U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB07-358)

Vulnerability Summary for the Week of December 17, 2007

Original release date: December 27, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash PlayerUnspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
unknown
2007-12-19
9.3CVE-2007-6242
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
unknown
2007-12-19
9.3CVE-2007-6243
OTHER-REF
OTHER-REF
AdultScript -- AdultScriptadmin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
unknown
2007-12-17
7.5CVE-2007-6414
MILW0RM
BID
SECUNIA
Aertherwide -- exiftagsUnspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.
unknown
2007-12-18
10.0CVE-2007-6354
OTHER-REF
SECUNIA
Aertherwide -- exiftagsUnspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.
unknown
2007-12-18
10.0CVE-2007-6355
OTHER-REF
SECUNIA
Apple -- Mac OS XFormat string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
unknown
2007-12-19
9.3CVE-2007-4708
APPLE
Apple -- Mac OS XDirectory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
unknown
2007-12-19
8.8CVE-2007-4709
APPLE
Apple -- Mac OS XUnspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-4710
APPLE
Apple -- Mac OS XBuffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
unknown
2007-12-19
7.2CVE-2007-5848
APPLE
Apple -- Mac OS XInteger underflow in CUPS in Apple Mac OS X 10.5.1, when SNMP is enabled, allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
unknown
2007-12-19
9.3CVE-2007-5849
APPLE
Apple -- Mac OS XHeap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
unknown
2007-12-19
8.8CVE-2007-5850
APPLE
Apple -- Mac OS XUnspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5853
APPLE
Apple -- Mac OS XQuick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
unknown
2007-12-19
9.4CVE-2007-5856
APPLE
Apple -- SafariUnspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5859
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
unknown
2007-12-19
7.2CVE-2007-5860
APPLE
Apple -- Mac OS XJava in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
unknown
2007-12-18
9.4CVE-2007-5862
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
unknown
2007-12-19
9.3CVE-2007-5863
APPLE
Cisco -- IP Phone Model 7940Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-17
7.8CVE-2007-5583
FULLDISC
MILW0RM
BID
XF
Cisco -- FWSMUnspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
unknown
2007-12-19
7.8CVE-2007-5584
CISCO
BID
XF
Cisco -- IP Phone Model 7940Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-14
7.8CVE-2007-6370
FULLDISC
MILW0RM
BID
XF
Clam Anti-Virus -- ClamAVInteger overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6335
IDEFENSE
DEBIAN
SECUNIA
Ethereal Group -- Ethereal
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
unknown
2007-12-19
7.8CVE-2007-6449
OTHER-REF
exiv2 -- exiv2Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6353
OTHER-REF
SECUNIA
Falcon -- Series One CMSMultiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
unknown
2007-12-20
7.5CVE-2007-6489
MILW0RM
FRSIRT
SECUNIA
FreeWebShop -- FreeWebShopMultiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action.
unknown
2007-12-19
7.5CVE-2007-6466
OTHER-REF
BID
Gesytec Easylon -- OPC ServerGesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
unknown
2007-12-17
10.0CVE-2007-4473
OTHER-REF
OTHER-REF
CERT-VN
Hammer of Thyrion -- Hammer of ThyrionBuffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6468
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
unknown
2007-12-20
10.0CVE-2007-6494
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
unknown
2007-12-20
7.5CVE-2007-6497
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting ControllerMultiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
unknown
2007-12-20
7.5CVE-2007-6498
BUGTRAQ
MILW0RM
BID
XF
HP -- Software UpdateThe HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
unknown
2007-12-20
9.3CVE-2007-6506
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
iMesh.com -- iMeshThe IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
unknown
2007-12-20
7.1CVE-2007-6492
OTHER-REF
SECUNIA
iMesh.com -- iMeshThe IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
unknown
2007-12-20
10.0CVE-2007-6493
OTHER-REF
SECUNIA
JBoss -- SeamThe getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
unknown
2007-12-18
7.5CVE-2007-6433
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Justsystem -- IchitaroStack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
unknown
2007-12-18
9.3CVE-2007-6436
OTHER-REF
FRSIRT
SECUNIA
XF
Kvaliitti -- WebDoc CMSMultiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
unknown
2007-12-20
10.0CVE-2007-6491
BUGTRAQ
Linux -- KernelLinux kernel 2.6.22 and earlier, and possibly other versions, does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
unknown
2007-12-20
7.8CVE-2007-4567
UBUNTU
Linux -- KernelInteger overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
7.2CVE-2007-5966
OTHER-REF
BID
FRSIRT
SECUNIA
Linux -- KernelThe shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly allocate memory in some circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
unknown
2007-12-17
7.2CVE-2007-6417
MLIST
MLIST
MLIST
MKPortal -- MKPortalSQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
unknown
2007-12-19
7.5CVE-2007-6467
BUGTRAQ
BID
XF
my123tkShop -- e-Commerce-SuiteSQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
unknown
2007-12-19
7.5CVE-2007-6458
MILW0RM
BID
Novell -- GroupwiseStack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
unknown
2007-12-18
9.3CVE-2007-6435
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
PeerCast -- PeerCastHeap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
