U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-330)

Vulnerability Summary for the Week of November 19, 2007

Original release date: November 26, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AdventNet -- eventlog_analyzerAdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.
unknown
2007-11-21
7.5CVE-2007-6081
OTHER-REF
BID
AhnLab -- v3_internet_securityAhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
unknown
2007-11-20
9.3CVE-2007-6060
BUGTRAQ
OTHER-REF
BID
Alcatel-Lucent -- OmniPCXThe Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.
unknown
2007-11-20
8.5CVE-2007-5361
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Aleris -- Web Publishing ServerSQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
unknown
2007-11-19
7.5CVE-2007-6032
OTHER-REF
OSVDB
SECUNIA
bcoos -- bcoosDirectory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
unknown
2007-11-21
7.5CVE-2007-6079
MILW0RM
BID
bcoos -- bcoosSQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
unknown
2007-11-21
7.5CVE-2007-6080
MILW0RM
BID
Cacti -- CactiSQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-11-20
7.5CVE-2007-6035
OTHER-REF
SECUNIA
Clam Anti-Virus -- ClamAVUnspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
7.5CVE-2007-6029
OTHER-REF
OTHER-REF
BID
Hotscripts -- clone_scriptSQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-21
7.5CVE-2007-6084
MILW0RM
IBM -- DirectorCIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
unknown
2007-11-21
7.8CVE-2007-5612
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
IBM -- WebSphere MQMultiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-11-20
10.0CVE-2007-6044
BUGTRAQ
OTHER-REF
BID
IBM -- DB2 Universal DatabaseUnspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
unknown
2007-11-20
10.0CVE-2007-6045
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
unknown
2007-11-20
7.2CVE-2007-6046
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
unknown
2007-11-20
10.0CVE-2007-6047
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
10.0CVE-2007-6048
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
unknown
2007-11-20
7.2CVE-2007-6049
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
unknown
2007-11-20
7.2CVE-2007-6050
OTHER-REF
AIXAPAR
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
10.0CVE-2007-6051
OTHER-REF
AIXAPAR
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
7.8CVE-2007-6052
OTHER-REF
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
9.3CVE-2007-6053
OTHER-REF
AIXAPAR
BID
FRSIRT
IceBB -- IceBBSQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
unknown
2007-11-21
7.5CVE-2007-6083
MILW0RM
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-11-21
10.0CVE-2007-6092
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
unknown
2007-11-21
7.1CVE-2007-6093
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."
unknown
2007-11-21
10.0CVE-2007-6097
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
unknown
2007-11-21
7.5CVE-2007-6098
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
unknown
2007-11-21
10.0CVE-2007-6099
OTHER-REF
JiRO -- Banner SystemMultiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
unknown
2007-11-21
7.5CVE-2007-6091
BUGTRAQ
BID
live555 -- Media ServerThe parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
unknown
2007-11-20
7.1CVE-2007-6036
OTHER-REF
OTHER-REF
SECUNIA
mebiblio -- mebiblioPHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
unknown
2007-11-21
9.3CVE-2007-6089
MILW0RM
BID
Microsoft -- windows
Microsoft -- Office
Microsoft -- Jet
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file.
unknown
2007-11-19
9.3CVE-2007-6026
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Microsoft -- windowsThe CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
unknown
2007-11-20
7.1CVE-2007-6043
OTHER-REF
OTHER-REF
BID
ngIRCd -- ngIRCdngIRCd before 0.10.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted IRC JOIN command.
unknown
2007-11-20
7.8CVE-2007-6034
OTHER-REF
SECUNIA
PHP -- PHPThe (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
unknown
2007-11-20
10.0CVE-2007-5898
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
phpbbviet -- phpbbvietPHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-11-21
9.3CVE-2007-6088
MILW0RM
BID
profilecms -- ProfileCMSMultiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.
