Weekly Vulnerabilities Reports > January 8 to 14, 2007
Overview
131 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 55 high severity vulnerabilities. This weekly summary report vulnerabilities in 136 products from 91 vendors including Microsoft, Apple, Wordpress, F5, and Igeneric. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", and "Numeric Errors".
- 125 reported vulnerabilities are remotely exploitables.
- 24 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 121 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-13 | CVE-2006-6926 | Extremail | Buffer Overflow vulnerability in Extremail 2.1 Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. | 10.0 |
2007-01-11 | CVE-2006-6918 | Geobb | Remote Security vulnerability in Geobb Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. | 10.0 |
2007-01-11 | CVE-2007-0203 | Phpmyadmin | Input Validation vulnerability in phpMyAdmin Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors. | 10.0 |
2007-01-11 | CVE-2007-0201 | TIS | Remote Buffer Overflow vulnerability in TIS Firewall Toolkit FTP-GW Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest). | 10.0 |
2007-01-09 | CVE-2007-0117 | Apple | Local Privilege Escalation vulnerability in Apple DiskManagement Framework BOM DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. | 10.0 |
2007-01-08 | CVE-2007-0100 | Perforce | Remote Security vulnerability in Perforce Client The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. | 10.0 |
2007-01-09 | CVE-2007-0034 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Outlook Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability." | 9.3 |
2007-01-09 | CVE-2007-0033 | Microsoft | Remote Code Execution vulnerability in Microsoft Outlook VEVENT Record Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file. | 9.3 |
2007-01-09 | CVE-2007-0031 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Malformed Palette Record Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries. | 9.3 |
2007-01-09 | CVE-2007-0030 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Malformed Column Record Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory. | 9.3 |
2007-01-09 | CVE-2007-0029 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Malformed String Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability." | 9.3 |
2007-01-09 | CVE-2007-0028 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used. | 9.3 |
2007-01-09 | CVE-2007-0024 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability." | 9.3 |
2007-01-09 | CVE-2007-0027 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel IMDATA Record Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption. | 9.3 |
2007-01-09 | CVE-2007-0127 | Opera | Code Injection vulnerability in Opera Browser The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | 9.3 |
2007-01-09 | CVE-2007-0126 | Opera | Buffer Errors vulnerability in Opera Browser 9.02 Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker. | 9.3 |
2007-01-08 | CVE-2007-0099 | Microsoft | Race Condition vulnerability in Microsoft Internet Explorer and XML Core Services Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | 9.3 |
55 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-12 | CVE-2007-0194 | Mkportal | Information Disclosure vulnerability in Mkportal 1.1Rc1 admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message. | 7.8 |
2007-01-10 | CVE-2007-0165 | SUN | Denial of Service vulnerability in Sun Solaris RPC Request Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | 7.8 |
2007-01-10 | CVE-2007-0164 | Camouflage | Unspecified vulnerability in Camouflage 1.2.1 Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information. | 7.8 |
2007-01-10 | CVE-2007-0163 | Securekit | Security Bypass vulnerability in Securekit Steganography 1.7.1/1.8 SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. | 7.8 |
2007-01-11 | CVE-2007-0180 | EF Software | Remote Buffer Overflow vulnerability in EF Software EF Commander 5.75 Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow. | 7.6 |
2007-01-13 | CVE-2007-0233 | Wordpress | SQL Injection vulnerability in WordPress Wp-trackback.PHP wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. | 7.5 |
2007-01-13 | CVE-2007-0232 | Jshop E Commerce | Remote File Include vulnerability in Jshop E-Commerce Jshop Server 1.3 PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter. | 7.5 |