unknown
2007-12-19
10.0CVE-2007-6454
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Perforce -- P4WebP4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
unknown
2007-12-20
7.8CVE-2007-6349
BUGTRAQ
OTHER-REF
BID
SECUNIA
PHP Real Estate Classifieds -- PHP Real Estate Classifieds Premium PlusSQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-19
7.5CVE-2007-6462
MILW0RM
OTHER-REF
BID
phpMyRealty -- phpMyRealtyMultiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
7.5CVE-2007-6472
MILW0RM
SECUNIA
phpRPG -- phpRPGSQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6469
BUGTRAQ
BID
SECUNIA
Planamesa -- NeoOfficeUnspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
unknown
2007-12-19
10.0CVE-2007-6456
OTHER-REF
BID
SECUNIA
XF
St. Bernard -- Open File ManagerHeap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
unknown
2007-12-19
10.0CVE-2007-6281
FULLDISC
OTHER-REF
BID
SECUNIA
Sun -- SolarisSun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
unknown
2007-12-17
9.3CVE-2007-6413
SUNALERT
FRSIRT
SECUNIA
Sun -- Management CenterThe Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
unknown
2007-12-20
9.4CVE-2007-6480
SUNALERT
SECUNIA
Sun -- Ray Server SoftwareUnspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
unknown
2007-12-20
7.8CVE-2007-6482
SUNALERT
BID
SECUNIA
Trend Micro -- ServerProtectSpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
unknown
2007-12-20
10.0CVE-2007-6507
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) Firebird/Interbase, (2) DCP ETSI, (3) IPv6, or (4) USB dissector, which can trigger resource consumption or a crash.
unknown
2007-12-19
7.8CVE-2007-6439
OTHER-REF
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
unknown
2007-12-19
7.8CVE-2007-6441
OTHER-REF
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.5 to 0.99.6 allows remote attackers to cause a denial of service (large loop) via a malformed DNP packet.
unknown
2007-12-19
7.8CVE-2007-6444
OTHER-REF
Wireshark -- WiresharkUnspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6, when running on "some systems," allows remote attackers to cause a denial of service (crash) via crafted chunked messages.
unknown
2007-12-19
7.8CVE-2007-6445
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the iSeries (OS/400) Communication trace file parser in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code unknown vectors.
unknown
2007-12-19
7.5CVE-2007-6447
OTHER-REF
Wireshark -- WiresharkThe Bluetooth SDP dissector in Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6448
OTHER-REF
Wireshark -- WiresharkThe RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6450
OTHER-REF
Wireshark -- WiresharkUnspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
unknown
2007-12-19
7.8CVE-2007-6451
OTHER-REF
xeCMS -- xeCMSDirectory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
unknown
2007-12-21
7.5CVE-2007-6508
BUGTRAQ
MILW0RM
BID
Xen -- XenThe copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
unknown
2007-12-17
7.5CVE-2007-6416
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash PlayerMultiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
unknown
2007-12-19
4.3CVE-2007-6244
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
unknown
2007-12-19
5.8CVE-2007-6245
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
unknown
2007-12-19
6.9CVE-2007-6246
OTHER-REF
Aertherwide -- exiftagsexiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
unknown
2007-12-18
5.0CVE-2007-6356
OTHER-REF
SECUNIA
Anon Proxy Server -- Anon Proxy ServerAnon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
unknown
2007-12-19
6.8CVE-2007-6459
BUGTRAQ
MILW0RM
BID
Anon Proxy Server -- Anon Proxy ServerMultiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
unknown
2007-12-19
4.3CVE-2007-6460
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Apple -- Mac OS XStack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via crafted command line arguments to (1) mount_smbfs and (2) smbutil.
unknown
2007-12-19
6.6CVE-2007-3876
APPLE
Apple -- Mac OS XRace condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
unknown
2007-12-19
6.6CVE-2007-5847
APPLE
Apple -- Mac OS XLaunch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
unknown
2007-12-19
4.3CVE-2007-5854
APPLE
Apple -- Mac OS XMail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
unknown
2007-12-19
6.4CVE-2007-5855
APPLE
Apple -- Mac OS XQuick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
unknown
2007-12-19
6.4CVE-2007-5857
APPLE
Apple -- SafariWebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
unknown
2007-12-19
4.3CVE-2007-5858
APPLE
Apple -- Mac OS XUnspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
unknown
2007-12-19
6.8CVE-2007-5861
APPLE
Asterisk -- Asterisk Business Edition
Asterisk -- Open Source
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
unknown
2007-12-19
4.3CVE-2007-6430
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Balabit -- syslog-ng Premium Edition
Balabit -- syslog-ng Open Source Edition
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
unknown
2007-12-19
5.0CVE-2007-6437
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
XF
Bitweaver -- BitweaverDirect static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
unknown
2007-12-17
6.8CVE-2007-6412
BUGTRAQ
OTHER-REF
BID
Centreon -- CentreonMultiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
unknown
2007-12-20
6.8CVE-2007-6485
BUGTRAQ
MILW0RM
BID
XF
Citrix -- Web InterfaceCross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-20
4.3CVE-2007-6477
OTHER-REF
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamAVOff-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP file.
