U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-337)

Vulnerability Summary for the Week of November 26, 2007

Original release date: December 03, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amensa-Soft -- K+B-Bestellsystemkb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
unknown
2007-11-29
10.0CVE-2007-6176
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
Apple -- Mac OS XMail in Apple Mac OS X Leopard allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
unknown
2007-11-28
9.3CVE-2007-6165
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows remote attackers to execute arbitrary code via a long Real Time Streaming Protocol (RTSP) Content-Type header.
unknown
2007-11-28
9.3CVE-2007-6166
MILW0RM
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
BitDefender -- Online Anti-Virus ScannerA certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
unknown
2007-11-29
9.3CVE-2007-6189
BUGTRAQ
MILW0RM
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Digium -- AsteriskSQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
unknown
2007-11-29
7.5CVE-2007-6171
OTHER-REF
Dora Emlak -- Dora EmlakMultiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
unknown
2007-11-27
7.5CVE-2007-6140
OTHER-REF
BID
SECUNIA
Easy Hosting Control Panel -- Easy Hosting Control PanelMultiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
unknown
2007-11-29
7.5CVE-2007-6178
MILW0RM
Ethereal Group -- Ethereal
Wireshark -- Wireshark
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
unknown
2007-11-23
7.8CVE-2007-6118
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Ethereal Group -- Ethereal
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
unknown
2007-11-23
7.8CVE-2007-6121
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Eurologon -- Eurologon CMSMultiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
unknown
2007-11-28
7.5CVE-2007-6164
BUGTRAQ
MILW0RM
BID
Eurologon -- Eurologon CMSDirectory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
unknown
2007-11-29
7.5CVE-2007-6185
BUGTRAQ
MILW0RM
Flor de Utopia -- WorkingOnWebSQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
unknown
2007-11-26
7.5CVE-2007-6128
MILW0RM
BID
GOUAE -- DWD RealtySQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-28
7.5CVE-2007-6163
BUGTRAQ
OTHER-REF
BID
SECUNIA
GOUAE -- DWD RealtySQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-28
7.5CVE-2007-6169
SECUNIA
Growth -- ISPManagerThe responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
unknown
2007-11-29
7.2CVE-2007-6182
OTHER-REF
OTHER-REF
SECUNIA
IRC Services -- IRC ServicesUnspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
unknown
2007-11-26
10.0CVE-2007-6123
MLIST
OTHER-REF
BID
SECUNIA
Kinson Chan Charray -- CMSMultiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
unknown
2007-11-29
7.5CVE-2007-6179
MILW0RM
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
unknown
2007-11-26
10.0CVE-2007-5959
OTHER-REF
p3mbo -- Content InjectorSQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
7.5CVE-2007-6137
MILW0RM
BID
FRSIRT
SECUNIA
PHP-Con -- PHP-ConPHP remote file inclusion vulnerability in Exchange/include.php in PHP-CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
unknown
2007-11-29
7.5CVE-2007-6177
MILW0RM
BID
PHPDevShell -- PHPDevShellPHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
unknown
2007-11-29
8.5CVE-2007-6174
OTHER-REF
SECUNIA
PHPDevShell -- PHPDevShellUnspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."
unknown
2007-11-29
10.0CVE-2007-6186
OTHER-REF
PHPKIT -- PHPKITSQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
unknown
2007-11-27
7.5CVE-2007-6134
MILW0RM
BID
FRSIRT
SECUNIA
Project Alumni -- Project AlumniMultiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
unknown
2007-11-26
7.5CVE-2007-6127
MILW0RM
BID
Project Alumni -- Project AlumniDirectory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
unknown
2007-11-29
7.5CVE-2007-6184
MILW0RM
OTHER-REF
Proverbs -- Proverbs Web CalendarMultiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
unknown
2007-11-28
7.5CVE-2007-6158
BUGTRAQ
BID
XF
Red Hat -- CairoMultiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image, which is not properly handled by the read_png function.
unknown
2007-11-29
7.5CVE-2007-5503
OTHER-REF
OTHER-REF
OTHER-REF
REDHAT
SoftBiz -- Freelancers ScriptSQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
unknown
2007-11-26
7.5CVE-2007-6125
MILW0RM
BID
Sun -- SolarisRace condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
unknown
2007-11-29
7.6CVE-2007-6180
SUNALERT
SuSE -- SuSE Linuxyast2-core includes the current working directory in its search path, which allows local users to gain privileges via malicious yast2 modules.
