U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-351)

Vulnerability Summary for the Week of December 10, 2007

Original release date: December 17, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Aurora -- Aurora FrameworkSQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
7.5CVE-2007-6345
OTHER-REF
SECUNIA
AVS Media -- AVSMJPEGFILE.DLLBuffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
unknown
2007-12-13
7.5CVE-2007-6327
MILW0RM
OTHER-REF
BID
XF
David Castro -- Apache_AuthCASSQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
unknown
2007-12-13
7.5CVE-2007-6342
BUGTRAQ
BID
DOSBox -- DOSBox** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem.
unknown
2007-12-13
7.2CVE-2007-6328
BUGTRAQ
FRSIRT
XF
Falt4 CMS -- Falt4 Extreme RC4SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
unknown
2007-12-11
7.5CVE-2007-6311
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
GNU -- EmacsStack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
unknown
2007-12-07
10.0CVE-2007-6109
SUSE
OTHER-REF
GENTOO
SECUNIA
XF
HP -- OpenView Network Node ManagerMultiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe.
unknown
2007-12-13
10.0CVE-2007-6204
BUGTRAQ
OTHER-REF
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info CenterAbsolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
unknown
2007-12-13
9.3CVE-2007-6331
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info CenterThe HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
unknown
2007-12-13
9.3CVE-2007-6332
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Meridian Software -- Prolog ManagerMeridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
unknown
2007-12-13
10.0CVE-2007-6330
BUGTRAQ
BID
XF
Microsoft -- windows_media_format_runtime
Microsoft -- windows_media_services
Microsoft -- Media Format Runtime
Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
unknown
2007-12-11
9.3CVE-2007-0064
MS
Microsoft -- Message Queuing MSMQBuffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems.
unknown
2007-12-11
9.0CVE-2007-3039
MS
Microsoft -- DirectXUnspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
unknown
2007-12-11
9.3CVE-2007-3895
MS
FRSIRT
SECUNIA
Microsoft -- DirectXUnspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file.
unknown
2007-12-11
10.0CVE-2007-3901
MS
FRSIRT
SECUNIA
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
10.0CVE-2007-3902
Microsoft -- windows-ntUnspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
unknown
2007-12-11
7.2CVE-2007-5350
MS
scponly -- scponlyscponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
unknown
2007-12-14
8.5CVE-2007-6350
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-5000
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
City Writer -- CityWriterPHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-12-13
6.8CVE-2007-6324
MILW0RM
Drupal -- feature_moduleFeature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
unknown
2007-12-11
4.3CVE-2007-6320
OTHER-REF
Ext2 Filesystems Utilities -- e2fsprogsMultiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
unknown
2007-12-07
5.8CVE-2007-5497
SUSE
OTHER-REF
DEBIAN
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
XF
MANDRIVA
SECUNIA
Falt4 CMS -- Falt4 Extreme RC4Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
unknown
2007-12-11
4.3CVE-2007-6310
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
Fastpublish -- Fastpublish CMSPHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
unknown
2007-12-13
6.8CVE-2007-6325
MILW0RM
FRSIRT
SECUNIA
GNOME -- BalsaStack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
unknown
2007-12-12
6.8CVE-2007-5007
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
SUSE
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
HP -- Info CenterThe HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
unknown
2007-12-13
5.8CVE-2007-6333
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- OpenView Network Node ManagerCross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-6343
HP
FRSIRT
SECTRACK
SECUNIA
HttpLogger -- HttpLoggerCross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-11