unknown
2007-12-19
6.8CVE-2007-6336
DEBIAN
BID
Dokeos -- DokeosUnrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
unknown
2007-12-20
4.9CVE-2007-6479
MILW0RM
SECUNIA
Falcon -- Series One CMSMultiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
unknown
2007-12-20
6.8CVE-2007-6488
MILW0RM
FRSIRT
SECUNIA
Falcon -- Series One CMSCross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
unknown
2007-12-20
4.3CVE-2007-6490
MILW0RM
FRSIRT
SECUNIA
Flyspray -- FlysprayMultiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
unknown
2007-12-19
4.3CVE-2007-6461
OTHER-REF
SECUNIA
Fonality -- Trixboxregistry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
unknown
2007-12-18
4.3CVE-2007-6424
MLIST
OTHER-REF
OTHER-REF
Form Tools -- Form ToolsMultiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
unknown
2007-12-19
6.8CVE-2007-6464
MILW0RM
Ganglia -- GangliaMultiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
4.3CVE-2007-6465
OTHER-REF
SECUNIA
Geek-Palace.com -- LineShoutMultiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
4.3CVE-2007-6486
OTHER-REF
BID
SECUNIA
GF_3Xplorer -- GF_3XplorerMultiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
unknown
2007-12-20
4.3CVE-2007-6474
MILW0RM
SECUNIA
GF_3Xplorer -- GF_3XplorerMultiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
unknown
2007-12-20
6.4CVE-2007-6475
MILW0RM
GF_3Xplorer -- GF_3XplorerGF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
unknown
2007-12-20
5.0CVE-2007-6476
MILW0RM
SECUNIA
Google -- Google Web ToolkitUnspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
unknown
2007-12-19
4.3CVE-2007-6452
OTHER-REF
BID
FRSIRT
SECUNIA
Hosting Controller -- Hosting Controllerinc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
unknown
2007-12-20
6.5CVE-2007-6495
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
unknown
2007-12-20
6.8CVE-2007-6496
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
unknown
2007-12-20
5.5CVE-2007-6499
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
unknown
2007-12-20
4.9CVE-2007-6500
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
unknown
2007-12-20
5.5CVE-2007-6501
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
unknown
2007-12-20
5.5CVE-2007-6502
BUGTRAQ
MILW0RM
BID
XF
XF
Hosting Controller -- Hosting ControllerMultiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
unknown
2007-12-20
5.5CVE-2007-6503
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
unknown
2007-12-20
5.5CVE-2007-6504
BUGTRAQ
MILW0RM
BID
XF
Ingres -- IngresIngres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
unknown
2007-12-20
5.0CVE-2007-6334
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
KDE -- KDEUnspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
unknown
2007-12-19
4.7CVE-2007-5963
BUGTRAQ
OTHER-REF
libexif -- libexiflibexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.
unknown
2007-12-19
4.3CVE-2007-6351
OTHER-REF
REDHAT
libexif -- libexifInteger overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.
unknown
2007-12-19
6.8CVE-2007-6352
REDHAT
REDHAT
BID
Mambo -- MamboMultiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
unknown
2007-12-19
4.3CVE-2007-6455
BUGTRAQ
Net_DNS -- Net_DNSNet/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
unknown
2007-12-20
5.0CVE-2007-6341
OTHER-REF
OTHER-REF
BID
SECTRACK
NetWin -- SurgeMailStack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
unknown
2007-12-19
5.0CVE-2007-6457
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PHP Real Estate Script -- ClassifiedsMultiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
unknown
2007-12-19
4.3CVE-2007-6463
OTHER-REF
phPay -- phPayIncomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
unknown
2007-12-19
5.8CVE-2007-6471
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
phpRPG -- phpRPGphpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
unknown
2007-12-19
6.4CVE-2007-6470
BUGTRAQ
BID
SECUNIA
phpRPG -- phpRPGSQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-20
6.8CVE-2007-6484
SECUNIA
Plain Black -- WebGUIUnspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
unknown
2007-12-20
4.9CVE-2007-6487
OTHER-REF
OTHER-REF
SECUNIA
XF
Raiden Professional Servers -- RaidenHTTPDDirectory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
unknown
2007-12-19
6.4CVE-2007-6453
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- Enterprise Linux
Red Hat -- Fedora
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
unknown
2007-12-17
4.9CVE-2007-6283
OTHER-REF
Rosoft Engineering -- Rosoft Media PlayerStack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
6.8CVE-2007-6478
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SafeNet -- Sentinel Protection Server
SafeNet -- Sentinel Keys Server
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
unknown
2007-12-20
5.0CVE-2007-6483
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Sun -- Ray Server SoftwareUnspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.
