U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-323)

Vulnerability Summary for the Week of November 12, 2007

Original release date: November 19, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
unknown
2007-11-14
7.5CVE-2007-4679
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
unknown
2007-11-14
7.5CVE-2007-4680
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.
unknown
2007-11-15
9.3CVE-2007-4344
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
AOL -- RadioMultiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
unknown
2007-11-13
10.0CVE-2007-5755
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS XThe kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach thread or thread exception port, which allows local users to execute arbitrary code by writing to the address space of a privileged process.
unknown
2007-11-14
7.2CVE-2007-3749
APPLE
Apple -- Mac OS XStack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ioctl request to an AppleTalk socket.
unknown
2007-11-14
7.2CVE-2007-4267
APPLE
Apple -- Mac OS XAn "arithmetic error" in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message that triggers a buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4268
APPLE
Apple -- Mac OS XInteger overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4269
IDEFENSE
APPLE
Apple -- QuicktimeAppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
unknown
2007-11-14
7.1CVE-2007-4678
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
unknown
2007-11-14
7.2CVE-2007-4685
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or execute arbitrary code via a crafted ioctl request.
unknown
2007-11-14
7.2CVE-2007-4686
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
unknown
2007-11-14
9.3CVE-2007-4687
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
unknown
2007-11-14
10.0CVE-2007-4689
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
unknown
2007-11-14
9.0CVE-2007-4690
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
unknown
2007-11-14
10.0CVE-2007-4691
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
unknown
2007-11-14
7.2CVE-2007-4693
APPLE
Apple -- SafariThe default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
unknown
2007-11-14
7.5CVE-2007-4699
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
unknown
2007-11-14
7.5CVE-2007-4700
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4702
APPLE
OTHER-REF
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root-owned executable from accepting incoming connections, even when "Block incoming connections" has been set for that executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4703
APPLE
OTHER-REF
Apple -- Mac OS XThe Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted again, which might allow attackers to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4704
APPLE
OTHER-REF
Autonomy -- KeyView Viewer SDK
Autonomy -- KeyView Export SDK
Autonomy -- KeyView Filter SDK
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
9.3CVE-2007-6008
SECUNIA
BTI-Tracker -- BTI-Trackerblocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
unknown
2007-11-14
7.5CVE-2007-5988
OTHER-REF
OTHER-REF
SECUNIA
XF
bug software -- bughotel reservation systemUnspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
10.0CVE-2007-6011
BID
datecomm -- Social Networking ScriptSQL injection vulnerability in index.php in datecomm Social Networking Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
7.5CVE-2007-5992
BID
E-Vendejo -- 0.2SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-13
7.5CVE-2007-5951
OTHER-REF
SECUNIA
EXO -- ExoPHPDeskSQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
unknown
2007-11-15
7.5CVE-2007-5991
BUGTRAQ
BID
HP -- HP-UXUnspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
unknown
2007-11-13
7.2CVE-2007-5946
HP
BID
SECTRACK
IBM -- Informix Dynamic ServerDirectory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows attackers to have an unknown impact via directory traversal sequences in the DBLANG environment variable.
unknown
2007-11-14
7.2CVE-2007-5956
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JPortal -- JPortal Web PortalSQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
unknown
2007-11-14
7.5CVE-2007-5973
MILW0RM
BID
XF
JPortal -- JPortal Web PortalSQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
unknown
2007-11-14
7.5CVE-2007-5974
MILW0RM
BID
XF
Justin Hagstrom -- AutoIndex PHP Scriptclasses/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."
unknown
2007-11-14
7.8CVE-2007-5984
BUGTRAQ
OTHER-REF
BID
Microsoft -- windows-ntThe DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
unknown
2007-11-13
7.8CVE-2007-3898
BUGTRAQ
OTHER-REF
MS
CERT-VN
BID
SECTRACK
SECUNIA
XF
Novell -- Novell clientNWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
unknown
2007-11-13
7.2CVE-2007-5667
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Pioneers -- PioneersPioneers before 0.11.3 allows remote attackers to cause a denial of service (crash) by causing a "Broken pipe" error, which triggers a delete operation while the Session object is still being used.
unknown
2007-11-13
7.8CVE-2007-5933
OTHER-REF
OTHER-REF
Pioneers -- PioneersUnspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.
