Weekly Vulnerabilities Reports > January 8 to 14, 2007

Overview

139 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 61 high severity vulnerabilities. This weekly summary report vulnerabilities in 143 products from 96 vendors including Microsoft, Wordpress, Apple, F5, and Igeneric. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Cross-site Scripting", and "Numeric Errors".

  • 133 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 129 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-13 CVE-2006-6926 Extremail Buffer Overflow vulnerability in Extremail 2.1

Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack.

10.0
2007-01-11 CVE-2006-6918 Geobb Remote Security vulnerability in Geobb

Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.

10.0
2007-01-11 CVE-2007-0203 Phpmyadmin Input Validation vulnerability in phpMyAdmin

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

10.0
2007-01-11 CVE-2007-0201 TIS Remote Buffer Overflow vulnerability in TIS Firewall Toolkit FTP-GW

Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).

10.0
2007-01-09 CVE-2007-0117 Apple Local Privilege Escalation vulnerability in Apple DiskManagement Framework BOM

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.

10.0
2007-01-08 CVE-2007-0100 Perforce Remote Security vulnerability in Perforce Client

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.

10.0
2007-01-09 CVE-2007-0034 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Office and Outlook

Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."

9.3
2007-01-09 CVE-2007-0033 Microsoft Remote Code Execution vulnerability in Microsoft Outlook VEVENT Record

Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.

9.3
2007-01-09 CVE-2007-0031 Microsoft Remote Code Execution vulnerability in Microsoft Excel Malformed Palette Record

Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.

9.3
2007-01-09 CVE-2007-0030 Microsoft Remote Code Execution vulnerability in Microsoft Excel Malformed Column Record

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.

9.3
2007-01-09 CVE-2007-0029 Microsoft Remote Code Execution vulnerability in Microsoft Excel Malformed String

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."

9.3
2007-01-09 CVE-2007-0028 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.

9.3
2007-01-09 CVE-2007-0024 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."

9.3
2007-01-09 CVE-2007-0027 Microsoft Remote Code Execution vulnerability in Microsoft Excel IMDATA Record

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.

9.3
2007-01-09 CVE-2007-0127 Opera Code Injection vulnerability in Opera Browser

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

9.3
2007-01-09 CVE-2007-0126 Opera Buffer Errors vulnerability in Opera Browser 9.02

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.

9.3
2007-01-08 CVE-2007-0099 Microsoft Race Condition vulnerability in Microsoft Internet Explorer and XML Core Services

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."

9.3

61 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-12 CVE-2007-0194 Mkportal Information Disclosure vulnerability in Mkportal 1.1Rc1

admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.

7.8
2007-01-10 CVE-2007-0165 SUN Denial of Service vulnerability in Sun Solaris RPC Request

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

7.8
2007-01-10 CVE-2007-0164 Camouflage Unspecified vulnerability in Camouflage 1.2.1

Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.

7.8
2007-01-10 CVE-2007-0163 Securekit Security Bypass vulnerability in Securekit Steganography 1.7.1/1.8

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

7.8
2007-01-09 CVE-2007-0157 Neon Denial Of Service vulnerability in Neon 0.26.0/0.26.1/0.26.2

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error that generates a negative index.

7.8
2007-01-11 CVE-2007-0180 EF Software Remote Buffer Overflow vulnerability in EF Software EF Commander 5.75

Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow.

7.6
2007-01-13 CVE-2007-0233 Wordpress SQL Injection vulnerability in WordPress Wp-trackback.PHP

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.

7.5
2007-01-13 CVE-2007-0232 Jshop E Commerce Remote File Include vulnerability in Jshop E-Commerce Jshop Server 1.3

PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

7.5
2007-01-13 CVE-2007-0230 CS Cart Code Injection vulnerability in Cs-Cart 1.3.3

** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter.

7.5
2007-01-13 CVE-2007-0226 Uniforum SQL Injection vulnerability in uniForum WBSearch.ASPX

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).