4.3CVE-2007-6308
OTHER-REF
OTHER-REF
SECUNIA
IBM -- Hardware Management ConsoleMultiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
unknown
2007-12-10
4.6CVE-2007-6305
OTHER-REF
OTHER-REF
SECUNIA
JFree -- JFreeChartMultiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
unknown
2007-12-11
4.3CVE-2007-6306
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
JFree -- JFreeChartMultiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
unknown
2007-12-11
4.3CVE-2007-6307
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Mcms -- Easy Web MakeDirectory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
unknown
2007-12-13
6.8CVE-2007-6344
MILW0RM
BID
SECUNIA
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-3903
MS
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-5344
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-5347
MS
Microsoft -- windows-ntUnspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
unknown
2007-12-11
6.4CVE-2007-5351
MS
Microsoft -- OfficeMicrosoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
unknown
2007-12-13
6.4CVE-2007-6329
BUGTRAQ
BID
MMS Gallery -- MMS Gallery PHPMultiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
unknown
2007-12-13
5.0CVE-2007-6323
MILW0RM
MySQL -- MySQLMySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
unknown
2007-12-10
5.8CVE-2007-5970
OTHER-REF
OTHER-REF
MySQL -- MySQLThe federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
unknown
2007-12-10
5.0CVE-2007-6304
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Novell -- NetMailMultiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162."
unknown
2007-12-10
6.8CVE-2007-6302
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Rainboard -- RainboardCross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-6346
OTHER-REF
OTHER-REF
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.
unknown
2007-12-11
5.0CVE-2007-6314
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.
unknown
2007-12-11
4.0CVE-2007-6315
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.
unknown
2007-12-11
4.3CVE-2007-6316
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
unknown
2007-12-11
5.5CVE-2007-6317
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- enterprise_linuxThe default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
unknown
2007-12-13
6.9CVE-2007-5964
OTHER-REF
REDHAT
SECUNIA
Roundcube Webmail Project -- Roundcube WebmailCross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
unknown
2007-12-11
4.3CVE-2007-6321
BUGTRAQ
OTHER-REF
XF
S9Y -- SerendipityCross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
unknown
2007-12-11
4.3CVE-2007-6205
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Samba -- SambaStack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
unknown
2007-12-13
6.8CVE-2007-6015
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
REDHAT
BID
SECUNIA
Sergey Lyubka -- Simple HTTPDSergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
unknown
2007-12-13
5.0CVE-2007-6326
MILW0RM
OTHER-REF
BID
XF
Skype Technologies -- SkypeUnspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
unknown
2007-12-13
6.8CVE-2007-5989
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SquirrelMail -- SquirrelMailSquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
unknown
2007-12-14
6.8CVE-2007-6348
OTHER-REF
ViArt -- Helpdesk
ViArt -- Shop Evaluation
ViArt -- Shop Free
ViArt -- CMS
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
6.8CVE-2007-6347
MILW0RM
BID
SECUNIA
Websense -- Web Security Suite
Websense -- Enterpise
Websense -- Reporting Tools
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
unknown
2007-12-11
4.3CVE-2007-6312
BUGTRAQ
OTHER-REF
OTHER-REF
BID
webSPELL -- webSPELLMultiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
unknown
2007-12-11
4.3CVE-2007-6309
BUGTRAQ
BID
WordPress -- WordPressSQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
unknown
2007-12-11
6.8CVE-2007-6318
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
FULLDISC
xml2owl -- xml2owlDirectory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-12-13
5.0CVE-2007-6322
MILW0RM