unknown
2007-11-20
7.5CVE-2007-6058
MILW0RM
rigs_of_rogs -- rigs_of_rogsBuffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a nickname followed by a vehicle name in a MSG2_USE_VEHICLE message, whose combined length triggers the overflow.
unknown
2007-11-20
7.5CVE-2007-6041
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
sciurus -- sciurus_hosting_panelDirect static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
unknown
2007-11-21
9.3CVE-2007-6082
BUGTRAQ
MILW0RM
BID
skyportal -- SkyPortalMultiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action.
unknown
2007-11-21
7.5CVE-2007-6078
MILW0RM
BID
Van Dyke Technologies -- VshellUnspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
7.8CVE-2007-6031
OTHER-REF
vigilecms -- vigilecmsDirectory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
unknown
2007-11-21
9.3CVE-2007-6086
MILW0RM
Weird Solutions -- BOOTPTurboUnspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
10.0CVE-2007-6030
OTHER-REF
Wonderware -- InTouchInvensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everybody/Full Control), which allows remote authenticated attackers, possibly anonymous users, to execute arbitrary programs.
unknown
2007-11-19
9.0CVE-2007-6033
OTHER-REF
OTHER-REF
CERT-VN
BID
wpa_supplicant -- wpa_supplicantStack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
unknown
2007-11-19
7.1CVE-2007-6025
OTHER-REF
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
aida-orga -- aida-webframe.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via certain values to the (1) Mehr and (2) SUPER parameters.
unknown
2007-11-20
5.0CVE-2007-6056
BUGTRAQ
BID
aruba_networks -- mc-800Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
unknown
2007-11-20
4.3CVE-2007-6054
BUGTRAQ
OTHER-REF
CERT-VN
BID
audacity -- audacityAudacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
unknown
2007-11-20
5.0CVE-2007-6061
OTHER-REF
Belkin -- F5D7230-4The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.
unknown
2007-11-20
5.0CVE-2007-6040
BUGTRAQ
BID
Citrix -- NetScalerCross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
unknown
2007-11-20
4.3CVE-2007-6037
BUGTRAQ
BID
ComponentOne -- FlexGridMultiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values.
unknown
2007-11-19
6.8CVE-2007-6028
FULLDISC
BID
datecomm -- Social Networking ScriptPHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
unknown
2007-11-20
6.8CVE-2007-6057
MILW0RM
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
unknown
2007-11-21
4.3CVE-2007-6094
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
unknown
2007-11-21
4.0CVE-2007-6095
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
unknown
2007-11-21
5.0CVE-2007-6096
OTHER-REF
SECUNIA
joomlaequipment -- juserPHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-11-20
6.8CVE-2007-6038
MILW0RM
justjoomla -- Carousel Flash Image GalleryPHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-11-19
6.8CVE-2007-6027
MILW0RM
Liferay -- portalCross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.
unknown
2007-11-20
4.3CVE-2007-6055
BUGTRAQ
OTHER-REF
Linux -- KernelThe wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-11-19
4.9CVE-2007-5500
OTHER-REF
OTHER-REF
BID
Linux -- KernelBuffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
unknown
2007-11-20
6.9CVE-2007-6063
OTHER-REF
ngIRCd -- ngIRCdirc-channel.c in ngIRCd 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.
unknown
2007-11-20
5.0CVE-2007-6062
OTHER-REF
MLIST
OTHER-REF
Nuked-Klan -- Nuked-KlanCross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-21
4.3CVE-2007-6090
OTHER-REF
BID
PHP -- PHPThe output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
unknown
2007-11-20
4.3CVE-2007-5899
OTHER-REF
OTHER-REF
OTHER-REF
PHP -- PHPPHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
unknown
2007-11-20
6.9CVE-2007-5900
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Ruby on Rails -- Ruby on RailsThe session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes :cookie_only to only be applied to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
unknown
2007-11-21
6.8CVE-2007-6077
OTHER-REF
OTHER-REF
Sun -- JavaMailJavamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException.