unknown
2007-12-20
6.4CVE-2007-6481
SUNALERT
BID
SECUNIA
Texas Imperial Software -- WFTPD Pro ExplorerHeap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.
unknown
2007-12-20
5.8CVE-2007-6473
MILW0RM
SECUNIA
Wireshark -- WiresharkMultiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.6 allow remote attackers to cause a denial of service via (1) a crafted MP3 file, (2) the NCP dissector, or (3) the SMB dissector.
unknown
2007-12-19
5.0CVE-2007-6438
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the PPP dissector in Wireshark (formerly Ethereal) 0.99.6 might allow remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6440
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the SSL dissector in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6442
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the ANSI MAP dissector in Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on some unspecified platforms, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6443
OTHER-REF
Wireshark -- WiresharkThe MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (large loop and resource consumption) via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6446
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XiChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
unknown
2007-12-19
3.6CVE-2007-5851
APPLE
Debian -- Debian LinuxThe libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
unknown
2007-12-17
2.1CVE-2007-6418
OTHER-REF
Linux -- KernelLinux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
unknown
2007-12-18
2.1CVE-2007-6434
OTHER-REF
FRSIRT
SECUNIA
Red Hat -- Enterprise LinuxThe default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
unknown
2007-12-20
1.9CVE-2007-6285
REDHAT
REDHAT
Sun -- SolarisSolaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
unknown
2007-12-20
3.5CVE-2007-6505
SUNALERT

Back to top
=

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash PlayerUnspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier might allow remote attackers to execute arbitrary code via unknown vectors, related to "input validation errors."
unknown
2007-12-19
9.3CVE-2007-6242
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
unknown
2007-12-19
9.3CVE-2007-6243
OTHER-REF
OTHER-REF
AdultScript -- AdultScriptadmin/administrator.php in Adult Script 1.6 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to bypass authentication and obtain administrative credentials via a direct request. NOTE: this can be leveraged for arbitrary code execution through a request to admin/videolinks_view.php.
unknown
2007-12-17
7.5CVE-2007-6414
MILW0RM
BID
SECUNIA
Aertherwide -- exiftagsUnspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6355.
unknown
2007-12-18
10.0CVE-2007-6354
OTHER-REF
SECUNIA
Aertherwide -- exiftagsUnspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow," a different vulnerability than CVE-2007-6354.
unknown
2007-12-18
10.0CVE-2007-6355
OTHER-REF
SECUNIA
Apple -- Mac OS XFormat string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
unknown
2007-12-19
9.3CVE-2007-4708
APPLE
Apple -- Mac OS XDirectory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.
unknown
2007-12-19
8.8CVE-2007-4709
APPLE
Apple -- Mac OS XUnspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-4710
APPLE
Apple -- Mac OS XBuffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
unknown
2007-12-19
7.2CVE-2007-5848
APPLE
Apple -- Mac OS XInteger underflow in CUPS in Apple Mac OS X 10.5.1, when SNMP is enabled, allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
unknown
2007-12-19
9.3CVE-2007-5849
APPLE
Apple -- Mac OS XHeap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
unknown
2007-12-19
8.8CVE-2007-5850
APPLE
Apple -- Mac OS XUnspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5853
APPLE
Apple -- Mac OS XQuick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
unknown
2007-12-19
9.4CVE-2007-5856
APPLE
Apple -- SafariUnspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
unknown
2007-12-19
9.3CVE-2007-5859
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
unknown
2007-12-19
7.2CVE-2007-5860
APPLE
Apple -- Mac OS XJava in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
unknown
2007-12-18
9.4CVE-2007-5862
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
unknown
2007-12-19
9.3CVE-2007-5863
APPLE
Cisco -- IP Phone Model 7940Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-17
7.8CVE-2007-5583
FULLDISC
MILW0RM
BID
XF
Cisco -- FWSMUnspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.2(3) allows remote attackers to cause a denial of service (device reload) via crafted "data in the control-plane path with Layer 7 Application Inspections."
unknown
2007-12-19
7.8CVE-2007-5584
CISCO
BID
XF
Cisco -- IP Phone Model 7940Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.
unknown
2007-12-14
7.8CVE-2007-6370
FULLDISC
MILW0RM
BID
XF
Clam Anti-Virus -- ClamAVInteger overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6335
IDEFENSE
DEBIAN
SECUNIA
Ethereal Group -- Ethereal
Wireshark -- Wireshark
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet.
