Weekly Vulnerabilities Reports > January 15 to 21, 2007

Overview

168 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 66 high severity vulnerabilities. This weekly summary report vulnerabilities in 133 products from 103 vendors including Oracle, Apple, Joomla, Phpmyadmin, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Cross-site Scripting", "Use of Externally-Controlled Format String", and "Information Exposure".

  • 142 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 147 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 31 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-19 CVE-2007-0386 Postnuke Software Foundation Remote Security vulnerability in Postnuke Software Foundation Postnuke 0.764

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."

10.0
2007-01-19 CVE-2007-0368 Michiel Broek Local Privilege Escalation Vulnerabilites in MBSE-BBS MBSE_Root

Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.

10.0
2007-01-18 CVE-2007-0303 Pancake ORG Multiple Unspecified vulnerability in Zina

Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."

10.0
2007-01-17 CVE-2006-6940 OWA Remote Security vulnerability in OWA 1.1.3

Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.

10.0
2007-01-16 CVE-2007-0261 Snews Authentication Bypass vulnerability in Snews 1.5.29/1.5.30

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.

10.0
2007-01-16 CVE-2007-0254 Xine Remote Format String vulnerability in Xine Errors.C

Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.

10.0
2007-01-16 CVE-2006-5172 Broadcom
CA
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171.
10.0
2007-01-16 CVE-2006-5171 Broadcom
CA
Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172.
10.0
2007-01-16 CVE-2007-0236 Apple Buffer Errors vulnerability in Apple mac OS X 10.4.8

Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.

10.0
2007-01-16 CVE-2006-6767 Oftpd Remote Denial of Service vulnerability in Oftpd Unsupported Address Family

oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.

9.4
2007-01-19 CVE-2007-0352 Microsoft Buffer Overflow vulnerability in Microsoft Html Help Workshop 4.02.0002

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.

9.3
2007-01-18 CVE-2007-0315 Filezilla Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Filezilla

Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp).

9.3
2007-01-16 CVE-2007-0255 Xine Remote Format String vulnerability in Xine 0.99.4

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.

9.3
2007-01-18 CVE-2007-0313 Gonicus Remote Security vulnerability in Gonicus System Administration

Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.

9.0

66 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-17 CVE-2007-0272 Oracle Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server

Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05.

8.5
2007-01-19 CVE-2007-0389 Arsdigita Directory Traversal vulnerability in Arsdigita products

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.

7.8
2007-01-19 CVE-2007-0385 Postnuke Software Foundation Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.764

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

7.8
2007-01-19 CVE-2007-0358 HP Denial Of Service vulnerability in HP Jetdirect

Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.

7.8
2007-01-18 CVE-2007-0318 Apple Denial-Of-Service vulnerability in Apple mac OS X 10.4.8

The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

7.8
2007-01-18 CVE-2007-0312 Wcsimple Poll Information Disclosure vulnerability in Wcsimple Poll

wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.

7.8
2007-01-17 CVE-2007-0295 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.

7.8
2007-01-16 CVE-2007-0262 Wordpress Information Disclosure vulnerability in Wordpress 2.0.6/2.1

WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.

7.8
2007-01-16 CVE-2007-0259 Ezboxx Information Exposure vulnerability in Ezboxx Portal System Beta0.7.6

Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.

7.8
2007-01-16 CVE-2007-0256 Videolan Denial Of Service vulnerability in Videolan VLC Media Player 0.8.6A

VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.

7.8
2007-01-16 CVE-2007-0251 Snort Unspecified vulnerability in Snort 2.6.1.2

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files.

7.8
2007-01-16 CVE-2006-6933 EFS Software Information Disclosure vulnerability in EFS Software Easy Chat Server 2.1

Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt.

7.8
2007-01-16 CVE-2006-5876 Libsoup Remote Denial of Service vulnerability in Libsoup 2.2.98

The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.

7.8
2007-01-19 CVE-2007-0395 Comvironment Remote File Include vulnerability in Comvironment 4.0

PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

7.5
2007-01-19 CVE-2007-0388 Woltlab SQL-Injection vulnerability in Burning Board

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

7.5
2007-01-19 CVE-2007-0387 Joomla SQL-Injection vulnerability in Joomla 20070118

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-01-19 CVE-2007-0382 Letterman SQL Injection vulnerability in Letterman 1.2.3

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions.

