U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-344)

Vulnerability Summary for the Week of December 3, 2007

Original release date: December 10, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
APC -- Rack Power Distribution Unit
APC -- OAS
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
unknown
2007-12-04
7.1CVE-2007-6226
BUGTRAQ
BID
SECTRACK
XF
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
unknown
2007-12-04
10.0CVE-2007-6238
OTHER-REF
OTHER-REF
BID
Apple -- Mac OS XThe accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet to UDP port 4112, which triggers an "arithmetic exception error."
unknown
2007-12-07
7.8CVE-2007-6276
MILW0RM
BID
XF
bcoos -- bcoosMultiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.
unknown
2007-12-07
7.5CVE-2007-6266
OTHER-REF
BID
SECUNIA
XF
bcoos -- bcoosSQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-????.
unknown
2007-12-07
7.5CVE-2007-6275
OTHER-REF
SECUNIA
Beehive Forum -- Beehive ForumSQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
unknown
2007-12-05
7.5CVE-2007-6014
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Beehive Forum -- Beehive ForumMultiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014.
unknown
2007-12-05
7.5CVE-2007-6241
OTHER-REF
SECUNIA
DeluxeBB -- DeluxeBBcp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.
unknown
2007-12-04
9.0CVE-2007-6237
BUGTRAQ
SECUNIA
flac -- libflacMultiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
unknown
2007-12-07
9.3CVE-2007-6277
EEYE
BUGTRAQ
CERT-VN
SECTRACK
flac -- libflacFree Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
unknown
2007-12-07
9.3CVE-2007-6278
EEYE
BUGTRAQ
CERT-VN
SECTRACK
flac -- libflacMultiple double-free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
unknown
2007-12-07
9.3CVE-2007-6279
EEYE
BUGTRAQ
CERT-VN
SECTRACK
FTP Admin -- FTP Adminindex.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
unknown
2007-12-04
10.0CVE-2007-6234
MILW0RM
SECUNIA
XF
GNU -- EmacsBuffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.
unknown
2007-12-07
10.0CVE-2007-6109
SUSE
Heimdal -- HeimdalThe gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
unknown
2007-12-06
10.0CVE-2007-5939
OTHER-REF
HP -- Select IdentityUnspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.
unknown
2007-12-05
10.0CVE-2007-6194
HP
BID
FRSIRT
SECUNIA
Irola -- My-TimeMultiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-12-04
7.5CVE-2007-6217
BUGTRAQ
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
Joomla -- JoomlaMultiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
unknown
2007-12-07
7.5CVE-2007-6272
BUGTRAQ
BID
Linux -- netkit_ftpDouble-free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-????.
unknown
2007-12-06
10.0CVE-2007-5769
OTHER-REF
OTHER-REF
Linux -- netkit_ftpdThe dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.
unknown
2007-12-06
9.3CVE-2007-6263
OTHER-REF
MIT -- Kerberos 5The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used.
unknown
2007-12-05
10.0CVE-2007-5894
OTHER-REF
MIT -- Kerberos 5Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
unknown
2007-12-05
10.0CVE-2007-5901
OTHER-REF
MIT -- Kerberos 5Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
unknown
2007-12-05
10.0CVE-2007-5902
OTHER-REF
MIT -- Kerberos 5Double-free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
unknown
2007-12-05
10.0CVE-2007-5971
OTHER-REF
MIT -- Kerberos 5Double-free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and thus the attacker must have privileges to store this key.
unknown
2007-12-05
9.0CVE-2007-5972
OTHER-REF
Mortbay Jetty -- JettyMortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
unknown
2007-12-05
7.5CVE-2007-5614
OTHER-REF
CERT-VN
phpBB -- GarageSQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
unknown
2007-12-04
7.5CVE-2007-6223
MILW0RM
QEMU -- QEMUQEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
unknown
2007-12-04
7.2CVE-2007-6227
BUGTRAQ
BID
Rayzz -- Rayzz ScriptPHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
unknown
2007-12-04
7.5CVE-2007-6229
MILW0RM
Rayzz -- Rayzz ScriptDirectory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
unknown
2007-12-04
7.5CVE-2007-6230
MILW0RM
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
unknown
2007-12-03
7.8CVE-2006-7226
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SING -- SINGSend Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option.