unknown
2007-12-19
7.8CVE-2007-6449
OTHER-REF
exiv2 -- exiv2Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
unknown
2007-12-19
7.5CVE-2007-6353
OTHER-REF
SECUNIA
Falcon -- Series One CMSMultiple cross-site scripting (XSS) vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gb_mail, (2) gb_name, and (3) gb_text parameters in a guestbook action to index.php, and unspecified other vectors.
unknown
2007-12-20
7.5CVE-2007-6489
MILW0RM
FRSIRT
SECUNIA
FreeWebShop -- FreeWebShopMultiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action.
unknown
2007-12-19
7.5CVE-2007-6466
OTHER-REF
BID
Gesytec Easylon -- OPC ServerGesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
unknown
2007-12-17
10.0CVE-2007-4473
OTHER-REF
OTHER-REF
CERT-VN
Hammer of Thyrion -- Hammer of ThyrionBuffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6468
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to obtain login access via a request to hosting/addreseller.asp with a username in the reseller parameter, followed by a request to AdminSettings/displays.asp with the DecideAction and ChangeSkin parameters.
unknown
2007-12-20
10.0CVE-2007-6494
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote attackers to change arbitrary user profiles via a request to Hosting/Addreseller.asp with modified loginname and email parameters; and (2) allows remote authenticated users to change a credit amount and increase a discount via an UpdateUser action to Accounts/AccountActions.asp with modified UserName, FullName, CreditLimit, and DefaultDiscount parameters, a related issue to CVE-2005-2219.
unknown
2007-12-20
7.5CVE-2007-6497
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting ControllerMultiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
unknown
2007-12-20
7.5CVE-2007-6498
BUGTRAQ
MILW0RM
BID
XF
HP -- Software UpdateThe HPRulesEngine.ContentCollection.1 ActiveX Control in RulesEngine.dll for HP Software Update 3.0.8.4 allows remote attackers to (1) overwrite and corrupt arbitrary files via arguments to the SaveToFile method, and possibly (2) access arbitrary files via the LoadDataFromFile method.
unknown
2007-12-20
9.3CVE-2007-6506
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
iMesh.com -- iMeshThe IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via an empty string in the argument to the ProcessRequestEx method.
unknown
2007-12-20
7.1CVE-2007-6492
OTHER-REF
SECUNIA
iMesh.com -- iMeshThe IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
unknown
2007-12-20
10.0CVE-2007-6493
OTHER-REF
SECUNIA
JBoss -- SeamThe getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
unknown
2007-12-18
7.5CVE-2007-6433
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Justsystem -- IchitaroStack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are obtained from third party information.
unknown
2007-12-18
9.3CVE-2007-6436
OTHER-REF
FRSIRT
SECUNIA
XF
Kvaliitti -- WebDoc CMSMultiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
unknown
2007-12-20
10.0CVE-2007-6491
BUGTRAQ
Linux -- KernelLinux kernel 2.6.22 and earlier, and possibly other versions, does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
unknown
2007-12-20
7.8CVE-2007-4567
UBUNTU
Linux -- KernelInteger overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
7.2CVE-2007-5966
OTHER-REF
BID
FRSIRT
SECUNIA
Linux -- KernelThe shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly allocate memory in some circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash).
unknown
2007-12-17
7.2CVE-2007-6417
MLIST
MLIST
MLIST
MKPortal -- MKPortalSQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
unknown
2007-12-19
7.5CVE-2007-6467
BUGTRAQ
BID
XF
my123tkShop -- e-Commerce-SuiteSQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
unknown
2007-12-19
7.5CVE-2007-6458
MILW0RM
BID
Novell -- GroupwiseStack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mail.
unknown
2007-12-18
9.3CVE-2007-6435
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
PeerCast -- PeerCastHeap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
unknown
2007-12-19
10.0CVE-2007-6454
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Perforce -- P4WebP4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
unknown
2007-12-20
7.8CVE-2007-6349
BUGTRAQ
OTHER-REF
BID
SECUNIA
PHP Real Estate Classifieds -- PHP Real Estate Classifieds Premium PlusSQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-12-19
7.5CVE-2007-6462
MILW0RM
OTHER-REF
BID
phpMyRealty -- phpMyRealtyMultiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
7.5CVE-2007-6472
MILW0RM
SECUNIA
phpRPG -- phpRPGSQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
9.3CVE-2007-6469
BUGTRAQ
BID
SECUNIA
Planamesa -- NeoOfficeUnspecified vulnerability in OpenOffice.org code in Planamesa NeoOffice 2.2.2 before Patch 4 has unknown impact and attack vectors related to MacOS 10.3.9 .odb files. NOTE: it is not clear whether this issue is a vulnerability.
unknown
2007-12-19
10.0CVE-2007-6456
OTHER-REF
BID
SECUNIA
XF
St. Bernard -- Open File ManagerHeap-based buffer overflow in Open File Manager service (ofmnt.exe) in St. Bernard Open File Manager 9.5 allows remote attackers to execute arbitrary code via a long request.