7.5
2007-01-19 CVE-2007-0381 Adaptive Technology Resource Centre SQL-Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2

Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

7.5
2007-01-19 CVE-2007-0378 Docman SQL-Injection vulnerability in Docman 1.3Rc2

Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-01-19 CVE-2007-0377 Xoops SQL Injection vulnerability in Xoops 2.0.16

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.

7.5
2007-01-19 CVE-2007-0374 Joomla
Mambo
SQL Injection vulnerability in Mambo/Joomla CMS ID

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

7.5
2007-01-19 CVE-2007-0372 Francisco Burzi SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section.

7.5
2007-01-19 CVE-2007-0370 Phpbp SQL-Injection vulnerability in PHPbp Rc32.204

Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request.

7.5
2007-01-19 CVE-2007-0369 Phpbp SQL-Injection vulnerability in PHPbp Rc32.204

SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

7.5
2007-01-19 CVE-2006-6945 Virtuemart Input Validation vulnerability in Virtuemart 1.0.7

SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.

7.5
2007-01-19 CVE-2006-6944 Phpmyadmin Security Bypass vulnerability in phpMyAdmin

phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

7.5
2007-01-19 CVE-2007-0361 Comscripts Remote File Include vulnerability in Comscripts PHPmyphorum 1.5A

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

7.5
2007-01-19 CVE-2007-0360 Oreon Project Remote File Include vulnerability in Oreon

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

7.5
2007-01-19 CVE-2007-0359 Uberghey Remote File Include vulnerability in Uberghey CMS 0.3.1

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

7.5
2007-01-19 CVE-2007-0354 MGB SQL Injection vulnerability in MGB Email.PHP

SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-19 CVE-2007-0350 SME SQL Injection vulnerability in SME Filemailer

Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter.

7.5
2007-01-18 CVE-2007-0346 SME SQL-Injection vulnerability in SME Filemailer 1.21

SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter.

7.5
2007-01-18 CVE-2007-0344 Colloquy USE of Externally-Controlled Format String vulnerability in Colloquy

Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.

7.5
2007-01-18 CVE-2007-0340 Thwboard SQL-Injection vulnerability in Thwboard

SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php.

7.5
2007-01-18 CVE-2007-0339 Scriptme SQL-Injection vulnerability in Scriptme SME Filemailer 1.21

SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter).

7.5
2007-01-18 CVE-2007-0338 Bolintech Remote Security vulnerability in Dreamftp Server

Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.

7.5
2007-01-18 CVE-2007-0337 KGB Local File Include vulnerability in KGB

Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-01-18 CVE-2007-0334 Ingate Authentication Replay vulnerability in InGate Firewall And SIParator

Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors.

7.5
2007-01-18 CVE-2007-0332 Xentraz Unspecified vulnerability in Xentraz Liens Dynamiques 2.1

(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request.

7.5
2007-01-18 CVE-2007-0330 Ipswitch Local Memory Corruption vulnerability in Ipswitch WS FTP PRO 2007

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors.

7.5
2007-01-18 CVE-2007-0317 Filezilla Remote Format String vulnerability in Filezilla 3.0.0Beta1/3.0.0Beta2

Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments.

7.5
2007-01-18 CVE-2007-0316 ALL IN ONE Control Panel SQL Injection vulnerability in All In One Control Panel

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223.

7.5
2007-01-18 CVE-2007-0314 Article System Remote File Include vulnerability in Article System Article System 1.0

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php.

7.5
2007-01-18 CVE-2007-0309 Francisco Burzi SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2007-01-18 CVE-2007-0307 Poplar Gedcom Viewer Remote File Include vulnerability in Poplar Gedcom Viewer Poplar Gedcom Viewer 1.2.2

PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

7.5
2007-01-18 CVE-2007-0306 Digiappz SQL Injection vulnerability in DigiAppz DigiAffiliate Visu_User.ASP

SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-18 CVE-2007-0305 Okulsistem Okul WEB SQL Injection vulnerability in Okulsistem Okul web Otomasyon Sistemi 4.0.1

SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-18 CVE-2007-0304 Mint SQL-Injection vulnerability in Haber Sistemi

SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-17 CVE-2007-0292 Oracle Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5

Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02.

7.5
2007-01-17 CVE-2007-0280 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01.

7.5
2007-01-17 CVE-2007-0279 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.

7.5
2007-01-17 CVE-2006-6937 Pensacola WEB Designs Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.