2007-01-13 | CVE-2007-0226 | Uniforum | SQL Injection vulnerability in uniForum WBSearch.ASPX SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter). | 7.5 |
2007-01-13 | CVE-2007-0224 | Virtual Programming | SQL-Injection vulnerability in Virtual Programming Vp-Asp 6.09 SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter. | 7.5 |
2007-01-13 | CVE-2007-0223 | Nicola Asuni | SQL Injection vulnerability in All In One Control Panel SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter. | 7.5 |
2007-01-13 | CVE-2006-6927 | Grandora | SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6 Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. | 7.5 |
2007-01-13 | CVE-2006-6923 | Bitweaver | Input Validation vulnerability in Bitweaver SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | 7.5 |
2007-01-13 | CVE-2006-6922 | Deadlock User Management System | SQL Injection vulnerability in Deadlock SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-01-12 | CVE-2007-0193 | FON | Remote Security vulnerability in La Fonera FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication. | 7.5 |
2007-01-12 | CVE-2007-0192 | Mkportal | Cross-Site Request Forgery vulnerability in MKPortal Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack. | 7.5 |
2007-01-12 | CVE-2007-0190 | Edit X | Remote File Include vulnerability in Edit-X Edit_Address.PHP PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | 7.5 |
2007-01-12 | CVE-2007-0187 | F5 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name. | 7.5 |
2007-01-12 | CVE-2007-0184 | Getahead | Remote vulnerability in Direct Web Rendering Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | 7.5 |
2007-01-12 | CVE-2007-0182 | Scriptaty | Remote File Include vulnerability in Magic Photo Storage Website Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. | 7.5 |
2007-01-11 | CVE-2007-0205 | Alexphpteam | Path Traversal vulnerability in Alexphpteam Alex Guestbook Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. | 7.5 |
2007-01-11 | CVE-2007-0169 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service. | 7.5 |
2007-01-11 | CVE-2007-0168 | Broadcom | Unspecified vulnerability in Broadcom products The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed. | 7.5 |
2007-01-11 | CVE-2007-0202 | Alexphpteam | Input Validation vulnerability in @lex Guestbook SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter. | 7.5 |
2007-01-11 | CVE-2007-0200 | Geoffrey Golliher | Remote File Include vulnerability in Geoffrey Golliher Axiom Photo News Gallery 0.8.6 PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter. | 7.5 |
2007-01-11 | CVE-2007-0196 | Motionborg | SQL Injection vulnerability in Motionborg web Real Estate SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. | 7.5 |
2007-01-11 | CVE-2007-0181 | Scriptaty | Remote File Include vulnerability in Magic Photo Storage Website PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter. | 7.5 |
2007-01-11 | CVE-2007-0179 | Phpkit | SQL Injection vulnerability in PHPkit 1.6.1 SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter. | 7.5 |
2007-01-11 | CVE-2007-0178 | PHP WEB Scripts | Remote File Include vulnerability in PHP web Scripts Easy Banner PRO 2.8 PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | 7.5 |
2007-01-11 | CVE-2007-0174 | Sina | Remote Stack Buffer Overflow vulnerability in Sina Uc2006 Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function. | 7.5 |
2007-01-11 | CVE-2007-0170 | Allmyphp | Remote File Include vulnerability in Allmyphp Allmyvisitors 0.4.0 PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter. | 7.5 |
2007-01-10 | CVE-2007-0167 | PPC Search Engine WGS PPC | Remote File Include vulnerability in PPC Search Engine INC Parameter Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/. | 7.5 |
2007-01-10 | CVE-2007-0160 | Centericq | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Centericq Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings. | 7.5 |
2007-01-09 | CVE-2007-0156 | M Core | Information Disclosure vulnerability in M-Core M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb. | 7.5 |
2007-01-09 | CVE-2007-0155 | Harikaonline | Information Disclosure vulnerability in Harikaonline 2.0 HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb. | 7.5 |