unknown
2007-12-19
10.0CVE-2007-6281
FULLDISC
OTHER-REF
BID
SECUNIA
Sun -- SolarisSun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
unknown
2007-12-17
9.3CVE-2007-6413
SUNALERT
FRSIRT
SECUNIA
Sun -- Management CenterThe Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.
unknown
2007-12-20
9.4CVE-2007-6480
SUNALERT
SECUNIA
Sun -- Ray Server SoftwareUnspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
unknown
2007-12-20
7.8CVE-2007-6482
SUNALERT
BID
SECUNIA
Trend Micro -- ServerProtectSpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, before Security Patch 4, exposes unspecified dangerous sub-functions from StRpcSrv.dll in the DCE/RPC interface, which allows remote attackers to obtain "full file system access" and execute arbitrary code.
unknown
2007-12-20
10.0CVE-2007-6507
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite or large loop) via the (1) Firebird/Interbase, (2) DCP ETSI, (3) IPv6, or (4) USB dissector, which can trigger resource consumption or a crash.
unknown
2007-12-19
7.8CVE-2007-6439
OTHER-REF
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors related to "unaligned access on some platforms."
unknown
2007-12-19
7.8CVE-2007-6441
OTHER-REF
Wireshark -- WiresharkWireshark (formerly Ethereal) 0.99.5 to 0.99.6 allows remote attackers to cause a denial of service (large loop) via a malformed DNP packet.
unknown
2007-12-19
7.8CVE-2007-6444
OTHER-REF
Wireshark -- WiresharkUnspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6, when running on "some systems," allows remote attackers to cause a denial of service (crash) via crafted chunked messages.
unknown
2007-12-19
7.8CVE-2007-6445
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the iSeries (OS/400) Communication trace file parser in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code unknown vectors.
unknown
2007-12-19
7.5CVE-2007-6447
OTHER-REF
Wireshark -- WiresharkThe Bluetooth SDP dissector in Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6448
OTHER-REF
Wireshark -- WiresharkThe RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.
unknown
2007-12-19
7.8CVE-2007-6450
OTHER-REF
Wireshark -- WiresharkUnspecified vulnerability in the CIP dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger allocation of large amounts of memory.
unknown
2007-12-19
7.8CVE-2007-6451
OTHER-REF
xeCMS -- xeCMSDirectory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.
unknown
2007-12-21
7.5CVE-2007-6508
BUGTRAQ
MILW0RM
BID
Xen -- XenThe copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
unknown
2007-12-17
7.5CVE-2007-6416
OTHER-REF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Flash PlayerMultiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
unknown
2007-12-19
4.3CVE-2007-6244
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
unknown
2007-12-19
5.8CVE-2007-6245
OTHER-REF
Adobe -- Flash PlayerAdobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0, when running on Linux, uses insecure permissions for memory, which might allow local users to gain privileges.
unknown
2007-12-19
6.9CVE-2007-6246
OTHER-REF
Aertherwide -- exiftagsexiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.
unknown
2007-12-18
5.0CVE-2007-6356
OTHER-REF
SECUNIA
Anon Proxy Server -- Anon Proxy ServerAnon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460.
unknown
2007-12-19
6.8CVE-2007-6459
BUGTRAQ
MILW0RM
BID
Anon Proxy Server -- Anon Proxy ServerMultiple cross-site scripting (XSS) vulnerabilities in Anon Proxy Server before 0.101 allow remote attackers to inject arbitrary web script or HTML via the URI, which is later displayed by (1) log.php or (2) logerror.php, a different vulnerability than CVE-2007-6459.
unknown
2007-12-19
4.3CVE-2007-6460
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Apple -- Mac OS XStack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via crafted command line arguments to (1) mount_smbfs and (2) smbutil.
unknown
2007-12-19
6.6CVE-2007-3876
APPLE
Apple -- Mac OS XRace condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
unknown
2007-12-19
6.6CVE-2007-5847
APPLE
Apple -- Mac OS XLaunch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
unknown
2007-12-19
4.3CVE-2007-5854
APPLE
Apple -- Mac OS XMail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
unknown
2007-12-19
6.4CVE-2007-5855
APPLE
Apple -- Mac OS XQuick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
unknown
2007-12-19
6.4CVE-2007-5857
APPLE
Apple -- SafariWebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
unknown
2007-12-19
4.3CVE-2007-5858
APPLE
Apple -- Mac OS XUnspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
unknown
2007-12-19
6.8CVE-2007-5861
APPLE
Asterisk -- Asterisk Business Edition
Asterisk -- Open Source
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
unknown
2007-12-19
4.3CVE-2007-6430
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Balabit -- syslog-ng Premium Edition
Balabit -- syslog-ng Open Source Edition
Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.