7.5
2007-01-13 CVE-2007-0224 Virtual Programming SQL-Injection vulnerability in Virtual Programming Vp-Asp 6.09

SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginLastname parameter.

7.5
2007-01-13 CVE-2007-0223 Nicola Asuni SQL Injection vulnerability in All In One Control Panel

SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Control Panel (AIOCP) before 1.3.009 allows remote attackers to execute arbitrary SQL commands via the download_category parameter.

7.5
2007-01-13 CVE-2006-6930 GA Soft Input Validation vulnerability in GA Soft Rapid Classified 3.1

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-13 CVE-2006-6927 Grandora SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp.

7.5
2007-01-13 CVE-2006-6923 Bitweaver Input Validation vulnerability in Bitweaver

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter.

7.5
2007-01-13 CVE-2006-6922 Deadlock User Management System SQL Injection vulnerability in Deadlock

SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-01-12 CVE-2007-0193 FON Remote Security vulnerability in La Fonera

FON La Fonera routers do not properly limit DNS service access by unauthenticated clients, which allows remote attackers to tunnel traffic via DNS requests for hosts that should not be accessible before authentication.

7.5
2007-01-12 CVE-2007-0192 Mkportal Cross-Site Request Forgery vulnerability in MKPortal

Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.

7.5
2007-01-12 CVE-2007-0190 Edit X Remote File Include vulnerability in Edit-X Edit_Address.PHP

PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

7.5
2007-01-12 CVE-2007-0189 Geobb Unspecified vulnerability in Geobb Georgian Bulletin Board

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.

7.5
2007-01-12 CVE-2007-0187 F5 Input Validation vulnerability in F5 Firepass

F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to access restricted URLs via (1) a trailing null byte, (2) multiple leading slashes, (3) Unicode encoding, (4) URL-encoded directory traversal or same-directory characters, or (5) upper case letters in the domain name.

7.5
2007-01-12 CVE-2007-0184 Getahead Remote vulnerability in Direct Web Rendering

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks.

7.5
2007-01-12 CVE-2007-0182 Scriptaty Remote File Include vulnerability in Magic Photo Storage Website

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/.

7.5
2007-01-11 CVE-2007-0205 Alexphpteam Path Traversal vulnerability in Alexphpteam Alex Guestbook

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters.

7.5
2007-01-11 CVE-2007-0169 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.

7.5
2007-01-11 CVE-2007-0168 Broadcom Unspecified vulnerability in Broadcom products

The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.

7.5
2007-01-11 CVE-2007-0202 Alexphpteam Input Validation vulnerability in @lex Guestbook

SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.

7.5
2007-01-11 CVE-2007-0200 Geoffrey Golliher Remote File Include vulnerability in Geoffrey Golliher Axiom Photo News Gallery 0.8.6

PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.

7.5
2007-01-11 CVE-2007-0196 Motionborg SQL Injection vulnerability in Motionborg web Real Estate

SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters.

7.5
2007-01-11 CVE-2007-0181 Scriptaty Remote File Include vulnerability in Magic Photo Storage Website

PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.

7.5
2007-01-11 CVE-2007-0179 Phpkit SQL Injection vulnerability in PHPkit 1.6.1

SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.

7.5
2007-01-11 CVE-2007-0178 PHP WEB Scripts Remote File Include vulnerability in PHP web Scripts Easy Banner PRO 2.8

PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.

7.5
2007-01-11 CVE-2007-0174 Sina Remote Stack Buffer Overflow vulnerability in Sina Uc2006

Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.

7.5
2007-01-11 CVE-2007-0172 Voice OF WEB Remote File Include vulnerability in AllMyGuests

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

7.5
2007-01-11 CVE-2007-0171 Voice OF WEB Remote File Include vulnerability in Retired: AllMyLinks

PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AML_opensite parameter.

7.5
2007-01-11 CVE-2007-0170 Allmyphp Remote File Include vulnerability in Allmyphp Allmyvisitors 0.4.0

PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMV_serverpath parameter.