unknown
2007-11-20
5.0CVE-2007-6059
BUGTRAQ
SWSoft -- Confixx ProfessionalPHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-20
6.8CVE-2007-6042
BID
vigilecms -- vigilecmsMultiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module.
unknown
2007-11-21
4.3CVE-2007-6085
MILW0RM
vigilecms -- vigilecmsCross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
unknown
2007-11-21
6.8CVE-2007-6087
MILW0RM
WordPress -- WordPressWordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
unknown
2007-11-19
6.8CVE-2007-6013
BUGTRAQ
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
PHP -- PHPPHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
unknown
2007-11-20
2.1CVE-2007-6039
BUGTRAQ
BUGTRAQ
XF
XF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AdventNet -- eventlog_analyzerAdventNet EventLog Analyzer build 4030 for Windows, and possibly other versions and platforms, installs a mysql instance with a default "root" account without a password, which allows remote attackers to gain privileges and modify logs.
unknown
2007-11-21
7.5CVE-2007-6081
OTHER-REF
BID
AhnLab -- v3_internet_securityAhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
unknown
2007-11-20
9.3CVE-2007-6060
BUGTRAQ
OTHER-REF
BID
Alcatel-Lucent -- OmniPCXThe Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and earlier caches an IP address during a TFTP request from an IP Touch phone, and uses this IP address as the destination for all subsequent VoIP packets to this phone, which allows remote attackers to cause a denial of service (loss of audio) or intercept voice communications via a crafted TFTP request containing the phone's MAC address in the filename.
unknown
2007-11-20
8.5CVE-2007-5361
BUGTRAQ
OTHER-REF
OTHER-REF
BID
Aleris -- Web Publishing ServerSQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
unknown
2007-11-19
7.5CVE-2007-6032
OTHER-REF
OSVDB
SECUNIA
bcoos -- bcoosDirectory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
unknown
2007-11-21
7.5CVE-2007-6079
MILW0RM
BID
bcoos -- bcoosSQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
unknown
2007-11-21
7.5CVE-2007-6080
MILW0RM
BID
Cacti -- CactiSQL injection vulnerability in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2007-11-20
7.5CVE-2007-6035
OTHER-REF
SECUNIA
Clam Anti-Virus -- ClamAVUnspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
7.5CVE-2007-6029
OTHER-REF
OTHER-REF
BID
Hotscripts -- clone_scriptSQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-11-21
7.5CVE-2007-6084
MILW0RM
IBM -- DirectorCIM Server in IBM Director 5.20.1 and earlier allows remote attackers to cause a denial of service (CPU consumption, connection slot exhaustion, and daemon crash) via a large number of idle connections.
unknown
2007-11-21
7.8CVE-2007-5612
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
IBM -- WebSphere MQMultiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
unknown
2007-11-20
10.0CVE-2007-6044
BUGTRAQ
OTHER-REF
BID
IBM -- DB2 Universal DatabaseUnspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
unknown
2007-11-20
10.0CVE-2007-6045
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
unknown
2007-11-20
7.2CVE-2007-6046
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
unknown
2007-11-20
10.0CVE-2007-6047
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
10.0CVE-2007-6048
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
unknown
2007-11-20
7.2CVE-2007-6049
OTHER-REF
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- DB2 Universal DatabaseUnspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
unknown
2007-11-20
7.2CVE-2007-6050
OTHER-REF
AIXAPAR
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
10.0CVE-2007-6051
OTHER-REF
AIXAPAR
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
7.8CVE-2007-6052
OTHER-REF
BID
FRSIRT
IBM -- DB2 Universal DatabaseIBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
unknown
2007-11-20
9.3CVE-2007-6053
OTHER-REF
AIXAPAR
BID
FRSIRT
IceBB -- IceBBSQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
unknown
2007-11-21
7.5CVE-2007-6083
MILW0RM
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
unknown
2007-11-21
10.0CVE-2007-6092
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (kernel crash) via an RTCP index that is "much more than expected."