unknown
2007-11-15
7.8CVE-2007-6010
OTHER-REF
redhat -- rhel_cluster
redhat -- Conga
The ricci daemon in Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
unknown
2007-11-13
7.8CVE-2007-4136
OTHER-REF
REDHAT
SECTRACK
softbizscripts -- Link Directory ScriptSQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
unknown
2007-11-15
7.5CVE-2007-5996
MILW0RM
BID
XF
softbizscripts -- Softbiz Auctions ScriptSQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
7.5CVE-2007-5999
MILW0RM
BID
XF
Sun -- Net Connect SoftwareFormat string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
unknown
2007-11-13
7.2CVE-2007-3880
IDEFENSE
SUNALERT
BID
FRSIRT
SECUNIA
Testlink -- testlinkTestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
unknown
2007-11-15
10.0CVE-2007-6006
OTHER-REF
SECUNIA
toko -- instanMultiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
unknown
2007-11-15
7.5CVE-2007-6004
MILW0RM
BID
Ubuntu -- Linux kernelThe skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
unknown
2007-11-14
7.8CVE-2006-7229
OTHER-REF
XOOPS -- MyLinks ModuleSQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-11-14
7.5CVE-2007-5978
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possible execute arbitrary code via a crafted directory hierarchy.
unknown
2007-11-14
4.4CVE-2007-4681
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
unknown
2007-11-14
4.3CVE-2007-4682
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
unknown
2007-11-14
4.6CVE-2007-4683
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.
unknown
2007-11-15
6.8CVE-2007-6007
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
unknown
2007-11-15
6.8CVE-2007-6009
OTHER-REF
Adobe -- ColdFusion
Adobe -- ColdFusion MX
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
unknown
2007-11-15
6.8CVE-2007-5905
OTHER-REF
OTHER-REF
BID
SECTRACK
Adobe -- ShockwaveStack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
unknown
2007-11-13
5.0CVE-2007-5941
MILW0RM
BID
Apple -- Mac OS XInteger overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via crafted arguments to the i386_set_ldt system call.
unknown
2007-11-14
6.9CVE-2007-4684
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
unknown
2007-11-14
5.0CVE-2007-4688
APPLE
Apple -- SafariThe tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
unknown
2007-11-14
4.3CVE-2007-4692
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
unknown
2007-11-14
4.3CVE-2007-4694
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
unknown
2007-11-14
4.3CVE-2007-4695
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
unknown
2007-11-14
4.3CVE-2007-4696
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
unknown
2007-11-14
6.8CVE-2007-4697
APPLE
Apple -- SafariApple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
unknown
2007-11-14
4.3CVE-2007-4698
APPLE
Bandersnatch -- BandersnatchBandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.
unknown
2007-11-13
5.0CVE-2007-5942
OTHER-REF
XF
Bandersnatch -- BandersnatchMultiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
unknown
2007-11-15
4.3CVE-2007-6001
OTHER-REF
XF
BTI-Tracker -- BTI-TrackerMultiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
unknown
2007-11-14
4.3CVE-2007-5985
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
XF
BTI-Tracker -- BTI-TrackerSQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-11-14
5.0CVE-2007-5986
OTHER-REF
OTHER-REF
SECUNIA
XF
BTI-Tracker -- BTI-Trackerdetails.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
unknown
2007-11-14
6.8CVE-2007-5987
OTHER-REF
OTHER-REF
SECUNIA
XF
eggblog -- eggblogCross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5980
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
EXO -- ExoPHPDeskCross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile.