unknown
2007-12-03
7.2CVE-2007-6211
BUGTRAQ
BID
Snitz Forums 2000 -- Snitz ForumsSQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
unknown
2007-12-05
7.5CVE-2007-6240
MILW0RM
BID
SECUNIA
Tellmatic -- TellmaticMultiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.
unknown
2007-12-04
7.5CVE-2007-6231
MILW0RM
TuMusika Evolution -- TuMusika EvolutionTuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-04
7.8CVE-2007-6221
SECUNIA
XF
XIGLA -- Absolute News Manager.NETMultiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
unknown
2007-12-07
7.5CVE-2007-6269
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- ApacheApache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
unknown
2007-12-03
4.3CVE-2007-6203
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Apple -- Mac OS XInteger overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
unknown
2007-12-05
4.9CVE-2007-6261
OTHER-REF
BID
FRSIRT
SECUNIA
Avast -- Avast Antivirus Professional
Avast -- Avast Antivirus Home
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
unknown
2007-12-07
6.8CVE-2007-6265
OTHER-REF
BID
SECUNIA
bcoos -- bcoosMultiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
unknown
2007-12-07
4.3CVE-2007-6274
OTHER-REF
BID
SECUNIA
XF
CRM_CTT -- InterleaveThe CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.
unknown
2007-12-04
6.5CVE-2007-6222
OTHER-REF
SECUNIA
Ext2 Filesystems Utilities -- e2fsprogsMultiple integer overflows in libext2fs in e2fsprogs allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
unknown
2007-12-07
5.8CVE-2007-5497
SUSE
FTP -- AdminCross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
unknown
2007-12-04
4.3CVE-2007-6232
MILW0RM
SECUNIA
XF
FTP Admin -- FTP AdminDirectory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
unknown
2007-12-04
4.9CVE-2007-6233
MILW0RM
SECUNIA
XF
Google -- KMLDirectory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
unknown
2007-12-04
5.0CVE-2007-6212
MILW0RM
IBM -- Tivoli Netcool Security ManagerCross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-04
4.3CVE-2007-6219
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Intel -- PRO Wireless 3945ABG
Intel -- Wireless WiFi Link 4965AGN
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
unknown
2007-12-06
5.0CVE-2007-5938
OTHER-REF
OTHER-REF
LearnLoop -- LearnLoopDirectory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
unknown
2007-12-04
4.3CVE-2007-6214
MILW0RM
Microsoft -- Internet ExplorerThe Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
unknown
2007-12-05
5.8CVE-2007-5355
OTHER-REF
MSKB
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Windows Media PlayerMicrosoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
unknown
2007-12-04
5.0CVE-2007-6236
MILW0RM
BID
Mortbay Jetty -- JettyCross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
unknown
2007-12-05
4.3CVE-2007-5613
OTHER-REF
OTHER-REF
CERT-VN
Mortbay Jetty -- JettyCRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
unknown
2007-12-05
5.0CVE-2007-5615
OTHER-REF
CERT-VN
OpenOffice -- OpenOfficeUnspecified vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org (OOo) 2 before 2.3.1 allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents.
unknown
2007-12-05
6.8CVE-2007-4575
OTHER-REF
BID
FRSIRT
SECUNIA
Oracle -- Database 11g
Oracle -- Database 10g
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
unknown
2007-12-05
6.8CVE-2007-6260
BUGTRAQ
OTHER-REF
OTHER-REF
Ossigeno -- CMSMultiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.
unknown
2007-12-04
5.0CVE-2007-6218
OTHER-REF
BID
Perl -- PCREPerl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
unknown
2007-12-03
5.0CVE-2006-7225
OTHER-REF
OTHER-REF
REDHAT
REDHAT
Real -- RealPlayerThe RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
unknown
2007-12-04
5.0CVE-2007-6224
BUGTRAQ
OTHER-REF
BID
XF
RealNetworks -- RealPlayerA certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
unknown
2007-12-04
5.0CVE-2007-6235
BUGTRAQ
MILW0RM
OTHER-REF
SonicWall -- Global VPN ClientMultiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
unknown
2007-12-07
6.8CVE-2007-6273
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Squid -- Squid Web Proxy CacheThe "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.