7.5
2007-01-16 CVE-2007-0266 Ezboxx Cross-Site Scripting vulnerability in Ezboxx Portal System Beta0.7.6

SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

7.5
2007-01-16 CVE-2007-0260 Naig Unspecified vulnerability in Naig 0.5.2

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter.

7.5
2007-01-16 CVE-2007-0252 Easy Content Filemanager Remote Security vulnerability in Easy-Content Filemanager

Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors.

7.5
2007-01-16 CVE-2006-6935 Portix PHP SQL Injection vulnerability in Portix-PHP 0.4.2

SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password) fields.

7.5
2007-01-16 CVE-2006-6932 Image Gallery With Access Database SQL Injection vulnerability in Image Gallery with Access Database

Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.

7.5
2007-01-19 CVE-2007-0391 Bitdefender Local Format String vulnerability in Bitdefender Client Professionalplus8.02

Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.

7.2
2007-01-19 CVE-2007-0355 Apple Buffer Errors vulnerability in Apple mac OS X and Minimal SLP Service Agent

Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.

7.2
2007-01-18 CVE-2007-0333 Agnitum Local Privilege Escalation vulnerability in Agnitum Outpost Firewall 4.0

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys.

7.2
2007-01-16 CVE-2007-0257 Grsecurity Local Privilege Escalation vulnerability in Grsecurity Kernel PaX

** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors.

7.2
2007-01-16 CVE-2007-0253 Grsecurity Unspecified vulnerability in Grsecurity Kernel Patch

** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory.

7.2
2007-01-19 CVE-2007-0396 HP Remote Denial Of Service vulnerability in HP Hp-Ux 11.23

Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

7.1
2007-01-19 CVE-2006-5964 Pentaware Multiple vulnerability in Pentaware Pentasuite-Pro and Pentazip

choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename.

7.1
2007-01-17 CVE-2007-0299 Apple Denial-Of-Service vulnerability in Apple mac OS X 10.4.8

Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.

7.1
2007-01-16 CVE-2007-0263 Total Commander Unspecified vulnerability in Total Commander Total Commander

Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file.

7.1

80 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-19 CVE-2007-0390 Sabros US Cross-Site Scripting vulnerability in Sabros.Us 1.7

Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

6.8
2007-01-19 CVE-2007-0379 Docman Cross-Site Scripting vulnerability in Docman 1.3Rc2

Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2007-01-19 CVE-2007-0376 Virtuemart Input Validation vulnerability in Virtuemart 1.0.7

Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2007-01-19 CVE-2007-0373 Joomla SQL Injection vulnerability in Joomla 1.5.0Beta

Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.

6.8
2007-01-19 CVE-2007-0365 Nicola Asuni Cross-Site Scripting vulnerability in All In One Control Panel

Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8
2007-01-19 CVE-2006-6942 Phpmyadmin
Debian
Cross-Site Scripting vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

6.8
2007-01-19 CVE-2007-0363 Openads Cross-Site Scripting vulnerability in Openads for PostgreSQL

Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.8
2007-01-19 CVE-2007-0362 Freshreader HTML Injection vulnerability in FreshReader Feed

Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.

6.8
2007-01-19 CVE-2007-0353 Mywebland Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.5

Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string.

6.8
2007-01-18 CVE-2007-0345 Apple Local Security vulnerability in Apple mac OS X 10.4.8

The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil.

6.8
2007-01-18 CVE-2007-0341 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.8.1

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.

6.8
2007-01-18 CVE-2007-0335 JAX Scripts Local File Include vulnerability in JAX Scripts JAX Petition Book 1.0.3.06

Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a ..

6.8
2007-01-18 CVE-2007-0331 Xentraz Cross-Site Scripting vulnerability in Xentraz Liens Dynamiques 2.1

Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu.

6.8
2007-01-18 CVE-2007-0308 Plain Black Cross-Site Scripting vulnerability in WebGUI Wiki Title

Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.

6.8
2007-01-18 CVE-2007-0302 Instantasp Cross-Site Scripting vulnerability in Instantasp 4.1.0

Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx.

6.8
2007-01-18 CVE-2007-0301 Fdweb Remote File Include vulnerability in Fdweb Espace Membre 2.01

PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

6.8
2007-01-18 CVE-2007-0300 TLM CMS Remote File Include vulnerability in TLM CMS Chemin Parameter

PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.

