknown
2007-11-05
6.8CVE-2007-5821
MILW0RM
XF
FireFly -- Media ServerFormat string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password portion of base64-encoded data on the "Authorization: Basic" HTTP header line.
unknown
2007-11-05
6.8CVE-2007-5825
BUGTRAQ
BUGTRAQ
Hitachi -- Groupmax Collaboration Web Client
Hitachi -- Groupmax Collaboration Portal
Hitachi -- uCosminexus Collaboration Portal
Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets.
unknown
2007-11-05
5.0CVE-2007-5808
OTHER-REF
FRSIRT
SECUNIA
Hitachi -- uCosminexus Application Server EnterpriseHitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
unknown
2007-11-05
5.0CVE-2007-5810
OTHER-REF
FRSIRT
SECUNIA
IBM -- AIXcfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
unknown
2007-11-05
6.9CVE-2007-5804
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
IBM -- AIXcfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
unknown
2007-11-05
6.9CVE-2007-5805
IDEFENSE
OTHER-REF
OTHER-REF
AIXAPAR
AIXAPAR
BID
XF
ILIAS -- ILIASCross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.
unknown
2007-11-05
4.3CVE-2007-5806
BUGTRAQ
OTHER-REF
OTHER-REF
BID
ISPworker -- ISPworkerMultiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.
unknown
2007-11-05
5.0CVE-2007-5813
MILW0RM
Linux -- KernelInteger underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."
unknown
2007-11-06
6.8CVE-2007-4997
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
ManageEngine -- OpManager
ManageEngine -- OpManager MSP
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-07
4.3CVE-2007-5891
BID
SECUNIA
ModuleBuilder -- ModuleBuilderDirectory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-11-05
5.0CVE-2007-5812
MILW0RM
nuBoard -- nuBoardPHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
unknown
2007-11-06
6.8CVE-2007-5841
MILW0RM
Oracle -- Oracle10g Database ServerBuffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
unknown
2007-11-08
6.0CVE-2007-4517
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
PCRE -- PCREMultiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 6.7 allow context-dependent attackers to execute arbitrary code via a regular expression containing (1) a large number of named subpatterns (name_count), (2) long subpattern names (max_name_size), (3) a repeated subpattern with a long name, or (4) an unspecified vector involving the (a) max, (b) min, and (c) duplength variables in the length calculation in pcre_compile.
unknown
2007-11-08
6.8CVE-2006-7224
OTHER-REF
OTHER-REF
SECUNIA
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
unknown
2007-11-07
6.4CVE-2007-1661
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.
unknown
2007-11-07
5.0CVE-2007-1662
OTHER-REF
DEBIAN
FRSIRT
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.
unknown
2007-11-07
5.0CVE-2007-4767
OTHER-REF
DEBIAN
FRSIRT
phpMyConferences -- phpMyConferences** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed.
unknown
2007-11-05
5.0CVE-2007-5811
MILW0RM
VIM
VIM
scwiki -- scWikiPHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
unknown
2007-11-06
6.8CVE-2007-5843
MILW0RM
BID
ssreader -- Ultra Star ReaderBuffer overflow in the register function in Ultra Star Reader ActiveX control in SSReader allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-05
6.8CVE-2007-5807
BID
Symantec -- AntiVirus
Symantec -- Norton Antivirus
Symantec -- Norton Internet Security
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing certain files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
unknown
2007-11-05
6.0CVE-2007-5829
OTHER-REF
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SyndeoCMS -- SyndeoCMSPHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
unknown
2007-11-06
6.8CVE-2007-5840
MILW0RM
Vortex Portal -- Vortex PortalMultiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.
unknown
2007-11-06
6.8CVE-2007-5842
MILW0RM
yarssr -- yarssrGUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
unknown
2007-11-05
6.8CVE-2007-5837
OTHER-REF
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
BosDev -- BosMarket Business Directory SystemMultiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post.
unknown
2007-11-05
3.5CVE-2007-5833
BUGTRAQ
fedoraproject -- CoolkeyCoolKey 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files in the /tmp/.pk11ipc1/ directory.
unknown
2007-11-08
3.3CVE-2007-4129
OTHER-REF
REDHAT
BID
GForge -- GForgegforge 3.1 and 4.5.14 allows local users to truncate arbitrary files via a symlink attack on temporary files.
unknown
2007-11-08
3.3CVE-2007-3921
DEBIAN
IBM -- Tivoli Continuous Data Protection for FilesIBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.
unknown
2007-11-05
2.1CVE-2007-5819
AIXAPAR
FRSIRT
SECUNIA
XF
iscsitarget -- iscsitargetiSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.
unknown
2007-11-05
2.1CVE-2007-5827
OTHER-REF
BID
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top