unknown
2007-11-28
7.2CVE-2007-6167
SUSE
Tilde -- Tilde CMSSQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
unknown
2007-11-28
7.5CVE-2007-6159
BUGTRAQ
BID
TuMusika Evolution -- TuMusika EvolutionMultiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
unknown
2007-11-29
7.5CVE-2007-6188
MILW0RM
VU -- Mass MailerSQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
7.5CVE-2007-6138
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
VU -- Case ManagerSQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
unknown
2007-11-27
7.5CVE-2007-6143
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
VU -- Case ManagerSQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-28
7.5CVE-2007-6168
FRSIRT
SECUNIA
Wesnoth -- WesnothDirectory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
unknown
2007-12-01
9.0CVE-2007-5742
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Wire Plastic Design -- WpQuizMultiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
unknown
2007-11-29
10.0CVE-2007-6172
MILW0RM
BID
SECUNIA
Wireshark -- WiresharkThe DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
unknown
2007-11-23
7.8CVE-2007-6119
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amber Script -- Amber ScriptDirectory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged for remote file inclusion in PHP 5 using a UNC share pathname, ftp, ftps, or ssh2.sftp URL.
unknown
2007-11-26
5.8CVE-2007-6129
BUGTRAQ
MILW0RM
BID
SECUNIA
Apple -- QuicktimeAn "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
unknown
2007-11-27
6.8CVE-2007-4674
OTHER-REF
OTHER-REF
BASE -- Basic Analysis and Security EngineMultiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.
unknown
2007-11-28
4.3CVE-2007-6156
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
Citrix -- NetScalerThe web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
unknown
2007-11-29
4.0CVE-2007-6192
BUGTRAQ
SECTRACK
XF
Citrix -- NetScalerThe web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
unknown
2007-11-29
5.0CVE-2007-6193
BUGTRAQ
DevMass -- DevMass CartPHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
unknown
2007-11-27
5.8CVE-2007-6133
MILW0RM
BID
FRSIRT
SECUNIA
Digium -- AsteriskSQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
unknown
2007-11-29
6.5CVE-2007-6170
OTHER-REF
Ethereal Group -- Ethereal
Wireshark -- Wireshark
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-11-23
4.3CVE-2007-6120
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
GNU -- GNUMP3Dgnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
unknown
2007-11-26
5.0CVE-2007-6130
OTHER-REF
OTHER-REF
Hitachi -- JP1 File Transmission ServerUnspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
unknown
2007-11-27
5.0CVE-2007-6145
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- JP1 File Transmission ServerHitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
unknown
2007-11-27
5.0CVE-2007-6146
OTHER-REF
BID
FRSIRT
SECUNIA
iaprcommence -- IAPR COMMENCEMultiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.
unknown
2007-11-27
6.8CVE-2007-6147
MILW0RM
BID
SECUNIA
IHU -- I Hear UI Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.
unknown
2007-11-23
5.0CVE-2007-6103
OTHER-REF
OTHER-REF
SECUNIA
IRC Services -- IRC ServicesThe default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information.
unknown
2007-11-26
5.0CVE-2007-6122
MLIST
MLIST
OTHER-REF
BID
SECUNIA
Lhaplus -- LhaplusBuffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
unknown
2007-11-29
6.6CVE-2007-6175
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.
unknown
2007-11-29
4.3CVE-2007-6173
BUGTRAQ
BID
FRSIRT
SECUNIA
M2Scripts -- MySpace Scripts Poll CreatorMultiplce cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
4.3CVE-2007-6136
BUGTRAQ
BID
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
unknown
2007-11-26
4.3CVE-2007-5960
OTHER-REF
Mp3 -- ToolboxPHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
unknown
2007-11-27
6.8CVE-2007-6139
BUGTRAQ
MILW0RM
FRSIRT
NoAh -- NoAhMultiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.