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
MySQL -- MySQLMySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
unknown
2007-12-10
3.5CVE-2007-6303
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF

Back to top
=

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Aurora -- Aurora FrameworkSQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
7.5CVE-2007-6345
OTHER-REF
SECUNIA
AVS Media -- AVSMJPEGFILE.DLLBuffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
unknown
2007-12-13
7.5CVE-2007-6327
MILW0RM
OTHER-REF
BID
XF
David Castro -- Apache_AuthCASSQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
unknown
2007-12-13
7.5CVE-2007-6342
BUGTRAQ
BID
DOSBox -- DOSBox** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem.
unknown
2007-12-13
7.2CVE-2007-6328
BUGTRAQ
FRSIRT
XF
Falt4 CMS -- Falt4 Extreme RC4SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
unknown
2007-12-11
7.5CVE-2007-6311
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
GNU -- EmacsStack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.
unknown
2007-12-07
10.0CVE-2007-6109
SUSE
OTHER-REF
GENTOO
SECUNIA
XF
HP -- OpenView Network Node ManagerMultiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe.
unknown
2007-12-13
10.0CVE-2007-6204
BUGTRAQ
OTHER-REF
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info CenterAbsolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
unknown
2007-12-13
9.3CVE-2007-6331
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- Info CenterThe HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
unknown
2007-12-13
9.3CVE-2007-6332
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Meridian Software -- Prolog ManagerMeridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a (1) cleartext or (2) weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a man-in-the-middle attack.
unknown
2007-12-13
10.0CVE-2007-6330
BUGTRAQ
BID
XF
Microsoft -- windows_media_format_runtime
Microsoft -- windows_media_services
Microsoft -- Media Format Runtime
Unspecified vulnerability in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
unknown
2007-12-11
9.3CVE-2007-0064
MS
Microsoft -- Message Queuing MSMQBuffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via unspecified vectors. NOTE: remote vectors exist for Windows 2000 Professional SP4 and Windows XP SP2; they are only local for the other operating systems.
unknown
2007-12-11
9.0CVE-2007-3039
MS
Microsoft -- DirectXUnspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.
unknown
2007-12-11
9.3CVE-2007-3895
MS
FRSIRT
SECUNIA
Microsoft -- DirectXUnspecified vulnerability in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted Synchronized Accessible Media Interchange (SAMI) file.
unknown
2007-12-11
10.0CVE-2007-3901
MS
FRSIRT
SECUNIA
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3903 and CVE-2007-5344, one variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
10.0CVE-2007-3902
Microsoft -- windows-ntUnspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths."
unknown
2007-12-11
7.2CVE-2007-5350
MS
scponly -- scponlyscponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, and (3) svn , as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks.
unknown
2007-12-14
8.5CVE-2007-6350
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Software Foundation -- Apache HTTP ServerCross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-5000
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
City Writer -- CityWriterPHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2007-12-13
6.8CVE-2007-6324
MILW0RM
Drupal -- feature_moduleFeature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks.
unknown
2007-12-11
4.3CVE-2007-6320
OTHER-REF
Ext2 Filesystems Utilities -- e2fsprogsMultiple integer overflows in libext2fs in e2fsprogs before 1.40.3 allow user-assisted remote attackers to execute arbitrary code via a crafted filesystem image.
unknown
2007-12-07
5.8CVE-2007-5497
SUSE
OTHER-REF
DEBIAN
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
XF
MANDRIVA
SECUNIA
Falt4 CMS -- Falt4 Extreme RC4Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).
unknown
2007-12-11
4.3CVE-2007-6310
BUGTRAQ
MILW0RM
OTHER-REF
OTHER-REF
BID
Fastpublish -- Fastpublish CMSPHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
unknown
2007-12-13
6.8CVE-2007-6325
MILW0RM
FRSIRT
SECUNIA
GNOME -- BalsaStack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
unknown
2007-12-12
6.8CVE-2007-5007
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
SUSE
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
HP -- Info CenterThe HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Buttons (QLBCTRL.exe), allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
unknown
2007-12-13
5.8CVE-2007-6333
MILW0RM
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
HP -- OpenView Network Node ManagerCross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-6343
HP
FRSIRT
SECTRACK
SECUNIA
HttpLogger -- HttpLoggerCross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-11
4.3CVE-2007-6308
OTHER-REF
OTHER-REF
SECUNIA
IBM -- Hardware Management ConsoleMultiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
unknown
2007-12-10
4.6CVE-2007-6305
OTHER-REF
OTHER-REF
SECUNIA
JFree -- JFreeChartMultiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.
unknown
2007-12-11
4.3CVE-2007-6306
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
JFree -- JFreeChartMultiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
unknown
2007-12-11
4.3CVE-2007-6307
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Mcms -- Easy Web MakeDirectory traversal vulnerability in modules/cms/index.php in Mcms Easy Web Make 1.3, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter.