unknown
2007-11-21
7.1CVE-2007-6093
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Unspecified vulnerability in the ICMP implementation in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and remote attack vectors, related to ICMP packets that are "incorrectly accepted."
unknown
2007-11-21
10.0CVE-2007-6097
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log truncated (1) ICMP, (2) UDP, and (3) TCP packets, which has unknown impact and remote attack vectors; and do not log (4) serial-console login attempts with nonexistent usernames, which might make it easier for attackers with physical access to guess valid login credentials while avoiding detection.
unknown
2007-11-21
7.5CVE-2007-6098
OTHER-REF
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 might leave "media pinholes" open upon a restart of the SIP module, which might make it easier for remote attackers to conduct unauthorized activities.
unknown
2007-11-21
10.0CVE-2007-6099
OTHER-REF
JiRO -- Banner SystemMultiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
unknown
2007-11-21
7.5CVE-2007-6091
BUGTRAQ
BID
live555 -- Media ServerThe parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
unknown
2007-11-20
7.1CVE-2007-6036
OTHER-REF
OTHER-REF
SECUNIA
mebiblio -- mebiblioPHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
unknown
2007-11-21
9.3CVE-2007-6089
MILW0RM
BID
Microsoft -- windows
Microsoft -- Office
Microsoft -- Jet
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file.
unknown
2007-11-19
9.3CVE-2007-6026
BUGTRAQ
FULLDISC
OTHER-REF
BID
XF
Microsoft -- windowsThe CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
unknown
2007-11-20
7.1CVE-2007-6043
OTHER-REF
OTHER-REF
BID
ngIRCd -- ngIRCdngIRCd before 0.10.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted IRC JOIN command.
unknown
2007-11-20
7.8CVE-2007-6034
OTHER-REF
SECUNIA
PHP -- PHPThe (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
unknown
2007-11-20
10.0CVE-2007-5898
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
phpbbviet -- phpbbvietPHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2007-11-21
9.3CVE-2007-6088
MILW0RM
BID
profilecms -- ProfileCMSMultiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.
unknown
2007-11-20
7.5CVE-2007-6058
MILW0RM
rigs_of_rogs -- rigs_of_rogsBuffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a nickname followed by a vehicle name in a MSG2_USE_VEHICLE message, whose combined length triggers the overflow.
unknown
2007-11-20
7.5CVE-2007-6041
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
sciurus -- sciurus_hosting_panelDirect static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
unknown
2007-11-21
9.3CVE-2007-6082
BUGTRAQ
MILW0RM
BID
skyportal -- SkyPortalMultiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action.
unknown
2007-11-21
7.5CVE-2007-6078
MILW0RM
BID
Van Dyke Technologies -- VshellUnspecified vulnerability in VanDyke VShell 3.0.1 allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
7.8CVE-2007-6031
OTHER-REF
vigilecms -- vigilecmsDirectory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
unknown
2007-11-21
9.3CVE-2007-6086
MILW0RM
Weird Solutions -- BOOTPTurboUnspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
unknown
2007-11-19
10.0CVE-2007-6030
OTHER-REF
Wonderware -- InTouchInvensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everybody/Full Control), which allows remote authenticated attackers, possibly anonymous users, to execute arbitrary programs.
unknown
2007-11-19
9.0CVE-2007-6033
OTHER-REF
OTHER-REF
CERT-VN
BID
wpa_supplicant -- wpa_supplicantStack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
unknown
2007-11-19
7.1CVE-2007-6025
OTHER-REF
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
aida-orga -- aida-webframe.html in Aida-Web (Aida Web) allows remote attackers to bypass a protection mechanism and obtain comment and task details via certain values to the (1) Mehr and (2) SUPER parameters.
unknown
2007-11-20
5.0CVE-2007-6056
BUGTRAQ
BID
aruba_networks -- mc-800Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable.