unknown
2007-12-04
5.0CVE-2007-6239
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Sun -- SolarisRace condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.
unknown
2007-12-04
4.7CVE-2007-6216
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- SolarisUnspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
unknown
2007-12-04
4.9CVE-2007-6225
SUNALERT
BID
FRSIRT
SECUNIA
XF
typespeed -- Typespeedtypespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
unknown
2007-12-04
5.0CVE-2007-6220
OTHER-REF
OTHER-REF
BID
SECUNIA
VideoLAN -- VLC Media PlayerA certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
unknown
2007-12-05
6.8CVE-2007-6262
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Web-MeetMe -- Web-MeetMeMultiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
unknown
2007-12-04
5.0CVE-2007-6215
MILW0RM
WebED -- WebEDMultiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.
unknown
2007-12-04
5.0CVE-2007-6213
MILW0RM
XenSource Inc -- XenXen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
unknown
2007-12-03
5.0CVE-2007-6207
OTHER-REF
MLIST
XIGLA -- Absolute News Manager.NETDirectory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
unknown
2007-12-07
5.0CVE-2007-6268
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XIGLA -- Absolute News Manager.NETMultiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
unknown
2007-12-07
4.3CVE-2007-6270
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XIGLA -- Absolute News Manager.NETAbsolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
unknown
2007-12-07
4.3CVE-2007-6271
BUGTRAQ
OTHER-REF
BID
Yahoo -- Yahoo ToolbarStack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.
unknown
2007-12-04
6.8CVE-2007-6228
FULLDISC
BID
XF
ZSH -- ZSHdifflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
unknown
2007-12-03
4.6CVE-2007-6209
MLIST
MLIST
MLIST
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Citrix -- EdgeSight for Presentation Server
Citrix -- EdgeSight for Endpoints
Citrix -- EdgeSight for NetScaler
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
unknown
2007-12-07
2.1CVE-2007-6267
OTHER-REF
BID
FRSIRT
SECUNIA
Claws Mail -- Claws Mail Toolssylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
unknown
2007-12-03
3.6CVE-2007-6208
OTHER-REF
Linux -- KernelLinux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
unknown
2007-12-03
2.1CVE-2007-6206
OTHER-REF
OTHER-REF
ZABBIX -- Zabbix_agentdzabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
unknown
2007-12-03
2.1CVE-2007-6210
OTHER-REF

Back to top
=

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
APC -- Rack Power Distribution Unit
APC -- OAS
The American Power Conversion (APC) AP7932 0u 30amp Switched Rack Power Distribution Unit (PDU), with rpdu 3.5.5 and aos 3.5.6, allows remote attackers to bypass authentication and obtain login access by making a login attempt while a different client is logged in, and then resubmitting the login attempt once the other client exits.
unknown
2007-12-04
7.1CVE-2007-6226
BUGTRAQ
BID
SECTRACK
XF
Apple -- QuicktimeUnspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
unknown
2007-12-04
10.0CVE-2007-6238
OTHER-REF
OTHER-REF
BID
Apple -- Mac OS XThe accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet to UDP port 4112, which triggers an "arithmetic exception error."
unknown
2007-12-07
7.8CVE-2007-6276
MILW0RM
BID
XF
bcoos -- bcoosMultiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.
unknown
2007-12-07
7.5CVE-2007-6266
OTHER-REF
BID
SECUNIA
XF
bcoos -- bcoosSQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-????.
unknown
2007-12-07
7.5CVE-2007-6275
OTHER-REF
SECUNIA
Beehive Forum -- Beehive ForumSQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
unknown
2007-12-05
7.5CVE-2007-6014
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Beehive Forum -- Beehive ForumMultiple unspecified vulnerabilities in Beehive Forum 0.7.1 have unknown "critical" impact and attack vectors, different issues than CVE-2007-6014.