7.5
2007-01-10 CVE-2007-0167 PPC Search Engine
WGS PPC
Remote File Include vulnerability in PPC Search Engine INC Parameter

Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.

7.5
2007-01-10 CVE-2007-0160 Centericq Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Centericq

Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.

7.5
2007-01-09 CVE-2007-0156 M Core Information Disclosure vulnerability in M-Core

M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.

7.5
2007-01-09 CVE-2007-0155 Harikaonline Information Disclosure vulnerability in Harikaonline 2.0

HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

7.5
2007-01-09 CVE-2007-0154 Webulas Information Disclosure vulnerability in Webulas

Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.

7.5
2007-01-09 CVE-2007-0153 Adam Jarret Information Disclosure vulnerability in Adam Jarret Ajlogin 3.5

AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

7.5
2007-01-09 CVE-2007-0152 Ohhasp Information Disclosure vulnerability in Ohhasp

OhhASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/OhhASP.mdb.

7.5
2007-01-09 CVE-2007-0151 Mitisoft Information Disclosure vulnerability in Mitisoft

MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.

7.5
2007-01-09 CVE-2007-0150 Dayfox Designs Remote Security vulnerability in Dayfox Designs Dayfox Blog 4

Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.

7.5
2007-01-09 CVE-2007-0149 Ememberspro Information Disclosure vulnerability in Ememberspro 1.0

EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.

7.5
2007-01-09 CVE-2007-0145 Bingo News Remote Security vulnerability in Bingo News Bingo News 3.01

PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter, a different vector than CVE-2006-4648 and CVE-2006-4649.

7.5
2007-01-09 CVE-2007-0142 Shopstorenow SQL Injection vulnerability in Shopstorenow E-commerce Shopping Cart Orange.ASP

SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

7.5
2007-01-09 CVE-2007-0140 Kolayindir Download SQL Injection vulnerability in Kolayindir Download Down.ASP

SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-09 CVE-2007-0139 HP Remote Security vulnerability in HP Openvms 7.3/7.32

Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in DECnet/OSI 7.3-2 for OpenVMS ALPHA, and the DECnet-Plus 7.3 feature in DECnet/OSI 7.3 for OpenVMS VAX, allows attackers to obtain "unintended privileged access to data and system resources" via unspecified vectors, related to (1) [SYSEXE]CTF$UI.EXE, (2) [SYSMSG]CTF$MESSAGES.EXE, (3) [SYSHLP]CTF$HELP.HLB, and (4) [SYSMGR]CTF$STARTUP.COM.

7.5
2007-01-09 CVE-2007-0134 Igeneric Code Injection vulnerability in Igeneric IG Shop 1.0/1.4

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php.

7.5
2007-01-09 CVE-2007-0133 Igeneric SQL-Injection vulnerability in iG Shop

Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) user_login_cookie parameter.

7.5
2007-01-09 CVE-2007-0132 Igeneric SQL Injection vulnerability in Igeneric IG Shop 1.4

SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-09 CVE-2007-0131 Jamwiki Authentication Bypass vulnerability in JamWiki Topics Relocation

JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki.

7.5
2007-01-09 CVE-2007-0130 Igeneric SQL Injection vulnerability in Igeneric IG Calendar 1.0

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-09 CVE-2007-0129 Locazo SQL-Injection vulnerability in Locazolist Classifieds

SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.

7.5
2007-01-09 CVE-2007-0128 Digiappz SQL-Injection vulnerability in Digirez

SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

7.5
2007-01-09 CVE-2007-0116 Digger Solutions Information Disclosure vulnerability in Intranet Open Source

Digger Solutions Intranet Open Source (IOS) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for data/intranet.mdb.

7.5
2007-01-09 CVE-2007-0112 Createauction SQL Injection vulnerability in CreateAuction Cats.ASP

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-01-09 CVE-2007-0105 Cisco Remote vulnerability in Cisco Secure Access Control Server

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

7.5
2007-01-13 CVE-2007-0229 Apple
Freebsd
Numeric Errors vulnerability in multiple products

Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679.