unknown
2007-11-15
4.3CVE-2007-5990
BUGTRAQ
BID
F5 -- Firepass 4100Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
unknown
2007-11-14
4.3CVE-2007-5979
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Fenrir -- Grani
Fenrir -- Sleipnir
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
unknown
2007-11-15
4.3CVE-2007-6002
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
getmiro -- Broadcast MachineCross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2007-11-14
4.3CVE-2007-3694
BUGTRAQ
BID
XF
helioscalendar -- Helios CalendarCross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5952
BID
SECUNIA
IBM -- WebSphere Application ServerCross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
unknown
2007-11-13
4.3CVE-2007-5944
OTHER-REF
AIXAPAR
FRSIRT
IBM -- Informix Dynamic ServerUnspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
unknown
2007-11-14
4.9CVE-2007-5957
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JLMForo System -- JLMForo SystemCross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5954
BID
Justin Hagstrom -- AutoIndex PHP ScriptCross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5983
BUGTRAQ
OTHER-REF
SECUNIA
KDE -- KonquerorKDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
unknown
2007-11-15
5.0CVE-2007-6000
BUGTRAQ
BID
XF
Lantronix -- SCS3200Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-14
5.0CVE-2007-5981
BID
SECUNIA
XF
Linux -- KernelThe tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
unknown
2007-11-15
5.0CVE-2007-5501
OTHER-REF
Mozilla -- FirefoxThe jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
unknown
2007-11-13
4.3CVE-2007-5947
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
NetCommons -- NetCommonsCross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
unknown
2007-11-13
4.3CVE-2007-5950
OTHER-REF
OTHER-REF
SECUNIA
nss_ldap -- nss_ldapRace condition in nss_ldap, when used in applications that use pthread and fork after a call to nss_ldap, does not properly handle the LDAP connection, which might cause nss_ldap to return the wrong user data to the wrong process. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
unknown
2007-11-13
5.0CVE-2007-5794
OTHER-REF
OTHER-REF
MLIST
MLIST
OrangeHRM -- OrangeHRMThe reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-10
5.0CVE-2007-5931
OTHER-REF
BID
FRSIRT
XF
PCRE -- PCREInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7227
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
PCRE -- PCREInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7228
OTHER-REF
OTHER-REF
SECUNIA
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
unknown
2007-11-15
5.0CVE-2006-7230
OTHER-REF
PEAR -- Structures_DataGrid_DataSource_MDB2The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
unknown
2007-11-13
4.3CVE-2007-5934
OTHER-REF
OTHER-REF
MLIST
BID
SECUNIA
php-tools -- patBBcodePHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
unknown
2007-11-15
6.8CVE-2007-5995
MILW0RM
BID
phpMyAdmin -- phpMyAdminSQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
unknown
2007-11-14
6.5CVE-2007-5976
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Really Simple CalDAV Store -- Really Simple CalDAV StoreUnspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5953
OTHER-REF
FRSIRT
ruby-lang -- RubyThe (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
unknown
2007-11-13
5.0CVE-2007-5770
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
SECUNIA
script-fun -- SF-ShoutboxMultiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
unknown
2007-11-13
4.3CVE-2007-5948
OTHER-REF
BID
SECUNIA
Simple Machines -- Simple Machines ForumSimple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
unknown
2007-11-13
5.0CVE-2007-5943
BUGTRAQ
softbizscripts -- Banner Exchange Network ScriptSQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
6.5CVE-2007-5997
MILW0RM
BID
XF
softbizscripts -- Ad Management plus ScriptSQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
unknown
2007-11-15
6.5CVE-2007-5998
MILW0RM
BID
XF
Thomson -- SpeedTouchCross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
4.3CVE-2007-6003
SECUNIA
XF
TorrentStrike -- TorrentStrikeSQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-14
6.5CVE-2007-5975
BUGTRAQ
BID
SECUNIA
tug -- TeXlive 2007
teTeX -- teTeX
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
unknown
2007-11-13
6.8CVE-2007-5935
OTHER-REF
OTHER-REF
tug -- TeXlive 2007
teTeX -- teTeX
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute execute arbitrary code via a crafted DVI input file.
unknown
2007-11-13
6.8CVE-2007-5937
OTHER-REF
OTHER-REF
tug -- TeXlive 2007feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
unknown
2007-11-13
4.6CVE-2007-5940
OTHER-REF
UPDIR -- UPDIR.NETCross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-11-13
4.3CVE-2007-5955
OTHER-REF
OTHER-REF
SECUNIA
USVN -- USVNUSVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5945
OTHER-REF
OTHER-REF
BID
vtls -- vtls.web.gatewayCross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
unknown
2007-11-15
4.3CVE-2007-5993
BUGTRAQ
WebEx Communications -- WebEx GPCContainer ActiveX ControlUnspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method.