2007-01-09 | CVE-2007-0154 | Webulas | Information Disclosure vulnerability in Webulas Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb. | 7.5 |
2007-01-09 | CVE-2007-0153 | Adam Jarret | Information Disclosure vulnerability in Adam Jarret Ajlogin 3.5 AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb. | 7.5 |
2007-01-09 | CVE-2007-0152 | Ohhasp | Information Disclosure vulnerability in Ohhasp OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb. | 7.5 |
2007-01-09 | CVE-2007-0151 | Mitisoft | Information Disclosure vulnerability in Mitisoft MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb. | 7.5 |
2007-01-09 | CVE-2007-0150 | Dayfox Designs | Remote Security vulnerability in Dayfox Designs Dayfox Blog 4 Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters. | 7.5 |
2007-01-09 | CVE-2007-0149 | Ememberspro | Information Disclosure vulnerability in Ememberspro 1.0 EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb. | 7.5 |
2007-01-09 | CVE-2007-0145 | Bingo News | Remote Security vulnerability in Bingo News Bingo News 3.01 PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649. | 7.5 |
2007-01-09 | CVE-2007-0142 | Shopstorenow | SQL Injection vulnerability in Shopstorenow E-commerce Shopping Cart Orange.ASP SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | 7.5 |
2007-01-09 | CVE-2007-0140 | Kolayindir Download | SQL Injection vulnerability in Kolayindir Download Down.ASP SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-09 | CVE-2007-0139 | HP | Remote Security vulnerability in HP Openvms 7.3/7.32 Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM. | 7.5 |
2007-01-09 | CVE-2007-0134 | Igeneric | Code Injection vulnerability in Igeneric IG Shop 1.0/1.4 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. | 7.5 |
2007-01-09 | CVE-2007-0133 | Igeneric | SQL-Injection vulnerability in iG Shop Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter. | 7.5 |
2007-01-09 | CVE-2007-0132 | Igeneric | SQL Injection vulnerability in Igeneric IG Shop 1.4 SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-09 | CVE-2007-0131 | Jamwiki | Authentication Bypass vulnerability in JamWiki Topics Relocation JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki. | 7.5 |
2007-01-09 | CVE-2007-0130 | Igeneric | SQL Injection vulnerability in Igeneric IG Calendar 1.0 SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-09 | CVE-2007-0129 | Locazo | SQL-Injection vulnerability in Locazolist Classifieds SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter. | 7.5 |
2007-01-09 | CVE-2007-0128 | Digiappz | SQL-Injection vulnerability in Digirez SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | 7.5 |
2007-01-09 | CVE-2007-0116 | Digger Solutions | Information Disclosure vulnerability in Intranet Open Source Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb. | 7.5 |
2007-01-09 | CVE-2007-0112 | Createauction | SQL Injection vulnerability in CreateAuction Cats.ASP SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-01-09 | CVE-2007-0105 | Cisco | Remote vulnerability in Cisco Secure Access Control Server Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | 7.5 |
2007-01-13 | CVE-2007-0229 | Apple Freebsd | Numeric Errors vulnerability in multiple products Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. | 7.2 |
56 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-13 | CVE-2007-0231 | SIX Apart | Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.33 Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field. | 6.8 |
2007-01-13 | CVE-2007-0225 | Virtual Programming | Cross-Site Scripting vulnerability in Virtual Programming Vp-Asp 6.09 Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 6.8 |
2007-01-13 | CVE-2006-6928 | Grandora | SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6 Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp. | 6.8 |
2007-01-13 | CVE-2006-6925 | Bitweaver | Input Validation vulnerability in Bitweaver Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php. | 6.8 |
2007-01-12 | CVE-2007-0191 | Mkportal | Cross-Site Scripting vulnerability in MKPortal Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section. | 6.8 |
2007-01-12 | CVE-2007-0186 | F5 | Input Validation vulnerability in F5 Firepass 4100 Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php. | 6.8 |