7.2

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-13 CVE-2007-0231 SIX Apart Cross-Site Scripting vulnerability in SIX Apart Movable Type 3.33

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field.

6.8
2007-01-13 CVE-2007-0225 Virtual Programming Cross-Site Scripting vulnerability in Virtual Programming Vp-Asp 6.09

Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

6.8
2007-01-13 CVE-2006-6929 GA Soft Input Validation vulnerability in GA Soft Rapid Classified 3.1

Multiple cross-site scripting (XSS) vulnerabilities in Rapid Classified 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) reply.asp or (b) view_print.asp, the (2) SH1 parameter to (c) search.asp, the (3) name parameter to reply.asp, or the (4) dosearch parameter to (d) advsearch.asp.

6.8
2007-01-13 CVE-2006-6928 Grandora SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6

Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) listmain.asp or (b) searchmain.asp, the (2) the Keyword parameter to (c) searchkey.asp, or the (3) refno parameter to (d) forminfo.asp.

6.8
2007-01-13 CVE-2006-6925 Bitweaver Input Validation vulnerability in Bitweaver

Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.

6.8
2007-01-12 CVE-2007-0191 Mkportal Cross-Site Scripting vulnerability in MKPortal

Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.

6.8
2007-01-12 CVE-2007-0186 F5 Input Validation vulnerability in F5 Firepass 4100

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN allow remote attackers to inject arbitrary web script or HTML via (1) the xcho parameter to my.logon.php3; the (2) topblue, (3) midblue, (4) wtopblue, and certain other Custom color parameters in a per action to vdesk/admincon/index.php; the (5) h321, (6) h311, (7) h312, and certain other Front Door custom text color parameters in a per action to vdesk/admincon/index.php; the (8) ua parameter in a bro action to vdesk/admincon/index.php; the (9) app_param and (10) app_name parameters to webyfiers.php; (11) double eval functions; (12) JavaScript contained in an <FP_DO_NOT_TOUCH> element; and (13) the vhost parameter to my.activation.php.

6.8
2007-01-12 CVE-2007-0183 SUN Cross-Site Scripting vulnerability in SUN Iplanet web Server 4.1

Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter.

6.8
2007-01-11 CVE-2006-6920 Nucleus CMS Cross-Site Scripting vulnerability in Nucleus CMS

Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly involving (1) lib/ADMIN.php and (2) lib/SKIN.php.

6.8
2007-01-11 CVE-2006-6919 Sage Mozdev Remote Security vulnerability in Sage-Mozdev Sage 1.3.8

Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.

6.8
2007-01-11 CVE-2007-0204 Phpmyadmin Input Validation vulnerability in phpMyAdmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2007-01-11 CVE-2007-0197 Apple Improper Input Validation vulnerability in Apple mac OS X 10.4.6/10.4.8

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

6.8
2007-01-11 CVE-2007-0176 Gforge Cross-Site Scripting vulnerability in Gforge 4.5.11

Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

6.8
2007-01-11 CVE-2007-0173 L2J Local File Include vulnerability in L2J Statistik Script 0.09

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-01-10 CVE-2007-0162 Unsanity Local Privilege Escalation vulnerability in Unsanity Application Enhancer 2.0.2

Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.

6.8
2007-01-09 CVE-2007-0148 Omnigroup Unspecified vulnerability in Omnigroup Omniweb 5.5.1

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

6.8
2007-01-09 CVE-2007-0144 Digitizing Quote AND Ordering System Cross-Site Scripting vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0

Cross-site scripting (XSS) vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter.

6.8
2007-01-09 CVE-2007-0143 Nune Remote Security vulnerability in Nune News Script 2.0Pre2

Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.

6.8
2007-01-09 CVE-2007-0141 YET Another Link Directory HTML Injection vulnerability in YET Another Link Directory YET Another Link Directory 1.0

Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

6.8
2007-01-09 CVE-2007-0137 Serendipitynz Cross-Site Scripting vulnerability in Serene Bach

Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ Serene Bach 2.05R and earlier, and 2.08D and earlier in the 2.08 series; and (2) sb 1.13D and earlier, and 1.18R and earlier in the 1.18 series; allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2007-01-09 CVE-2007-0135 Aratix Remote Security vulnerability in Aratix

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.