unknown
2007-11-15
4.3CVE-2007-6005
FULLDISC
BID
XF
WinPcap -- WinPcapMultiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
unknown
2007-11-13
6.9CVE-2007-5756
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
X7 Group -- X7 ChatMultiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
unknown
2007-11-14
4.3CVE-2007-5982
OTHER-REF
BID
SECUNIA
yappa-ng -- yappa-ngPHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
unknown
2007-11-15
6.8CVE-2007-5994
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
unknown
2007-11-14
2.1CVE-2007-4701
APPLE
IBM -- Tivoli Service DeskCross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
unknown
2007-11-13
3.5CVE-2007-5949
AIXAPAR
BID
FRSIRT
SECUNIA
XF
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
unknown
2007-11-14
3.5CVE-2007-5977
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
tug -- TeXlive 2007
teTeX -- teTeX
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
unknown
2007-11-13
3.6CVE-2007-5936
OTHER-REF
OTHER-REF

Back to top
=

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
unknown
2007-11-14
7.5CVE-2007-4679
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
unknown
2007-11-14
7.5CVE-2007-4680
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the ID_PSP.apl plug-in or (2) an LHA archive to the AM_LHA.apl plug-in, resulting in a heap-based buffer overflow.
unknown
2007-11-15
9.3CVE-2007-4344
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
AOL -- RadioMultiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
unknown
2007-11-13
10.0CVE-2007-5755
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS XThe kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach thread or thread exception port, which allows local users to execute arbitrary code by writing to the address space of a privileged process.
unknown
2007-11-14
7.2CVE-2007-3749
APPLE
Apple -- Mac OS XStack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ioctl request to an AppleTalk socket.
unknown
2007-11-14
7.2CVE-2007-4267
APPLE
Apple -- Mac OS XAn "arithmetic error" in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message that triggers a buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4268
APPLE
Apple -- Mac OS XInteger overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted ASP message on an AppleTalk socket, which triggers a heap-based buffer overflow.
unknown
2007-11-14
7.2CVE-2007-4269
IDEFENSE
APPLE
Apple -- QuicktimeAppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
unknown
2007-11-14
7.1CVE-2007-4678
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
unknown
2007-11-14
7.2CVE-2007-4685
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or execute arbitrary code via a crafted ioctl request.
unknown
2007-11-14
7.2CVE-2007-4686
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
unknown
2007-11-14
9.3CVE-2007-4687
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
unknown
2007-11-14
10.0CVE-2007-4689
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
unknown
2007-11-14
9.0CVE-2007-4690
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
unknown
2007-11-14
10.0CVE-2007-4691
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
unknown
2007-11-14
7.2CVE-2007-4693
APPLE
Apple -- SafariThe default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
unknown
2007-11-14
7.5CVE-2007-4699
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.
unknown
2007-11-14
7.5CVE-2007-4700
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4702
APPLE
OTHER-REF
Apple -- Mac OS X Server
Apple -- Mac OS X
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root-owned executable from accepting incoming connections, even when "Block incoming connections" has been set for that executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4703
APPLE
OTHER-REF
Apple -- Mac OS XThe Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted again, which might allow attackers to bypass intended access restrictions.
unknown
2007-11-15
10.0CVE-2007-4704
APPLE
OTHER-REF
Autonomy -- KeyView Viewer SDK
Autonomy -- KeyView Export SDK
Autonomy -- KeyView Filter SDK
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
9.3CVE-2007-6008
SECUNIA
BTI-Tracker -- BTI-Trackerblocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.
unknown
2007-11-14
7.5CVE-2007-5988
OTHER-REF
OTHER-REF
SECUNIA
XF
bug software -- bughotel reservation systemUnspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
10.0CVE-2007-6011
BID
datecomm -- Social Networking ScriptSQL injection vulnerability in index.php in datecomm Social Networking Script allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
7.5CVE-2007-5992
BID
E-Vendejo -- 0.2SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-13
7.5CVE-2007-5951
OTHER-REF
SECUNIA
EXO -- ExoPHPDeskSQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
unknown
2007-11-15
7.5CVE-2007-5991
BUGTRAQ
BID
HP -- HP-UXUnspecified vulnerability in the Aries PA-RISC emulator on HP-UX B.11.23 and B.11.31 on the IA-64 platform allows local users to obtain unspecified access.
unknown
2007-11-13
7.2CVE-2007-5946
HP
BID
SECTRACK
IBM -- Informix Dynamic ServerDirectory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows attackers to have an unknown impact via directory traversal sequences in the DBLANG environment variable.
