Weekly Vulnerabilities Reports > January 1 to 7, 2007
Overview
37 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 16 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 31 vendors including Adobe, Apple, Cisco, Openbsd, and Videolan. Vulnerabilities are notably categorized as "Use of Externally-Controlled Format String", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Cross-Site Request Forgery (CSRF)".
- 35 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 34 reported vulnerabilities are exploitable by an anonymous user.
- Adobe has the most reported vulnerabilities, with 5 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-01-04 | CVE-2007-0057 | Cisco | Credentials Management vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. | 10.0 |
| 2007-01-05 | CVE-2007-0097 | Conexware | Remote Security vulnerability in Conexware Powerarchiver 2006 9.64.02 Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories. | 9.3 |
16 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-01-05 | CVE-2007-0079 | Rblog | Information Disclosure vulnerability in Rblog rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. | 7.8 |
| 2007-01-04 | CVE-2007-0058 | Cisco | Information Exposure vulnerability in Cisco Network Admission Control Manager and Server System Software Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. | 7.8 |
| 2007-01-05 | CVE-2007-0096 | Carbon Communities | Information Disclosure vulnerability in Carbon Communities CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | 7.5 |
| 2007-01-05 | CVE-2007-0094 | Sven Moderow | Information Disclosure vulnerability in Sven Moderow Sven Moderow Guestbook 0.3A Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/. | 7.5 |
| 2007-01-05 | CVE-2007-0093 | CMS Center | SQL-Injection vulnerability in Simple Web Cms SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-05 | CVE-2007-0092 | E Smart Cart | SQL-Injection vulnerability in E-Smart Cart E-Smart Cart 1.0 SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | 7.5 |
| 2007-01-05 | CVE-2007-0091 | Katy Whitton WEB Development | Information Disclosure vulnerability in Newscmslite newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb. | 7.5 |
| 2007-01-05 | CVE-2007-0090 | Fermentigrafici | Information Disclosure vulnerability in Wineglass WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb. | 7.5 |
| 2007-01-05 | CVE-2007-0089 | Jgbbs | Information Disclosure vulnerability in Jgbbs 3.0 jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb. | 7.5 |
| 2007-01-05 | CVE-2007-0076 | 2Enetworx | Information Disclosure vulnerability in OpenForum Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb. | 7.5 |
| 2007-01-05 | CVE-2007-0075 | Aspbb | Information Disclosure vulnerability in ASPBB AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb. | 7.5 |
| 2007-01-04 | CVE-2007-0053 | ASP Siteware | SQL Injection vulnerability in autoDealer Detail.ASP SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0052 | Vizayn Haber | SQL Injection vulnerability in Vizayn Haber Haberdetay.ASP SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-01-04 | CVE-2007-0049 | Geckovich | Unspecified vulnerability in Geckovich Tasktracker and Tasktracker PRO Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp. | 7.5 |
| 2007-01-03 | CVE-2007-0046 | Adobe | Remote Security vulnerability in Reader Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | 7.5 |
| 2007-01-03 | CVE-2007-0016 | Netfarer | Buffer Errors vulnerability in Netfarer Movieplay 4.76 Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. | 7.5 |
19 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-01-05 | CVE-2007-0098 | Verliadmin | File-Upload vulnerability in VerliAdmin Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2007-01-05 | CVE-2007-0083 | Nuked Klan | Unspecified vulnerability in Nuked-Klan Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan. | 6.8 |
| 2007-01-05 | CVE-2007-0081 | Sunbelt | Local Privilege Escalation vulnerability in Kerio Personal Firewall IPHLPAPI.DLL Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory. | 6.8 |
| 2007-01-05 | CVE-2007-0059 | Apple | Remote Security vulnerability in QuickTime Player Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | 6.8 |
| 2007-01-04 | CVE-2007-0056 | Ashopsoftware | Cross-Site Scripting vulnerability in AShop Deluxe And AShop Administration Panel Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php. | 6.8 |
| 2007-01-04 | CVE-2007-0054 | Belchior Foundry | Cross-Site Scripting vulnerability in VCard Pro Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter. | 6.8 |
| 2007-01-03 | CVE-2007-0047 | Adobe | Remote Security vulnerability in Reader CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | 6.8 |
| 2007-01-03 | CVE-2007-0017 | Videolan | USE of Externally-Controlled Format String vulnerability in Videolan VLC Media Player Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file. | 6.8 |
| 2007-01-01 | CVE-2007-0015 | Apple | Remote Buffer Overflow vulnerability in Apple Quicktime 7.1.3 Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | 6.8 |
| 2007-01-05 | CVE-2007-0082 | Imgallery | Unspecified vulnerability in Imgallery 2.4/2.5 users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts. | 6.5 |
| 2007-01-05 | CVE-2007-0085 | Openbsd | Local Security vulnerability in Openbsd 3.9/4.0 Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | 6.0 |
| 2007-01-05 | CVE-2007-0095 | Phpmyadmin | Information Disclosure vulnerability in PHPmyadmin 2.9.1.1 phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | 5.0 |
| 2007-01-05 | CVE-2007-0088 | Openmedia | Directory Traversal vulnerability in Openmedia Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-01-05 | CVE-2007-0078 | Battleblog | Information Disclosure vulnerability in Battleblog 1.0D BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | 5.0 |
| 2007-01-05 | CVE-2007-0077 | Lblog | Information Disclosure vulnerability in LBlog lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/. | 5.0 |
| 2007-01-04 | CVE-2007-0055 | Fersch | Directory Traversal vulnerability in Fersch Formbankserver 1.9 Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. | 5.0 |
| 2007-01-03 | CVE-2007-0048 | Adobe | Unspecified vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, when used with Internet Explorer, Google Chrome, or Opera, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL, related to a "cross-site scripting issue." | 5.0 |
| 2007-01-03 | CVE-2007-0045 | Adobe | Cross-Site Scripting vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)." | 4.3 |
| 2007-01-03 | CVE-2007-0044 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Acrobat, Acrobat 3D and Acrobat Reader Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding." | 4.3 |
0 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|