unknown
2007-11-29
5.0CVE-2007-6187
MILW0RM
OpenSSL Project -- FIPS Object ModuleThe PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
unknown
2007-12-01
6.4CVE-2007-5502
OTHER-REF
BID
FRSIRT
SECUNIA
PHPSlideShow -- PHPSlideShowCross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
unknown
2007-11-27
4.3CVE-2007-6135
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
pmapper -- p.mapperMultiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
unknown
2007-11-29
6.8CVE-2007-6191
OTHER-REF
BID
Project Alumni -- Project AlumniMultiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
unknown
2007-11-26
4.3CVE-2007-6126
MILW0RM
BID
Red Hat -- Cygwin_dllHeap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
unknown
2007-11-29
6.0CVE-2007-6181
BUGTRAQ
MLIST
MLIST
MLIST
redhat -- enterprise_linuxMemory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
unknown
2007-11-29
4.9CVE-2007-5494
OTHER-REF
REDHAT
Ruby_Gnome2 -- Ruby_Gnome2Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
unknown
2007-11-29
6.8CVE-2007-6183
BUGTRAQ
OTHER-REF
Salims Softhouse -- JAF CMSMultiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-27
4.3CVE-2007-6142
BID
SECUNIA
SimpleGallery -- SimpleGalleryCross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
unknown
2007-11-28
4.3CVE-2007-6157
BUGTRAQ
BID
SoftBiz -- Freelancers ScriptCross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
unknown
2007-11-26
4.3CVE-2007-6124
MILW0RM
BID
Symantec -- BackupExec System RecoveryThe Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
unknown
2007-11-29
5.0CVE-2007-4346
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Symantec -- BackupExec System RecoveryMultiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
unknown
2007-11-29
5.0CVE-2007-4347
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Tilde -- Tilde CMSCross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
unknown
2007-11-28
4.3CVE-2007-6160
BUGTRAQ
BID
Tilde -- Tilde CMSindex.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.
unknown
2007-11-28
5.0CVE-2007-6161
BUGTRAQ
VBTube -- VBTubeCross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
unknown
2007-11-27
4.3CVE-2007-6141
BUGTRAQ
BID
WSDeluxe -- FMDeluxeCross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
unknown
2007-11-28
4.3CVE-2007-6162
BUGTRAQ
BID
SECUNIA
Xunlei -- Web ThunderHeap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
6.0CVE-2007-6144
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Cisco -- Unified IP PhoneThe HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
unknown
2007-11-29
3.5CVE-2007-6190
OTHER-REF
CISCO
SECTRACK
FreeBSD -- FreeBSDThe "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
unknown
2007-11-29
2.1CVE-2007-6150
FREEBSD
BID
Red Hat -- Fedora_Fedorabuttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
unknown
2007-11-26
2.1CVE-2007-6131
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amensa-Soft -- K+B-Bestellsystemkb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) domain or (2) tld parameter in a check_owner action.
unknown
2007-11-29
10.0CVE-2007-6176
BUGTRAQ
MILW0RM
BID
SECUNIA
XF
Apple -- Mac OS XMail in Apple Mac OS X Leopard allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
unknown
2007-11-28
9.3CVE-2007-6165
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Apple -- QuicktimeStack-based buffer overflow in Apple QuickTime 7.2 and 7.3 allows remote attackers to execute arbitrary code via a long Real Time Streaming Protocol (RTSP) Content-Type header.
unknown
2007-11-28
9.3CVE-2007-6166
MILW0RM
OTHER-REF
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
BitDefender -- Online Anti-Virus ScannerA certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in BitDefender Online Anti-Virus Scanner 8.0 allows remote attackers to execute arbitrary code via a long argument to the InitX method that begins with a "%%" sequence, which is misinterpreted as a Unicode string and decoded twice, leading to improper memory allocation and a heap-based buffer overflow.
unknown
2007-11-29
9.3CVE-2007-6189
BUGTRAQ
MILW0RM
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Digium -- AsteriskSQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
unknown
2007-11-29
7.5CVE-2007-6171
OTHER-REF
Dora Emlak -- Dora EmlakMultiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
unknown
2007-11-27
7.5CVE-2007-6140
OTHER-REF
BID
SECUNIA
Easy Hosting Control Panel -- Easy Hosting Control PanelMultiple PHP remote file inclusion vulnerabilities in Easy Hosting Control Panel for Ubuntu (EHCP) 0.22.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the confdir parameter to (1) dbutil.bck.php and (2) dbutil.php in config/.