unknown
2007-12-05
7.5CVE-2007-6241
OTHER-REF
SECUNIA
DeluxeBB -- DeluxeBBcp.php in DeluxeBB 1.09 does not verify that the membercookie parameter corresponds to the authenticated member during a profile update, which allows remote authenticated users to change the e-mail addresses of arbitrary accounts via a modified membercookie parameter, a different vector than CVE-2006-4078. NOTE: this can be leveraged for administrative access by requesting password-reset e-mail through a lostpw action to misc.php.
unknown
2007-12-04
9.0CVE-2007-6237
BUGTRAQ
SECUNIA
flac -- libflacMultiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.
unknown
2007-12-07
9.3CVE-2007-6277
EEYE
BUGTRAQ
CERT-VN
SECTRACK
flac -- libflacFree Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
unknown
2007-12-07
9.3CVE-2007-6278
EEYE
BUGTRAQ
CERT-VN
SECTRACK
flac -- libflacMultiple double-free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
unknown
2007-12-07
9.3CVE-2007-6279
EEYE
BUGTRAQ
CERT-VN
SECTRACK
FTP Admin -- FTP Adminindex.php in FTP Admin 0.1.0 allows remote attackers to bypass authentication and obtain administrative access via a loggedin parameter with a value of true, as demonstrated by adding a user account.
unknown
2007-12-04
10.0CVE-2007-6234
MILW0RM
SECUNIA
XF
GNU -- EmacsBuffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.
unknown
2007-12-07
10.0CVE-2007-6109
SUSE
Heimdal -- HeimdalThe gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
unknown
2007-12-06
10.0CVE-2007-5939
OTHER-REF
HP -- Select IdentityUnspecified vulnerability in HP Select Identity 4.01 before 4.01.012 and 4.1x before 4.13.003 allows remote attackers to obtain unspecified access via unknown vectors.
unknown
2007-12-05
10.0CVE-2007-6194
HP
BID
FRSIRT
SECUNIA
Irola -- My-TimeMultiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
unknown
2007-12-04
7.5CVE-2007-6217
BUGTRAQ
MILW0RM
OTHER-REF
FRSIRT
SECUNIA
Joomla -- JoomlaMultiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
unknown
2007-12-07
7.5CVE-2007-6272
BUGTRAQ
BID
Linux -- netkit_ftpDouble-free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-????.
unknown
2007-12-06
10.0CVE-2007-5769
OTHER-REF
OTHER-REF
Linux -- netkit_ftpdThe dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.
unknown
2007-12-06
9.3CVE-2007-6263
OTHER-REF
MIT -- Kerberos 5The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used.
unknown
2007-12-05
10.0CVE-2007-5894
OTHER-REF
MIT -- Kerberos 5Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
unknown
2007-12-05
10.0CVE-2007-5901
OTHER-REF
MIT -- Kerberos 5Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
unknown
2007-12-05
10.0CVE-2007-5902
OTHER-REF
MIT -- Kerberos 5Double-free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.
unknown
2007-12-05
10.0CVE-2007-5971
OTHER-REF
MIT -- Kerberos 5Double-free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and thus the attacker must have privileges to store this key.
unknown
2007-12-05
9.0CVE-2007-5972
OTHER-REF
Mortbay Jetty -- JettyMortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
unknown
2007-12-05
7.5CVE-2007-5614
OTHER-REF
CERT-VN
phpBB -- GarageSQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
unknown
2007-12-04
7.5CVE-2007-6223
MILW0RM
QEMU -- QEMUQEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com.
unknown
2007-12-04
7.2CVE-2007-6227
BUGTRAQ
BID
Rayzz -- Rayzz ScriptPHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
unknown
2007-12-04
7.5CVE-2007-6229
MILW0RM
Rayzz -- Rayzz ScriptDirectory traversal vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CFG[site][project_path] parameter.
unknown
2007-12-04
7.5CVE-2007-6230
MILW0RM
Red Hat -- Enterprise Linux AS
Red Hat -- Enterprise Linux ES
Red Hat -- Enterprise Linux WS
Red Hat -- Desktop
Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows context-dependent attackers to cause a denial of service (error or crash).