6.8
2007-01-09 CVE-2007-0123 Uber Uploader File-Upload vulnerability in Uber Uploader Uber Uploader 4.2

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.

6.8
2007-01-09 CVE-2007-0121 Michael Romedahl Cross-Site Scripting vulnerability in Michael Romedahl RI Blog 1.3

Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

6.8
2007-01-09 CVE-2007-0119 Edittag Cross-Site Scripting vulnerability in Edittag 1.2

Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 allow remote attackers to inject arbitrary web script or HTML via the plain parameter to (1) mkpw_mp.cgi, (2) mkpw.pl, or (3) mkpw.cgi.

6.8
2007-01-09 CVE-2007-0113 Packeteer Buffer Overflow Denial Of Service vulnerability in Packeteer Packetwise 8.0

Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.

6.8
2007-01-09 CVE-2007-0111 Resco Remote Code Execution vulnerability in Resco Photo Viewer for PocketPC Malformed PNG File

Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as used in mobile devices running Windows Mobile 5.0, 2003, and 2003SE, allows remote attackers to execute arbitrary code via a crafted PNG image.

6.8
2007-01-09 CVE-2007-0110 Novell Cross-Site Scripting vulnerability in Novell Access Manager Identity Server 3

Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell Access Manager Identity Server before 3.0.0-1013 allows remote attackers to inject arbitrary web script or HTML via the IssueInstant parameter, which is not properly handled in the resulting error message.

6.8
2007-01-09 CVE-2007-0107 Wordpress SQL Injection vulnerability in WordPress Charset Decoding

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

6.8
2007-01-09 CVE-2007-0106 Wordpress Cross-Site Scripting vulnerability in Wordpress Invalid CSRF Token

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

6.8
2007-01-09 CVE-2007-0104 Xpdf
KDE
Improper Input Validation vulnerability in multiple products

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

6.8
2007-01-09 CVE-2007-0103 Adobe Improper Input Validation vulnerability in Adobe Acrobat Reader

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

6.8
2007-01-09 CVE-2007-0102 Apple Improper Input Validation vulnerability in Apple Preview 3.0.8

The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

6.8
2007-01-08 CVE-2007-0101 Spine Cross-Site Request Forgery vulnerability in Spine

Cross-site request forgery (CSRF) vulnerability in SPINE allows remote attackers to perform unauthorized actions as administrators via unspecified vectors.

6.8
2007-01-11 CVE-2007-0166 Freebsd Local Symbolic Link vulnerability in FreeBSD Jail RC.D

The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify pathnames when writing to /var/log/console.log during a jail start-up, or when file systems are mounted or unmounted, which allows local root users to overwrite arbitrary files, or mount/unmount files, outside of the jail via a symlink attack.

6.6
2007-01-12 CVE-2007-0188 F5 Input Validation vulnerability in F5 Firepass

F5 FirePass 5.4 through 5.5.1 does not properly enforce host access restrictions when a client uses a single integer (dword) representation of an IP address ("dotless IP address"), which allows remote authenticated users to connect to the FirePass administrator console and certain other network resources.

6.5
2007-01-09 CVE-2007-0122 Coppermine SQL Injection vulnerability in Coppermine Photo Gallery Albmgr.PHP

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

6.5
2007-01-10 CVE-2007-0159 Geoip Directory Traversal vulnerability in Geoip 1.4.0

Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a ..

6.4
2007-01-09 CVE-2007-0146 FIX AND Chips Computer Services Cross-Site Scripting vulnerability in FIX and Chips Computer Services FIX and Chips CMS 1.0

Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) delete-announce.php; the (2) Announcement form field in (b) staff.php; the (3) Client Name, (4) Business Name, (5) Street, (6) Address 2, (7) Town/City, (8) Postcode, (9) Phone Number, (10) Email Address and (11) Website Address form fields in (c) new_customer.php; and unspecified fields in (d) search.php and (e) client-results.php.