unknown
2007-11-29
7.5CVE-2007-6178
MILW0RM
Ethereal Group -- Ethereal
Wireshark -- Wireshark
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
unknown
2007-11-23
7.8CVE-2007-6118
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Ethereal Group -- Ethereal
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
unknown
2007-11-23
7.8CVE-2007-6121
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Eurologon -- Eurologon CMSMultiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
unknown
2007-11-28
7.5CVE-2007-6164
BUGTRAQ
MILW0RM
BID
Eurologon -- Eurologon CMSDirectory traversal vulnerability in users/files.php in Eurologon CMS allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a download action, as demonstrated by a certain PHP file containing database credentials.
unknown
2007-11-29
7.5CVE-2007-6185
BUGTRAQ
MILW0RM
Flor de Utopia -- WorkingOnWebSQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.
unknown
2007-11-26
7.5CVE-2007-6128
MILW0RM
BID
GOUAE -- DWD RealtySQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-11-28
7.5CVE-2007-6163
BUGTRAQ
OTHER-REF
BID
SECUNIA
GOUAE -- DWD RealtySQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-28
7.5CVE-2007-6169
SECUNIA
Growth -- ISPManagerThe responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 allows local users to gain privileges via shell metacharacters in command line arguments.
unknown
2007-11-29
7.2CVE-2007-6182
OTHER-REF
OTHER-REF
SECUNIA
IRC Services -- IRC ServicesUnspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.
unknown
2007-11-26
10.0CVE-2007-6123
MLIST
OTHER-REF
BID
SECUNIA
Kinson Chan Charray -- CMSMultiple PHP remote file inclusion vulnerabilities in Charray's CMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the ccms_library_path parameter to (1) markdown.php and (2) gallery.php in decoder/.
unknown
2007-11-29
7.5CVE-2007-6179
MILW0RM
BID
Mozilla -- SeaMonkey
Mozilla -- Firefox
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
unknown
2007-11-26
10.0CVE-2007-5959
OTHER-REF
p3mbo -- Content InjectorSQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
7.5CVE-2007-6137
MILW0RM
BID
FRSIRT
SECUNIA
PHP-Con -- PHP-ConPHP remote file inclusion vulnerability in Exchange/include.php in PHP-CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
unknown
2007-11-29
7.5CVE-2007-6177
MILW0RM
BID
PHPDevShell -- PHPDevShellPHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.
unknown
2007-11-29
8.5CVE-2007-6174
OTHER-REF
SECUNIA
PHPDevShell -- PHPDevShellUnspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in repair & optimize database."
unknown
2007-11-29
10.0CVE-2007-6186
OTHER-REF
PHPKIT -- PHPKITSQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
unknown
2007-11-27
7.5CVE-2007-6134
MILW0RM
BID
FRSIRT
SECUNIA
Project Alumni -- Project AlumniMultiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
unknown
2007-11-26
7.5CVE-2007-6127
MILW0RM
BID
Project Alumni -- Project AlumniDirectory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter.
unknown
2007-11-29
7.5CVE-2007-6184
MILW0RM
OTHER-REF
Proverbs -- Proverbs Web CalendarMultiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
unknown
2007-11-28
7.5CVE-2007-6158
BUGTRAQ
BID
XF
Red Hat -- CairoMultiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image, which is not properly handled by the read_png function.
unknown
2007-11-29
7.5CVE-2007-5503
OTHER-REF
OTHER-REF
OTHER-REF
REDHAT
SoftBiz -- Freelancers ScriptSQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
unknown
2007-11-26
7.5CVE-2007-6125
MILW0RM
BID
Sun -- SolarisRace condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors.
unknown
2007-11-29
7.6CVE-2007-6180
SUNALERT
SuSE -- SuSE Linuxyast2-core includes the current working directory in its search path, which allows local users to gain privileges via malicious yast2 modules.
unknown
2007-11-28
7.2CVE-2007-6167
SUSE
Tilde -- Tilde CMSSQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
unknown
2007-11-28
7.5CVE-2007-6159
BUGTRAQ
BID
TuMusika Evolution -- TuMusika EvolutionMultiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
unknown
2007-11-29
7.5CVE-2007-6188
MILW0RM
VU -- Mass MailerSQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
7.5CVE-2007-6138
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
VU -- Case ManagerSQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
unknown
2007-11-27
7.5CVE-2007-6143
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
VU -- Case ManagerSQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-28
7.5CVE-2007-6168
FRSIRT
SECUNIA
Wesnoth -- WesnothDirectory traversal vulnerability in the WML engine preprocessor for Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
unknown
2007-12-01
9.0CVE-2007-5742
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Wire Plastic Design -- WpQuizMultiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
unknown
2007-11-29
10.0CVE-2007-6172
MILW0RM
BID
SECUNIA
Wireshark -- WiresharkThe DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors.