unknown
2007-12-03
7.8CVE-2006-7226
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SING -- SINGSend Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option.
unknown
2007-12-03
7.2CVE-2007-6211
BUGTRAQ
BID
Snitz Forums 2000 -- Snitz ForumsSQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
unknown
2007-12-05
7.5CVE-2007-6240
MILW0RM
BID
SECUNIA
Tellmatic -- TellmaticMultiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/.
unknown
2007-12-04
7.5CVE-2007-6231
MILW0RM
TuMusika Evolution -- TuMusika EvolutionTuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-04
7.8CVE-2007-6221
SECUNIA
XF
XIGLA -- Absolute News Manager.NETMultiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
unknown
2007-12-07
7.5CVE-2007-6269
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- ApacheApache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
unknown
2007-12-03
4.3CVE-2007-6203
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Apple -- Mac OS XInteger overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
unknown
2007-12-05
4.9CVE-2007-6261
OTHER-REF
BID
FRSIRT
SECUNIA
Avast -- Avast Antivirus Professional
Avast -- Avast Antivirus Home
Unspecified vulnerability in avast! 4 Home and Professional Editions before 4.7.1098 allows remote attackers to have an unknown impact via a crafted TAR archive.
unknown
2007-12-07
6.8CVE-2007-6265
OTHER-REF
BID
SECUNIA
bcoos -- bcoosMultiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
unknown
2007-12-07
4.3CVE-2007-6274
OTHER-REF
BID
SECUNIA
XF
CRM_CTT -- InterleaveThe CheckCustomerAccess function in functions.php in CRM-CTT Interleave before 4.2.0 (formerly CRM-CTT) does not properly verify user privileges, which allows remote authenticated users with the LIMITTOCUSTOMERS privilege to bypass intended access restrictions and edit non-active user settings. NOTE: some of these details are obtained from third party information.
unknown
2007-12-04
6.5CVE-2007-6222
OTHER-REF
SECUNIA
Ext2 Filesystems Utilities -- e2fsprogsMultiple integer overflows in libext2fs in e2fsprogs allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
unknown
2007-12-07
5.8CVE-2007-5497
SUSE
FTP -- AdminCross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
unknown
2007-12-04
4.3CVE-2007-6232
MILW0RM
SECUNIA
XF
FTP Admin -- FTP AdminDirectory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
unknown
2007-12-04
4.9CVE-2007-6233
MILW0RM
SECUNIA
XF
Google -- KMLDirectory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
unknown
2007-12-04
5.0CVE-2007-6212
MILW0RM
IBM -- Tivoli Netcool Security ManagerCross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-04
4.3CVE-2007-6219
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Intel -- PRO Wireless 3945ABG
Intel -- Wireless WiFi Link 4965AGN
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
unknown
2007-12-06
5.0CVE-2007-5938
OTHER-REF
OTHER-REF
LearnLoop -- LearnLoopDirectory traversal vulnerability in include/file_download.php in LearnLoop 2.0 beta7 allows remote attackers to read arbitrary files via a .. (dot dot) in the sFilePath parameter. NOTE: exploitation requires that the product is configured, but has zero files in the database.
unknown
2007-12-04
4.3CVE-2007-6214
MILW0RM
Microsoft -- Internet ExplorerThe Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
unknown
2007-12-05
5.8CVE-2007-5355
OTHER-REF
MSKB
BID
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Windows Media PlayerMicrosoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
unknown
2007-12-04
5.0CVE-2007-6236
MILW0RM
BID
Mortbay Jetty -- JettyCross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.
unknown
2007-12-05
4.3CVE-2007-5613
OTHER-REF
OTHER-REF
CERT-VN
Mortbay Jetty -- JettyCRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
unknown
2007-12-05
5.0CVE-2007-5615
OTHER-REF
CERT-VN
OpenOffice -- OpenOfficeUnspecified vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org (OOo) 2 before 2.3.1 allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents.