2007-01-12 | CVE-2007-0183 | SUN | Cross-Site Scripting vulnerability in SUN Iplanet web Server 4.1 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. | 6.8 |
2007-01-11 | CVE-2006-6920 | Nucleus CMS | Cross-Site Scripting vulnerability in Nucleus CMS Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php. | 6.8 |
2007-01-11 | CVE-2006-6919 | Sage Mozdev | Remote Security vulnerability in Sage-Mozdev Sage 1.3.8 Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script. | 6.8 |
2007-01-11 | CVE-2007-0204 | Phpmyadmin | Input Validation vulnerability in phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2007-01-11 | CVE-2007-0197 | Apple | Improper Input Validation vulnerability in Apple mac OS X 10.4.6/10.4.8 Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption. | 6.8 |
2007-01-11 | CVE-2007-0176 | Gforge | Cross-Site Scripting vulnerability in Gforge 4.5.11 Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter. | 6.8 |
2007-01-11 | CVE-2007-0173 | L2J | Local File Include vulnerability in L2J Statistik Script 0.09 Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-01-10 | CVE-2007-0162 | Unsanity | Local Privilege Escalation vulnerability in Unsanity Application Enhancer 2.0.2 Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files. | 6.8 |
2007-01-09 | CVE-2007-0148 | Omnigroup | Unspecified vulnerability in Omnigroup Omniweb 5.5.1 Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function. | 6.8 |
2007-01-09 | CVE-2007-0144 | Digitizing Quote AND Ordering System | Cross-Site Scripting vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0 Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. | 6.8 |
2007-01-09 | CVE-2007-0143 | Nune | Remote Security vulnerability in Nune News Script 2.0Pre2 Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php. | 6.8 |
2007-01-09 | CVE-2007-0141 | YET Another Link Directory | HTML Injection vulnerability in YET Another Link Directory YET Another Link Directory 1.0 Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 6.8 |
2007-01-09 | CVE-2007-0137 | Serendipitynz | Cross-Site Scripting vulnerability in Serene Bach Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2007-01-09 | CVE-2007-0135 | Aratix | Remote Security vulnerability in Aratix PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter. | 6.8 |
2007-01-09 | CVE-2007-0123 | Uber Uploader | File-Upload vulnerability in Uber Uploader Uber Uploader 4.2 Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations. | 6.8 |
2007-01-09 | CVE-2007-0121 | Michael Romedahl | Cross-Site Scripting vulnerability in Michael Romedahl RI Blog 1.3 Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 6.8 |
2007-01-09 | CVE-2007-0119 | Edittag | Cross-Site Scripting vulnerability in Edittag 1.2 Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi. | 6.8 |
2007-01-09 | CVE-2007-0113 | Packeteer | Buffer Overflow Denial Of Service vulnerability in Packeteer Packetwise 8.0 Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm. | 6.8 |
2007-01-09 | CVE-2007-0110 | Novell | Cross-Site Scripting vulnerability in Novell Access Manager Identity Server 3 Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message. | 6.8 |
2007-01-09 | CVE-2007-0107 | Wordpress | SQL Injection vulnerability in WordPress Charset Decoding WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7. | 6.8 |
2007-01-09 | CVE-2007-0106 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Invalid CSRF Token Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request. | 6.8 |
2007-01-09 | CVE-2007-0104 | Xpdf KDE | Improper Input Validation vulnerability in multiple products The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-09 | CVE-2007-0103 | Adobe | Improper Input Validation vulnerability in Adobe Acrobat Reader The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-09 | CVE-2007-0102 | Apple | Improper Input Validation vulnerability in Apple Preview 3.0.8 The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
2007-01-08 | CVE-2007-0101 | Spine | Cross-Site Request Forgery vulnerability in Spine Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors. | 6.8 |
2007-01-11 | CVE-2007-0166 | Freebsd | Local Symbolic Link vulnerability in FreeBSD Jail RC.D The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack. | 6.6 |
2007-01-12 | CVE-2007-0188 | F5 | Input Validation vulnerability in F5 Firepass F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources. | 6.5 |