6.0
2007-01-09 CVE-2007-0115 Coppermine Remote Security vulnerability in Coppermine Photo Gallery

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the Username to login.php, which is injected into an error message in security.log.php, which can then be accessed using viewlog.php.

6.0
2007-01-09 CVE-2007-0108 Novell Unspecified vulnerability in Novell Client 4.91

nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not delete user profiles during a Terminal Service or Citrix session, which allows remote authenticated users to invoke alternate user profiles.

6.0
2007-01-11 CVE-2007-0177 Mediawiki Cross-Site Scripting vulnerability in MediaWiki

Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.1
2007-01-13 CVE-2007-0228 Eiqnetworks Denial of Service vulnerability in Eiqnetworks Enterprise Security Analyzer 2.0/2.1/2.5

The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.

5.0
2007-01-13 CVE-2007-0227 Slocate Local Information Disclosure vulnerability in Slocate 3.1

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files.

5.0
2007-01-13 CVE-2006-6924 Bitweaver Parameter Multiple Input Validation vulnerability in Retired: Bitweaver

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error.

5.0
2007-01-12 CVE-2007-0195 F5 Input Validation vulnerability in F5 Firepass

my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to confirm the validity of an LDAP account.

5.0
2007-01-12 CVE-2007-0185 Getahead Remote vulnerability in Direct Web Rendering

Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch.

5.0
2007-01-12 CVE-2007-0206 HP Information Disclosure vulnerability in Hewlett Packard OpenView Network Node Manager

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to read arbitrary files via unknown vectors.

5.0
2007-01-11 CVE-2007-0199 Cisco Denial Of Service vulnerability in Cisco IOS Data-link Switching

The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message...

5.0
2007-01-11 CVE-2007-0198 Cisco Denial of Service vulnerability in Cisco Unified Contact Center and IP Contact Center JTapi Gateway

The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port.

5.0
2007-01-09 CVE-2007-0147 Cuyahoga Unspecified vulnerability in Cuyahoga

Cuyahoga before 1.0.1 installs the FCKEditor component with an incorrect deny statement in a Web.config file, which allows remote attackers to upload files when these privileges were intended only for the Administrator and Editor roles.

5.0
2007-01-09 CVE-2007-0138 Fersch Denial-Of-Service vulnerability in Fersch Formbankserver 1.9

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with (1) AbfrageForm or (2) EingabeForm, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter.

5.0
2007-01-09 CVE-2007-0125 Kaspersky LAB Denial Of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0

Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux before 20070102 enter an infinite loop upon encountering an invalid NumberOfRvaAndSizes value in the Optional Windows Header of a portable executable (PE) file, which allows remote attackers to cause a denial of service (CPU consumption) by scanning a crafted PE file.

5.0
2007-01-09 CVE-2007-0114 SUN Information Disclosure vulnerability in SUN Java System Content Delivery Server 5.0

Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.

5.0
2007-01-09 CVE-2007-0109 Wordpress Information Disclosure vulnerability in WordPress

wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

5.0
2007-01-11 CVE-2007-0175 B2Evolution Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.8.5/1.8.6

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

4.3
2007-01-09 CVE-2007-0136 Drupal Cross-Site Scripting vulnerability in Drupal

Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules.

4.3
2007-01-09 CVE-2007-0118 Edittag Directory Traversal vulnerability in Edittag 1.2

Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.

4.3
2007-01-10 CVE-2007-0161 HP Products PML Driver HPZ12 Local Privilege Escalation vulnerability in HP

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.

4.1

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-09 CVE-2007-0124 Drupal Denial of Service vulnerability in Drupal Page Caching

Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.

3.5
2007-01-12 CVE-2006-6921 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1

Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.

2.1
2007-01-09 CVE-2007-0120 Acunetix Remote Denial of Service vulnerability in Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and earlier allows remote attackers to cause a denial of service (application crash) via multiple HTTP requests containing invalid Content-Length values.

1.9