unknown
2007-12-19
5.0CVE-2007-6437
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
XF
Bitweaver -- BitweaverDirect static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
unknown
2007-12-17
6.8CVE-2007-6412
BUGTRAQ
OTHER-REF
BID
Centreon -- CentreonMultiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
unknown
2007-12-20
6.8CVE-2007-6485
BUGTRAQ
MILW0RM
BID
XF
Citrix -- Web InterfaceCross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2007-12-20
4.3CVE-2007-6477
OTHER-REF
FRSIRT
SECUNIA
Clam Anti-Virus -- ClamAVOff-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP file.
unknown
2007-12-19
6.8CVE-2007-6336
DEBIAN
BID
Dokeos -- DokeosUnrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI under main/upload/users/.
unknown
2007-12-20
4.9CVE-2007-6479
MILW0RM
SECUNIA
Falcon -- Series One CMSMultiple PHP remote file inclusion vulnerabilities in Falcon Series One CMS 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the dir[classes] parameter to sitemap.xml.php or (2) the error parameter to errors.php.
unknown
2007-12-20
6.8CVE-2007-6488
MILW0RM
FRSIRT
SECUNIA
Falcon -- Series One CMSCross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.
unknown
2007-12-20
4.3CVE-2007-6490
MILW0RM
FRSIRT
SECUNIA
Flyspray -- FlysprayMultiple cross-site scripting (XSS) vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via (1) the query string in an index action, related to the savesearch JavaScript function; and (2) the details parameter in a details action, related to the History tab and the getHistory JavaScript function.
unknown
2007-12-19
4.3CVE-2007-6461
OTHER-REF
SECUNIA
Fonality -- Trixboxregistry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
unknown
2007-12-18
4.3CVE-2007-6424
MLIST
OTHER-REF
OTHER-REF
Form Tools -- Form ToolsMultiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
unknown
2007-12-19
6.8CVE-2007-6464
MILW0RM
Ganglia -- GangliaMultiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
unknown
2007-12-19
4.3CVE-2007-6465
OTHER-REF
SECUNIA
Geek-Palace.com -- LineShoutMultiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
4.3CVE-2007-6486
OTHER-REF
BID
SECUNIA
GF_3Xplorer -- GF_3XplorerMultiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index_3x.php, and unspecified other vectors.
unknown
2007-12-20
4.3CVE-2007-6474
MILW0RM
SECUNIA
GF_3Xplorer -- GF_3XplorerMultiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang_sel parameter to (1) updater.php and (2) thumber.php.
unknown
2007-12-20
6.4CVE-2007-6475
MILW0RM
GF_3Xplorer -- GF_3XplorerGF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function.
unknown
2007-12-20
5.0CVE-2007-6476
MILW0RM
SECUNIA
Google -- Google Web ToolkitUnspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
unknown
2007-12-19
4.3CVE-2007-6452
OTHER-REF
BID
FRSIRT
SECUNIA
Hosting Controller -- Hosting Controllerinc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the permissions of directories named (1) db, (2) www, (3) Special, and (4) log at arbitrary locations under the web root via a modified Dirroot parameter in an AddUser action to accounts/AccountActions.asp. NOTE: this can be leveraged for remote code execution by changing the permissions of \Forum\db, which is configured for execution of ASP scripts with administrative privileges, and then uploading a script to \Forum\db.
unknown
2007-12-20
6.5CVE-2007-6495
BUGTRAQ
MILW0RM
BID
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers to register arbitrary users via a request to hosting/addsubsite.asp with the loginname and password parameters set, when preceded by certain requests to hosting/default.asp and hosting/selectdomain.asp, a related issue to CVE-2005-1654.
unknown
2007-12-20
6.8CVE-2007-6496
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to uninstall the FrontPage extensions of an arbitrary account via a request to fp2002/UNINSTAL.asp with a "host id (IIS) value."
unknown
2007-12-20
5.5CVE-2007-6499
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to delete "gateway information" via a request to OpenApi/GatewayVariables.asp.
unknown
2007-12-20
4.9CVE-2007-6500
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to enable or disable "pay type" via a request to adminsettings/choosetranstype.asp.
unknown
2007-12-20
5.5CVE-2007-6501
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerHosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to obtain sensitive information via (1) the AdminName and AdminLevel parameters to fp2000/NEWSRVR.asp, which discloses usernames; and (2) certain XML HTTP requests to hosting/css.asp using Microsoft.XMLHTTP or MSXML2.XMLHTTP objects, which trigger a response with the setup directory pathname in the HTML source; and (3) might allow remote attackers to obtain sensitive information via a request for /admin/forum/, which reveals the path in an error message when a forum is not found.
unknown
2007-12-20
5.5CVE-2007-6502
BUGTRAQ
MILW0RM
BID
XF
XF
Hosting Controller -- Hosting ControllerMultiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to (1) import an arbitrary plan via a request to hosting/importhostingplans.asp; or (2) change an arbitrary plan via a request to hosting/AutoSignUpPlans.asp with the (a) save, (b) 30, and (c) d_30 parameters.