unknown
2007-11-14
7.2CVE-2007-5956
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JPortal -- JPortal Web PortalSQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
unknown
2007-11-14
7.5CVE-2007-5973
MILW0RM
BID
XF
JPortal -- JPortal Web PortalSQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
unknown
2007-11-14
7.5CVE-2007-5974
MILW0RM
BID
XF
Justin Hagstrom -- AutoIndex PHP Scriptclasses/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."
unknown
2007-11-14
7.8CVE-2007-5984
BUGTRAQ
OTHER-REF
BID
Microsoft -- windows-ntThe DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
unknown
2007-11-13
7.8CVE-2007-3898
BUGTRAQ
OTHER-REF
MS
CERT-VN
BID
SECTRACK
SECUNIA
XF
Novell -- Novell clientNWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, XP, and Server 2003 makes the \.\nwfilter device available for arbitrary user-mode input via METHOD_NEITHER IOCTLs, which allows local users to gain privileges by passing a kernel address as an argument and overwriting kernel memory locations.
unknown
2007-11-13
7.2CVE-2007-5667
IDEFENSE
OTHER-REF
FRSIRT
SECUNIA
Pioneers -- PioneersPioneers before 0.11.3 allows remote attackers to cause a denial of service (crash) by causing a "Broken pipe" error, which triggers a delete operation while the Session object is still being used.
unknown
2007-11-13
7.8CVE-2007-5933
OTHER-REF
OTHER-REF
Pioneers -- PioneersUnspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.
unknown
2007-11-15
7.8CVE-2007-6010
OTHER-REF
redhat -- rhel_cluster
redhat -- Conga
The ricci daemon in Conga 0.10.0 allows remote attackers to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
unknown
2007-11-13
7.8CVE-2007-4136
OTHER-REF
REDHAT
SECTRACK
softbizscripts -- Link Directory ScriptSQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
unknown
2007-11-15
7.5CVE-2007-5996
MILW0RM
BID
XF
softbizscripts -- Softbiz Auctions ScriptSQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
7.5CVE-2007-5999
MILW0RM
BID
XF
Sun -- Net Connect SoftwareFormat string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.
unknown
2007-11-13
7.2CVE-2007-3880
IDEFENSE
SUNALERT
BID
FRSIRT
SECUNIA
Testlink -- testlinkTestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
unknown
2007-11-15
10.0CVE-2007-6006
OTHER-REF
SECUNIA
toko -- instanMultiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
unknown
2007-11-15
7.5CVE-2007-6004
MILW0RM
BID
Ubuntu -- Linux kernelThe skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic.
unknown
2007-11-14
7.8CVE-2006-7229
OTHER-REF
XOOPS -- MyLinks ModuleSQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
unknown
2007-11-14
7.5CVE-2007-5978
BUGTRAQ
BID
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
Apple -- Mac OS X Server
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possible execute arbitrary code via a crafted directory hierarchy.
unknown
2007-11-14
4.4CVE-2007-4681
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
unknown
2007-11-14
4.3CVE-2007-4682
APPLE
Apple -- Mac OS X
Apple -- Mac OS X Server
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
unknown
2007-11-14
4.6CVE-2007-4683
APPLE
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted PSP image that triggers a heap-based buffer overflow.
unknown
2007-11-15
6.8CVE-2007-6007
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
ACDsee -- Pro Photo Manager
ACDsee -- Photo Editor
ACDsee -- Photo Manager
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
unknown
2007-11-15
6.8CVE-2007-6009
OTHER-REF
Adobe -- ColdFusion
Adobe -- ColdFusion MX
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
unknown
2007-11-15
6.8CVE-2007-5905
OTHER-REF
OTHER-REF
BID
SECTRACK
Adobe -- ShockwaveStack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
unknown
2007-11-13
5.0CVE-2007-5941
MILW0RM
BID
Apple -- Mac OS XInteger overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via crafted arguments to the i386_set_ldt system call.
unknown
2007-11-14
6.9CVE-2007-4684
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
unknown
2007-11-14
5.0CVE-2007-4688
APPLE
Apple -- SafariThe tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab.
unknown
2007-11-14
4.3CVE-2007-4692
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.
unknown
2007-11-14
4.3CVE-2007-4694
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.
unknown
2007-11-14
4.3CVE-2007-4695
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.