unknown
2007-11-20
4.3CVE-2007-6054
BUGTRAQ
OTHER-REF
CERT-VN
BID
audacity -- audacityAudacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.
unknown
2007-11-20
5.0CVE-2007-6061
OTHER-REF
Belkin -- F5D7230-4The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116.
unknown
2007-11-20
5.0CVE-2007-6040
BUGTRAQ
BID
Citrix -- NetScalerCross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
unknown
2007-11-20
4.3CVE-2007-6037
BUGTRAQ
BID
ComponentOne -- FlexGridMultiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne FlexGrid 7.1 Light allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long string in the (1) Text, (2) EditSelText, (3) EditText, and (4) CellFontName property values.
unknown
2007-11-19
6.8CVE-2007-6028
FULLDISC
BID
datecomm -- Social Networking ScriptPHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.
unknown
2007-11-20
6.8CVE-2007-6057
MILW0RM
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).
unknown
2007-11-21
4.3CVE-2007-6094
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
The SIP component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0, when Remote NAT Traversal is employed, does not properly perform user registration and message distribution, which might allow remote authenticated users to receive messages intended for other users.
unknown
2007-11-21
4.0CVE-2007-6095
OTHER-REF
SECUNIA
Ingate -- Ingate Firewall
Ingate -- Ingate SIParator
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors.
unknown
2007-11-21
5.0CVE-2007-6096
OTHER-REF
SECUNIA
joomlaequipment -- juserPHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-11-20
6.8CVE-2007-6038
MILW0RM
justjoomla -- Carousel Flash Image GalleryPHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2007-11-19
6.8CVE-2007-6027
MILW0RM
Liferay -- portalCross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.
unknown
2007-11-20
4.3CVE-2007-6055
BUGTRAQ
OTHER-REF
Linux -- KernelThe wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. NOTE: some of these details are obtained from third party information.
unknown
2007-11-19
4.9CVE-2007-5500
OTHER-REF
OTHER-REF
BID
Linux -- KernelBuffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
unknown
2007-11-20
6.9CVE-2007-6063
OTHER-REF
ngIRCd -- ngIRCdirc-channel.c in ngIRCd 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.
unknown
2007-11-20
5.0CVE-2007-6062
OTHER-REF
MLIST
OTHER-REF
Nuked-Klan -- Nuked-KlanCross-site scripting (XSS) vulnerability in index.php in Nuked-Klan 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-21
4.3CVE-2007-6090
OTHER-REF
BID
PHP -- PHPThe output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
unknown
2007-11-20
4.3CVE-2007-5899
OTHER-REF
OTHER-REF
OTHER-REF
PHP -- PHPPHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
unknown
2007-11-20
6.9CVE-2007-5900
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Ruby on Rails -- Ruby on RailsThe session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes :cookie_only to only be applied to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.
unknown
2007-11-21
6.8CVE-2007-6077
OTHER-REF
OTHER-REF
Sun -- JavaMailJavamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException.
unknown
2007-11-20
5.0CVE-2007-6059
BUGTRAQ
SWSoft -- Confixx ProfessionalPHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-20
6.8CVE-2007-6042
BID
vigilecms -- vigilecmsMultiple cross-site scripting (XSS) vulnerabilities in index.php in VigileCMS 1.4 allow remote attackers to inject arbitrary web script or HTML via the message field in the (1) vedipm or (2) live_chat module.
unknown
2007-11-21
4.3CVE-2007-6085
MILW0RM
vigilecms -- vigilecmsCross-site request forgery (CSRF) vulnerability in index.php in VigileCMS 1.4 allows remote attackers to change the admin password via certain parameters to the changepass module.
unknown
2007-11-21
6.8CVE-2007-6087
MILW0RM
WordPress -- WordPressWordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.
unknown
2007-11-19
6.8CVE-2007-6013
BUGTRAQ
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
PHP -- PHPPHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
unknown
2007-11-20
2.1CVE-2007-6039
BUGTRAQ
BUGTRAQ
XF
XF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top