6.8
2007-01-17 CVE-2007-0243 SUN Buffer Errors vulnerability in SUN Jdk, JRE and SDK

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

6.8
2007-01-17 CVE-2007-0298 Dexxaboy Remote File Include vulnerability in Dexxaboy Lunarpoll 1.0

PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.

6.8
2007-01-17 CVE-2007-0278 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14).

6.8
2007-01-17 CVE-2007-0277 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.4

Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11.

6.8
2007-01-17 CVE-2007-0276 Oracle Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5

Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16).

6.8
2007-01-17 CVE-2006-6936 Pensacola WEB Designs Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0

Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field.

6.8
2007-01-16 CVE-2007-0265 Ezboxx Cross-Site Scripting vulnerability in Portal System Beta

Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp.

6.8
2007-01-16 CVE-2007-0258 Fastilo
Opensolution
Cross-Site Scripting vulnerability in Open Solution Quick.Cart

Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

6.8
2007-01-16 CVE-2007-0249 Nwom Input Validation vulnerability in Nwom Topsites 3.0

Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter.

6.8
2007-01-16 CVE-2006-6934 Portix PHP HTML Injection vulnerability in Portix-PHP 0.4.2

Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.

6.8
2007-01-17 CVE-2007-0267 Apple
Freebsd
Resource Management Errors vulnerability in multiple products

The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function.

6.6
2007-01-16 CVE-2007-0264 Winzip Remote Buffer Overflow vulnerability in Winzip 9.0

Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument.

6.6
2007-01-19 CVE-2007-0019 Maxum Development Corporation Unspecified vulnerability in Maxum Development Corporation Rumpus FTP Server

Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.

6.5
2007-01-17 CVE-2007-0274 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7

Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09).

6.5
2007-01-17 CVE-2007-0271 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04.

6.5
2007-01-17 CVE-2007-0270 Oracle Buffer Errors vulnerability in Oracle Database Server 10.1.0.4/9.2.0.7

Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03.

6.5
2007-01-17 CVE-2007-0268 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15).

6.5
2007-01-20 CVE-2007-0397 Cisco Unspecified vulnerability in Cisco products

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.

6.4
2007-01-17 CVE-2007-0293 Oracle Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5/10.2.0.1

Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console.

6.4
2007-01-17 CVE-2007-0289 Oracle Multiple vulnerability in Oracle Application Server 9.0.4.2

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.

6.4
2007-01-17 CVE-2007-0284 Oracle Multiple vulnerability in Oracle Application Server and Collaboration Suite

Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.

6.4
2007-01-19 CVE-2007-0351 Microsoft
Zonelabs
Local Security vulnerability in Microsoft Windows

Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure.

6.2
2007-01-17 CVE-2007-0290 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).

5.5
2007-01-17 CVE-2007-0269 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8

Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02.

5.5
2007-01-19 CVE-2007-0384 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.764

Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.1
2007-01-16 CVE-2006-6487 DT Guestbook Cross-Site Scripting vulnerability in DT Guestbook DT Guestbook 1.0F

Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter.

5.1
2007-01-19 CVE-2007-0383 Wdaemon Unspecified vulnerability in Wdaemon 7.2.0/9.0.4/9.5.4

** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact.

5.0
2007-01-19 CVE-2007-0380 Docman Information Disclosure vulnerability in Docman 1.3Rc2

DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors.

5.0
2007-01-19 CVE-2007-0375 Joomla Information Disclosure vulnerability in Joomla 1.5.0Beta

Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.

5.0
2007-01-19 CVE-2006-6943 Phpmyadmin Improper Input Validation vulnerability in PHPmyadmin

PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.

5.0
2007-01-19 CVE-2007-0357 Fritzdsl Directory Traversal Information Disclosure vulnerability in Fritzdsl 02.02.29

Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.

5.0
2007-01-19 CVE-2007-0356 Common Controls Replacement Project
Microsoft
Remote Denial of Service vulnerability in FolderTreeView ActiveX Control

The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value.

5.0
2007-01-19 CVE-2007-0349 Nicecoder Directory Traversal vulnerability in indexu

Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a ..

5.0
2007-01-19 CVE-2006-6941 Freewebshop Information Disclosure vulnerability in FreeWebshop

index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.

5.0
2007-01-18 CVE-2007-0343 Openbsd Remote Denial Of Service vulnerability in OpenBSD ICMP6 Echo Request

OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.