unknown
2007-11-23
7.8CVE-2007-6119
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Amber Script -- Amber ScriptDirectory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged for remote file inclusion in PHP 5 using a UNC share pathname, ftp, ftps, or ssh2.sftp URL.
unknown
2007-11-26
5.8CVE-2007-6129
BUGTRAQ
MILW0RM
BID
SECUNIA
Apple -- QuicktimeAn "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.
unknown
2007-11-27
6.8CVE-2007-4674
OTHER-REF
OTHER-REF
BASE -- Basic Analysis and Security EngineMultiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.
unknown
2007-11-28
4.3CVE-2007-6156
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
Citrix -- NetScalerThe web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
unknown
2007-11-29
4.0CVE-2007-6192
BUGTRAQ
SECTRACK
XF
Citrix -- NetScalerThe web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
unknown
2007-11-29
5.0CVE-2007-6193
BUGTRAQ
DevMass -- DevMass CartPHP remote file inclusion vulnerability in admin/kfm/initialise.php in DevMass Shopping Cart 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the kfm_base_path parameter.
unknown
2007-11-27
5.8CVE-2007-6133
MILW0RM
BID
FRSIRT
SECUNIA
Digium -- AsteriskSQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
unknown
2007-11-29
6.5CVE-2007-6170
OTHER-REF
Ethereal Group -- Ethereal
Wireshark -- Wireshark
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-11-23
4.3CVE-2007-6120
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
GNU -- GNUMP3Dgnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
unknown
2007-11-26
5.0CVE-2007-6130
OTHER-REF
OTHER-REF
Hitachi -- JP1 File Transmission ServerUnspecified vulnerability in Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-01 allows remote attackers to bypass authentication and "view files" via unspecified vectors.
unknown
2007-11-27
5.0CVE-2007-6145
OTHER-REF
BID
FRSIRT
SECUNIA
Hitachi -- JP1 File Transmission ServerHitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on Windows might allow remote attackers to cause a denial of service (service stop) via a "specific file" argument to an FTP command.
unknown
2007-11-27
5.0CVE-2007-6146
OTHER-REF
BID
FRSIRT
SECUNIA
iaprcommence -- IAPR COMMENCEMultiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/.
unknown
2007-11-27
6.8CVE-2007-6147
MILW0RM
BID
SECUNIA
IHU -- I Hear UI Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.
unknown
2007-11-23
5.0CVE-2007-6103
OTHER-REF
OTHER-REF
SECUNIA
IRC Services -- IRC ServicesThe default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details are obtained from third party information.
unknown
2007-11-26
5.0CVE-2007-6122
MLIST
MLIST
OTHER-REF
BID
SECUNIA
Lhaplus -- LhaplusBuffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.
unknown
2007-11-29
6.6CVE-2007-6175
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Liferay -- Liferay Enterprise PortalCross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of these details are obtained from third party information.
unknown
2007-11-29
4.3CVE-2007-6173
BUGTRAQ
BID
FRSIRT
SECUNIA
M2Scripts -- MySpace Scripts Poll CreatorMultiplce cross-site scripting (XSS) vulnerabilities in index.php in M2Scripts MySpace Scripts Poll Creator allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) intro, and (3) question parameters, and (4) unspecified answer parameters, in a create_new action. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
4.3CVE-2007-6136
BUGTRAQ
BID
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 2.0.0.10 and SeaMonkey 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
unknown
2007-11-26
4.3CVE-2007-5960
OTHER-REF
Mp3 -- ToolboxPHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter.
unknown
2007-11-27
6.8CVE-2007-6139
BUGTRAQ
MILW0RM
FRSIRT
NoAh -- NoAhMultiple directory traversal vulnerabilities in PHP Content Architect (aka NoAh) 0.9 pre 1.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filepath parameter to (1) css_file.php, (2) js_file.php, or (3) xml_file.php in noah/modules/nosystem/templates/.