unknown
2007-11-14
4.3CVE-2007-4696
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
unknown
2007-11-14
6.8CVE-2007-4697
APPLE
Apple -- SafariApple Safari 3 before Beta Update 3.0.4 on Windows allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.
unknown
2007-11-14
4.3CVE-2007-4698
APPLE
Bandersnatch -- BandersnatchBandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with (1) a certain func parameter value; or (2) certain func, jid, page, and limit parameter values; which reveals the path in various error messages.
unknown
2007-11-13
5.0CVE-2007-5942
OTHER-REF
XF
Bandersnatch -- BandersnatchMultiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
unknown
2007-11-15
4.3CVE-2007-6001
OTHER-REF
XF
BTI-Tracker -- BTI-TrackerMultiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
unknown
2007-11-14
4.3CVE-2007-5985
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
XF
BTI-Tracker -- BTI-TrackerSQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-11-14
5.0CVE-2007-5986
OTHER-REF
OTHER-REF
SECUNIA
XF
BTI-Tracker -- BTI-Trackerdetails.php in BtiTracker before 1.4.5, when torrent viewing is disabled for guests, allows remote attackers to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
unknown
2007-11-14
6.8CVE-2007-5987
OTHER-REF
OTHER-REF
SECUNIA
XF
eggblog -- eggblogCross-site scripting (XSS) vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5980
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
EXO -- ExoPHPDeskCross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile.
unknown
2007-11-15
4.3CVE-2007-5990
BUGTRAQ
BID
F5 -- Firepass 4100Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
unknown
2007-11-14
4.3CVE-2007-5979
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Fenrir -- Grani
Fenrir -- Sleipnir
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
unknown
2007-11-15
4.3CVE-2007-6002
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
getmiro -- Broadcast MachineCross-site scripting (XSS) vulnerability in login.php in Miro Project Broadcast Machine 0.9.9.9 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
unknown
2007-11-14
4.3CVE-2007-3694
BUGTRAQ
BID
XF
helioscalendar -- Helios CalendarCross-site scripting (XSS) vulnerability in admin/index.php in Helios Calendar 1.2.1 Beta allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5952
BID
SECUNIA
IBM -- WebSphere Application ServerCross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.
unknown
2007-11-13
4.3CVE-2007-5944
OTHER-REF
AIXAPAR
FRSIRT
IBM -- Informix Dynamic ServerUnspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
unknown
2007-11-14
4.9CVE-2007-5957
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
XF
JLMForo System -- JLMForo SystemCross-site scripting (XSS) vulnerability in buscador.php in JLMForo System allows remote attackers to inject arbitrary web script or HTML via the clave parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-13
4.3CVE-2007-5954
BID
Justin Hagstrom -- AutoIndex PHP ScriptCross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).
unknown
2007-11-14
4.3CVE-2007-5983
BUGTRAQ
OTHER-REF
SECUNIA
KDE -- KonquerorKDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
unknown
2007-11-15
5.0CVE-2007-6000
BUGTRAQ
BID
XF
Lantronix -- SCS3200Lantronix SCS3200 does not properly handle public-key requests, which allows remote attackers to cause a denial of service (unresponsive device) via unspecified keyscan requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-14
5.0CVE-2007-5981
BID
SECUNIA
XF
Linux -- KernelThe tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.24-rc2 and earlier allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
unknown
2007-11-15
5.0CVE-2007-5501
OTHER-REF
Mozilla -- FirefoxThe jar protocol handler in Mozilla Firefox retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.
unknown
2007-11-13
4.3CVE-2007-5947
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
NetCommons -- NetCommonsCross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
unknown
2007-11-13
4.3CVE-2007-5950
OTHER-REF
OTHER-REF
SECUNIA
nss_ldap -- nss_ldapRace condition in nss_ldap, when used in applications that use pthread and fork after a call to nss_ldap, does not properly handle the LDAP connection, which might cause nss_ldap to return the wrong user data to the wrong process. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
unknown
2007-11-13
5.0CVE-2007-5794
OTHER-REF
OTHER-REF
MLIST
MLIST
OrangeHRM -- OrangeHRMThe reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-10
5.0CVE-2007-5931
OTHER-REF
BID
FRSIRT
XF
PCRE -- PCREInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7227
OTHER-REF
OTHER-REF
REDHAT
SECUNIA
PCRE -- PCREInteger overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.