unknown
2007-12-13
6.8CVE-2007-6344
MILW0RM
BID
SECUNIA
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-3903
MS
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website involving uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, a variant of "Uninitialized Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-5344
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability."
unknown
2007-12-11
6.8CVE-2007-5347
MS
Microsoft -- windows-ntUnspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
unknown
2007-12-11
6.4CVE-2007-5351
MS
Microsoft -- OfficeMicrosoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
unknown
2007-12-13
6.4CVE-2007-6329
BUGTRAQ
BID
MMS Gallery -- MMS Gallery PHPMultiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/.
unknown
2007-12-13
5.0CVE-2007-6323
MILW0RM
MySQL -- MySQLMySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
unknown
2007-12-10
5.8CVE-2007-5970
OTHER-REF
OTHER-REF
MySQL -- MySQLThe federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, does not properly handle a response with a small number of columns, which allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
unknown
2007-12-10
5.0CVE-2007-6304
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Novell -- NetMailMultiple heap-based buffer overflows in avirus.exe in Novell NetMail 3.5.2 before Messaging Architects M+NetMail 3.52f (aka 3.5.2F) allows remote attackers to execute arbitrary code via unspecified ASCII integers used as memory allocation arguments, aka "ZDI-CVE-162."
unknown
2007-12-10
6.8CVE-2007-6302
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Rainboard -- RainboardCross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-13
4.3CVE-2007-6346
OTHER-REF
OTHER-REF
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
BarracudaDrive Web Server before 3.8 allows remote attackers to read the source code for web scripts by appending a (1) + (plus), (2) . (dot), or (3) %80 and similar characters to the file name in the URL.
unknown
2007-12-11
5.0CVE-2007-6314
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Group Chat in BarracudaDrive Web Server before 3.8 allows remote authenticated users to cause a denial of service (crash) via a HTTP request to /eh/chat.ehintf/C. that does not contain a Connection ID, which results in a NULL pointer dereference.
unknown
2007-12-11
4.0CVE-2007-6315
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.
unknown
2007-12-11
4.3CVE-2007-6316
BUGTRAQ
OTHER-REF
BID
SECUNIA
Real Time Logic -- BarracudaDrive Web Server
Real Time Logic -- BarracudaDrive Web Server Home Server
Multiple directory traversal vulnerabilities in BarracudaDrive Web Server before 3.8 allow (1) remote attackers to read arbitrary files via certain ..\ (dot dot backslash) sequences in the URL path, or (2) remote authenticated users to delete arbitrary files or create arbitrary directories via a ..\ (dot dot backslash) sequence in the dir parameter to /drive/c/bdusers/USER/.
unknown
2007-12-11
5.5CVE-2007-6317
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- enterprise_linuxThe default configuration of autofs 5 in Red Hat Enterprise Linux (RHEL) 5 omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
unknown
2007-12-13
6.9CVE-2007-5964
OTHER-REF
REDHAT
SECUNIA
Roundcube Webmail Project -- Roundcube WebmailCross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.
unknown
2007-12-11
4.3CVE-2007-6321
BUGTRAQ
OTHER-REF
XF
S9Y -- SerendipityCross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.
unknown
2007-12-11
4.3CVE-2007-6205
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Samba -- SambaStack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
unknown
2007-12-13
6.8CVE-2007-6015
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
REDHAT
BID
SECUNIA
Sergey Lyubka -- Simple HTTPDSergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
unknown
2007-12-13
5.0CVE-2007-6326
MILW0RM
OTHER-REF
BID
XF
Skype Technologies -- SkypeUnspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
unknown
2007-12-13
6.8CVE-2007-5989
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SquirrelMail -- SquirrelMailSquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code.
unknown
2007-12-14
6.8CVE-2007-6348
OTHER-REF
ViArt -- Helpdesk
ViArt -- Shop Evaluation
ViArt -- Shop Free
ViArt -- CMS
PHP remote file inclusion vulnerability in blocks/block_site_map.php in ViArt (1) CMS 3.3.2, (2) HelpDesk 3.3.2, (3) Shop Evaluation 3.3.2, and (4) Shop Free 3.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the root_folder_path parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
6.8CVE-2007-6347
MILW0RM
BID
SECUNIA
Websense -- Web Security Suite
Websense -- Enterpise
Websense -- Reporting Tools
Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.
unknown
2007-12-11
4.3CVE-2007-6312
BUGTRAQ
OTHER-REF
OTHER-REF
BID
webSPELL -- webSPELLMultiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.
unknown
2007-12-11
4.3CVE-2007-6309
BUGTRAQ
BID
WordPress -- WordPressSQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
unknown
2007-12-11
6.8CVE-2007-6318
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
FULLDISC
xml2owl -- xml2owlDirectory traversal vulnerability in filedownload.php in xml2owl 0.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2007-12-13
5.0CVE-2007-6322
MILW0RM

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
MySQL -- MySQLMySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
unknown
2007-12-10
3.5CVE-2007-6303
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF

Back to top
=

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top