unknown
2007-12-20
5.5CVE-2007-6503
BUGTRAQ
MILW0RM
BID
XF
Hosting Controller -- Hosting ControllerUnspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
unknown
2007-12-20
5.5CVE-2007-6504
BUGTRAQ
MILW0RM
BID
XF
Ingres -- IngresIngres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges.
unknown
2007-12-20
5.0CVE-2007-6334
OTHER-REF
OTHER-REF
BID
SECUNIA
SECUNIA
KDE -- KDEUnspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
unknown
2007-12-19
4.7CVE-2007-5963
BUGTRAQ
OTHER-REF
libexif -- libexiflibexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service (infinite recursion) via an image file with crafted EXIF tags.
unknown
2007-12-19
4.3CVE-2007-6351
OTHER-REF
REDHAT
libexif -- libexifInteger overflow in libexif 0.6.16 and earlier allows context-dependent attackers to execute arbitrary code via an image with crafted EXIF tags.
unknown
2007-12-19
6.8CVE-2007-6352
REDHAT
REDHAT
BID
Mambo -- MamboMultiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
unknown
2007-12-19
4.3CVE-2007-6455
BUGTRAQ
Net_DNS -- Net_DNSNet/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
unknown
2007-12-20
5.0CVE-2007-6341
OTHER-REF
OTHER-REF
BID
SECTRACK
NetWin -- SurgeMailStack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a long Host header.
unknown
2007-12-19
5.0CVE-2007-6457
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PHP Real Estate Script -- ClassifiedsMultiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."
unknown
2007-12-19
4.3CVE-2007-6463
OTHER-REF
phPay -- phPayIncomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ (dot dot backslash) in the config parameter.
unknown
2007-12-19
5.8CVE-2007-6471
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
phpRPG -- phpRPGphpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies.
unknown
2007-12-19
6.4CVE-2007-6470
BUGTRAQ
BID
SECUNIA
phpRPG -- phpRPGSQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-12-20
6.8CVE-2007-6484
SECUNIA
Plain Black -- WebGUIUnspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 allows remote authenticated users with Secondary Admin privileges to create Admin accounts, a different vulnerability than CVE-2006-0680.
unknown
2007-12-20
4.9CVE-2007-6487
OTHER-REF
OTHER-REF
SECUNIA
XF
Raiden Professional Servers -- RaidenHTTPDDirectory traversal vulnerability in raidenhttpd-admin/workspace.php in RaidenHTTPD 2.0.19, when the WebAdmin function is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ulang parameter.
unknown
2007-12-19
6.4CVE-2007-6453
BUGTRAQ
OTHER-REF
BID
SECUNIA
Red Hat -- Enterprise Linux
Red Hat -- Fedora
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
unknown
2007-12-17
4.9CVE-2007-6283
OTHER-REF
Rosoft Engineering -- Rosoft Media PlayerStack-based buffer overflow in Rosoft Media Player 4.1.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
unknown
2007-12-20
6.8CVE-2007-6478
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SafeNet -- Sentinel Protection Server
SafeNet -- Sentinel Keys Server
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
unknown
2007-12-20
5.0CVE-2007-6483
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Sun -- Ray Server SoftwareUnspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified vectors.
unknown
2007-12-20
6.4CVE-2007-6481
SUNALERT
BID
SECUNIA
Texas Imperial Software -- WFTPD Pro ExplorerHeap-based buffer overflow in Texas Imperial Software WFTPD Pro Explorer 1.0 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command.
unknown
2007-12-20
5.8CVE-2007-6473
MILW0RM
SECUNIA
Wireshark -- WiresharkMultiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.6 allow remote attackers to cause a denial of service via (1) a crafted MP3 file, (2) the NCP dissector, or (3) the SMB dissector.
unknown
2007-12-19
5.0CVE-2007-6438
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the PPP dissector in Wireshark (formerly Ethereal) 0.99.6 might allow remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6440
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the SSL dissector in Wireshark (formerly Ethereal) 0.99.0 to 0.99.6 might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6442
OTHER-REF
Wireshark -- WiresharkBuffer overflow in the ANSI MAP dissector in Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on some unspecified platforms, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6443
OTHER-REF
Wireshark -- WiresharkThe MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (large loop and resource consumption) via unknown vectors.
unknown
2007-12-19
5.0CVE-2007-6446
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XiChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
unknown
2007-12-19
3.6CVE-2007-5851
APPLE
Debian -- Debian LinuxThe libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.
unknown
2007-12-17
2.1CVE-2007-6418
OTHER-REF
Linux -- KernelLinux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
unknown
2007-12-18
2.1CVE-2007-6434
OTHER-REF
FRSIRT
SECUNIA
Red Hat -- Enterprise LinuxThe default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
unknown
2007-12-20
1.9CVE-2007-6285
REDHAT
REDHAT
Sun -- SolarisSolaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities.
unknown
2007-12-20
3.5CVE-2007-6505
SUNALERT

Back to top
=

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top