unknown
2007-11-14
6.8CVE-2006-7228
OTHER-REF
OTHER-REF
SECUNIA
PCRE -- PCREPerl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.
unknown
2007-11-15
5.0CVE-2006-7230
OTHER-REF
PEAR -- Structures_DataGrid_DataSource_MDB2The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.
unknown
2007-11-13
4.3CVE-2007-5934
OTHER-REF
OTHER-REF
MLIST
BID
SECUNIA
php-tools -- patBBcodePHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter.
unknown
2007-11-15
6.8CVE-2007-5995
MILW0RM
BID
phpMyAdmin -- phpMyAdminSQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
unknown
2007-11-14
6.5CVE-2007-5976
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Really Simple CalDAV Store -- Really Simple CalDAV StoreUnspecified vulnerability in Really Simple CalDAV Store (RSCDS) before 0.9.0 allows attackers to obtain sensitive information via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5953
OTHER-REF
FRSIRT
ruby-lang -- RubyThe (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.
unknown
2007-11-13
5.0CVE-2007-5770
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
SECUNIA
script-fun -- SF-ShoutboxMultiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
unknown
2007-11-13
4.3CVE-2007-5948
OTHER-REF
BID
SECUNIA
Simple Machines -- Simple Machines ForumSimple Machines Forum (SMF) 1.1.4 allows remote attackers to read a message in private forums by using the advanced search module with the "show results as messages" option, then searching for possible keywords contained in that message.
unknown
2007-11-13
5.0CVE-2007-5943
BUGTRAQ
softbizscripts -- Banner Exchange Network ScriptSQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-15
6.5CVE-2007-5997
MILW0RM
BID
XF
softbizscripts -- Ad Management plus ScriptSQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
unknown
2007-11-15
6.5CVE-2007-5998
MILW0RM
BID
XF
Thomson -- SpeedTouchCross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-15
4.3CVE-2007-6003
SECUNIA
XF
TorrentStrike -- TorrentStrikeSQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-14
6.5CVE-2007-5975
BUGTRAQ
BID
SECUNIA
tug -- TeXlive 2007
teTeX -- teTeX
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
unknown
2007-11-13
6.8CVE-2007-5935
OTHER-REF
OTHER-REF
tug -- TeXlive 2007
teTeX -- teTeX
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute execute arbitrary code via a crafted DVI input file.
unknown
2007-11-13
6.8CVE-2007-5937
OTHER-REF
OTHER-REF
tug -- TeXlive 2007feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.
unknown
2007-11-13
4.6CVE-2007-5940
OTHER-REF
UPDIR -- UPDIR.NETCross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-11-13
4.3CVE-2007-5955
OTHER-REF
OTHER-REF
SECUNIA
USVN -- USVNUSVN before 0.6.5 allows remote attackers to obtain a list of repository contents via unspecified vectors.
unknown
2007-11-13
5.0CVE-2007-5945
OTHER-REF
OTHER-REF
BID
vtls -- vtls.web.gatewayCross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter.
unknown
2007-11-15
4.3CVE-2007-5993
BUGTRAQ
WebEx Communications -- WebEx GPCContainer ActiveX ControlUnspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX control in WebEx allows remote attackers to cause a denial of service (memory access violation and crash) via (1) an invalid argument to the InitParam method or (2) an unspecified vector involving the SetParam method.
unknown
2007-11-15
4.3CVE-2007-6005
FULLDISC
BID
XF
WinPcap -- WinPcapMultiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
unknown
2007-11-13
6.9CVE-2007-5756
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
X7 Group -- X7 ChatMultiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php.
unknown
2007-11-14
4.3CVE-2007-5982
OTHER-REF
BID
SECUNIA
yappa-ng -- yappa-ngPHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
unknown
2007-11-15
6.8CVE-2007-5994
OTHER-REF
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.
unknown
2007-11-14
2.1CVE-2007-4701
APPLE
IBM -- Tivoli Service DeskCross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
unknown
2007-11-13
3.5CVE-2007-5949
AIXAPAR
BID
FRSIRT
SECUNIA
XF
phpMyAdmin -- phpMyAdminCross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.
unknown
2007-11-14
3.5CVE-2007-5977
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
tug -- TeXlive 2007
teTeX -- teTeX
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
unknown
2007-11-13
3.6CVE-2007-5936
OTHER-REF
OTHER-REF

Back to top
=

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top