unknown
2007-12-05
6.8CVE-2007-4575
OTHER-REF
BID
FRSIRT
SECUNIA
Oracle -- Database 11g
Oracle -- Database 10g
The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.
unknown
2007-12-05
6.8CVE-2007-6260
BUGTRAQ
OTHER-REF
OTHER-REF
Ossigeno -- CMSMultiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.
unknown
2007-12-04
5.0CVE-2007-6218
OTHER-REF
BID
Perl -- PCREPerl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a [[ sequence.
unknown
2007-12-03
5.0CVE-2006-7225
OTHER-REF
OTHER-REF
REDHAT
REDHAT
Real -- RealPlayerThe RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
unknown
2007-12-04
5.0CVE-2007-6224
BUGTRAQ
OTHER-REF
BID
XF
RealNetworks -- RealPlayerA certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
unknown
2007-12-04
5.0CVE-2007-6235
BUGTRAQ
MILW0RM
OTHER-REF
SonicWall -- Global VPN ClientMultiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
unknown
2007-12-07
6.8CVE-2007-6273
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Squid -- Squid Web Proxy CacheThe "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.
unknown
2007-12-04
5.0CVE-2007-6239
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Sun -- SolarisRace condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs.
unknown
2007-12-04
4.7CVE-2007-6216
SUNALERT
BID
FRSIRT
SECUNIA
Sun -- SolarisUnspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
unknown
2007-12-04
4.9CVE-2007-6225
SUNALERT
BID
FRSIRT
SECUNIA
XF
typespeed -- Typespeedtypespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.
unknown
2007-12-04
5.0CVE-2007-6220
OTHER-REF
OTHER-REF
BID
SECUNIA
VideoLAN -- VLC Media PlayerA certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before 0.8.6d allows remote attackers to execute arbitrary code via crafted arguments to the (1) addTarget, (2) getVariable, or (3) setVariable function, resulting from a "bad initialized pointer," aka a "recursive plugin release vulnerability."
unknown
2007-12-05
6.8CVE-2007-6262
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Web-MeetMe -- Web-MeetMeMultiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.
unknown
2007-12-04
5.0CVE-2007-6215
MILW0RM
WebED -- WebEDMultiple directory traversal vulnerabilities in mod/chat/index.php in WebED 0.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) Root and (2) Path parameters.
unknown
2007-12-04
5.0CVE-2007-6213
MILW0RM
XenSource Inc -- XenXen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
unknown
2007-12-03
5.0CVE-2007-6207
OTHER-REF
MLIST
XIGLA -- Absolute News Manager.NETDirectory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
unknown
2007-12-07
5.0CVE-2007-6268
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XIGLA -- Absolute News Manager.NETMultiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
unknown
2007-12-07
4.3CVE-2007-6270
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XIGLA -- Absolute News Manager.NETAbsolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
unknown
2007-12-07
4.3CVE-2007-6271
BUGTRAQ
OTHER-REF
BID
Yahoo -- Yahoo ToolbarStack-based buffer overflow in the Helper class in the yt.ythelper.2 ActiveX control in Yahoo! Toolbar 1.4.1 allows remote attackers to cause a denial of service (browser crash) via a long argument to the c method.
unknown
2007-12-04
6.8CVE-2007-6228
FULLDISC
BID
XF
ZSH -- ZSHdifflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
unknown
2007-12-03
4.6CVE-2007-6209
MLIST
MLIST
MLIST
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Citrix -- EdgeSight for Presentation Server
Citrix -- EdgeSight for Endpoints
Citrix -- EdgeSight for NetScaler
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
unknown
2007-12-07
2.1CVE-2007-6267
OTHER-REF
BID
FRSIRT
SECUNIA
Claws Mail -- Claws Mail Toolssylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
unknown
2007-12-03
3.6CVE-2007-6208
OTHER-REF
Linux -- KernelLinux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive information.
unknown
2007-12-03
2.1CVE-2007-6206
OTHER-REF
OTHER-REF
ZABBIX -- Zabbix_agentdzabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
unknown
2007-12-03
2.1CVE-2007-6210
OTHER-REF

Back to top
=

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top