2007-01-09 | CVE-2007-0122 | Coppermine | SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions. | 6.5 |
2007-01-10 | CVE-2007-0159 | Geoip | Directory Traversal vulnerability in Geoip 1.4.0 Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. | 6.4 |
2007-01-09 | CVE-2007-0146 | FIX AND Chips Computer Services | Cross-Site Scripting vulnerability in FIX and Chips Computer Services FIX and Chips CMS 1.0 Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php. | 6.0 |
2007-01-09 | CVE-2007-0115 | Coppermine | Remote Security vulnerability in Coppermine Photo Gallery Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php. | 6.0 |
2007-01-09 | CVE-2007-0108 | Novell | Unspecified vulnerability in Novell Client 4.91 nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles. | 6.0 |
2007-01-11 | CVE-2007-0177 | Mediawiki | Cross-Site Scripting vulnerability in MediaWiki Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
2007-01-13 | CVE-2007-0228 | Eiqnetworks | Denial of Service vulnerability in Eiqnetworks Enterprise Security Analyzer 2.0/2.1/2.5 The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference. | 5.0 |
2007-01-13 | CVE-2007-0227 | Slocate | Local Information Disclosure vulnerability in Slocate 3.1 slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. | 5.0 |
2007-01-13 | CVE-2006-6924 | Bitweaver | Parameter Multiple Input Validation vulnerability in Retired: Bitweaver bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. | 5.0 |
2007-01-12 | CVE-2007-0195 | F5 | Input Validation vulnerability in F5 Firepass my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account. | 5.0 |
2007-01-12 | CVE-2007-0185 | Getahead | Remote vulnerability in Direct Web Rendering Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | 5.0 |
2007-01-12 | CVE-2007-0206 | HP | Information Disclosure vulnerability in Hewlett Packard OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors. | 5.0 |
2007-01-11 | CVE-2007-0199 | Cisco | Denial Of Service vulnerability in Cisco IOS Data-link Switching The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... | 5.0 |
2007-01-11 | CVE-2007-0198 | Cisco | Denial of Service vulnerability in Cisco Unified Contact Center and IP Contact Center JTapi Gateway The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. | 5.0 |
2007-01-09 | CVE-2007-0147 | Cuyahoga | Unspecified vulnerability in Cuyahoga Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles. | 5.0 |
2007-01-09 | CVE-2007-0138 | Fersch | Denial-Of-Service vulnerability in Fersch Formbankserver 1.9 formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. | 5.0 |
2007-01-09 | CVE-2007-0125 | Kaspersky LAB | Denial Of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0 Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file. | 5.0 |
2007-01-09 | CVE-2007-0114 | SUN | Information Disclosure vulnerability in SUN Java System Content Delivery Server 5.0 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | 5.0 |
2007-01-09 | CVE-2007-0109 | Wordpress | Information Disclosure vulnerability in WordPress wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks. | 5.0 |
2007-01-11 | CVE-2007-0175 | B2Evolution | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.8.5/1.8.6 Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter. | 4.3 |
2007-01-09 | CVE-2007-0136 | Drupal | Cross-Site Scripting vulnerability in Drupal Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. | 4.3 |
2007-01-09 | CVE-2007-0118 | Edittag | Directory Traversal vulnerability in Edittag 1.2 Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl. | 4.3 |
2007-01-10 | CVE-2007-0161 | HP | Products PML Driver HPZ12 Local Privilege Escalation vulnerability in HP The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023. | 4.1 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-09 | CVE-2007-0124 | Drupal | Denial of Service vulnerability in Drupal Page Caching Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist. | 3.5 |
2007-01-12 | CVE-2006-6921 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1 Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died. | 2.1 |
2007-01-09 | CVE-2007-0120 | Acunetix | Remote Denial of Service vulnerability in Acunetix Web Vulnerability Scanner Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values. | 1.9 |