unknown
2007-11-29
5.0CVE-2007-6187
MILW0RM
OpenSSL Project -- FIPS Object ModuleThe PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
unknown
2007-12-01
6.4CVE-2007-5502
OTHER-REF
BID
FRSIRT
SECUNIA
PHPSlideShow -- PHPSlideShowCross-site scripting (XSS) vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific name, since the PHPSlideShow distribution does not contain that file.
unknown
2007-11-27
4.3CVE-2007-6135
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
pmapper -- p.mapperMultiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper.
unknown
2007-11-29
6.8CVE-2007-6191
OTHER-REF
BID
Project Alumni -- Project AlumniMultiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is reachable through a view action to the top-level index.php.
unknown
2007-11-26
4.3CVE-2007-6126
MILW0RM
BID
Red Hat -- Cygwin_dllHeap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier allows context-dependent attackers to execute arbitrary code via a filename with a certain length, as demonstrated by a remote authenticated user who uses the SCP protocol to send a file to the Cygwin machine, and thereby causes scp.exe on this machine to execute, and then overwrite heap memory with characters from the filename. NOTE: it is also reported that a related issue might exist in 1.5.7 through 1.5.19.
unknown
2007-11-29
6.0CVE-2007-6181
BUGTRAQ
MLIST
MLIST
MLIST
redhat -- enterprise_linuxMemory leak in the Red Hat Content Accelerator kernel patch in Red Hat Enterprise Linux 5 allows local users to cause a denial of service (memory consumption) via a large number of open requests involving O_ATOMICLOOKUP.
unknown
2007-11-29
4.9CVE-2007-5494
OTHER-REF
REDHAT
Ruby_Gnome2 -- Ruby_Gnome2Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
unknown
2007-11-29
6.8CVE-2007-6183
BUGTRAQ
OTHER-REF
Salims Softhouse -- JAF CMSMultiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-11-27
4.3CVE-2007-6142
BID
SECUNIA
SimpleGallery -- SimpleGalleryCross-site scripting (XSS) vulnerability in index.php in SimpleGallery 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the album parameter.
unknown
2007-11-28
4.3CVE-2007-6157
BUGTRAQ
BID
SoftBiz -- Freelancers ScriptCross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
unknown
2007-11-26
4.3CVE-2007-6124
MILW0RM
BID
Symantec -- BackupExec System RecoveryThe Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allows remote attackers to cause a denial of service (NULL dereference and service crash) via a crafted packet to port 5633/tcp.
unknown
2007-11-29
5.0CVE-2007-4346
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Symantec -- BackupExec System RecoveryMultiple integer overflows in the Job Engine (bengine.exe) service in Symantec Backup Exec for Windows Servers (BEWS) 11d build 11.0.7170 and 11.0.6.6235 allow remote attackers to cause a denial of service (CPU and memory consumption) via a crafted packet to port 5633/tcp, which triggers an infinite loop.
unknown
2007-11-29
5.0CVE-2007-4347
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Tilde -- Tilde CMSCross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
unknown
2007-11-28
4.3CVE-2007-6160
BUGTRAQ
BID
Tilde -- Tilde CMSindex.php in Tilde CMS 4.x and earlier allows remote attackers to obtain sensitive information via a certain search parameter value in a search action, which reveals the path.
unknown
2007-11-28
5.0CVE-2007-6161
BUGTRAQ
VBTube -- VBTubeCross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 Beta allows remote attackers to inject arbitrary web script or HTML via the search parameter.
unknown
2007-11-27
4.3CVE-2007-6141
BUGTRAQ
BID
WSDeluxe -- FMDeluxeCross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
unknown
2007-11-28
4.3CVE-2007-6162
BUGTRAQ
BID
SECUNIA
Xunlei -- Web ThunderHeap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control in pplayer.dll_1_work in Xunlei Thunder 5.7.4.401 allows remote attackers to execute arbitrary code via a long string in a FlvPlayerUrl property value. NOTE: some of these details are obtained from third party information.
unknown
2007-11-27
6.0CVE-2007-6144
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Cisco -- Unified IP PhoneThe HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
unknown
2007-11-29
3.5CVE-2007-6190
OTHER-REF
CISCO
SECTRACK
FreeBSD -- FreeBSDThe "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
unknown
2007-11-29
2.1CVE-2007-6150
FREEBSD
BID
Red Hat -- Fedora_Fedorabuttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.
unknown
2007-11-26
2.1CVE-2007-6131
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top