5.0
2007-01-18 CVE-2007-0329 Joonas Viljanen Directory Traversal vulnerability in Jv2 Folder Gallery

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php.

5.0
2007-01-18 CVE-2006-6489 Sisco Remote Denial of Service vulnerability in SISCO OSI Stack Malformed Packet

The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets.

5.0
2007-01-18 CVE-2007-0311 Texas Imperial Software Remote Denial of Service vulnerability in WFTPD Server SITE ADMIN Command

Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.

5.0
2007-01-18 CVE-2007-0310 BMC Unspecified vulnerability in BMC Remedy Action Request System 5.01.02Patch1267

BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.

5.0
2007-01-17 CVE-2007-0285 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.

5.0
2007-01-17 CVE-2007-0281 Oracle Multiple vulnerability in Oracle products

Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.

5.0
2007-01-17 CVE-2007-0222 Oracle Remote Directory Traversal vulnerability in Oracle Application Server 10.1.3

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter.

5.0
2007-01-17 CVE-2006-6938 Nitrotech Remote File Include vulnerability in Nitrotech 0.0.3A

Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter.

5.0
2007-01-16 CVE-2007-0250 Nwom Input Validation vulnerability in Nwom Topsites 3.0

index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error.

5.0
2007-01-16 CVE-2006-6931 Snort Denial of Service vulnerability in Snort Backtracking

Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."

5.0
2007-01-16 CVE-2007-0248 Squid Remote Denial of Service vulnerability in Squid 2.6.Stable6

The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

5.0
2007-01-16 CVE-2007-0247 Squid Resource Management Errors vulnerability in Squid

squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.

5.0
2007-01-19 CVE-2007-0394 HP Local Security vulnerability in HP Hp-Ux 11.11

HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

4.6
2007-01-19 CVE-2007-0393 SUN Local Security vulnerability in SUN Solaris 9.0

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

4.6
2007-01-19 CVE-2007-0392 IBM Local Security vulnerability in IBM AIX 5.3

IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

4.6
2007-01-19 CVE-2007-0367 Maxum Development Corporation Local Security vulnerability in Rumpus Ftp Server

Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.

4.6
2007-01-19 CVE-2007-0366 Maxum Development Corporation Local Security vulnerability in Rumpus Ftp Server

Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.

4.6
2007-01-17 CVE-2006-6939 GNU Unspecified vulnerability in GNU ED 0.2

GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.

4.6
2007-01-18 CVE-2007-0336 Rixstep Local Privilege Escalation vulnerability in Rixstep Undercover

Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition.

4.4
2007-01-17 CVE-2007-0014 SUN Cryptographic Issues vulnerability in SUN Chainkey Java Code Protection

ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.

4.4
2007-01-19 CVE-2007-0371 Common Controls Replacement Project Denial of Service vulnerability in BrowseDialog ActiveX Control CCRPBDS6.DLL

A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value.

4.3
2007-01-19 CVE-2007-0364 Nicecoder Cross-Site Scripting vulnerability in Nicecoder Indexu 5.0/5.0.1

Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector.

4.3
2007-01-19 CVE-2006-5963 Pentaware Multiple vulnerability in Pentaware Pentasuite-Pro and Pentazip

Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.

4.3
2007-01-18 CVE-2007-0342 Apple
Omnigroup
Resource Management Errors vulnerability in multiple products

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

4.3
2007-01-17 CVE-2007-0273 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06.

4.3
2007-01-17 CVE-2007-0297 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.

4.0
2007-01-17 CVE-2007-0291 Oracle Multiple vulnerability in Oracle E-Business Suite 6.2.3

Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.

4.0
2007-01-17 CVE-2007-0283 Oracle Multiple vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02.

4.0

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-16 CVE-2007-0235 Libgtop Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libgtop

Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

3.7
2007-01-17 CVE-2007-0275 Oracle Cross-Site Scripting vulnerability in Oracle products

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

3.5
2007-01-17 CVE-2007-0282 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.

3.2
2007-01-17 CVE-2007-0286 Oracle Multiple vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.

2.6
2007-01-17 CVE-2007-0296 Oracle Multiple vulnerability in Oracle January 2007 Security Update

Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02.

2.1
2007-01-17 CVE-2007-0294 Oracle Multiple vulnerability in Oracle Enterprise Manager 10.2.0.1

Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06.

1.7
2007-01-17 CVE-2007-0288 Oracle Multiple vulnerability in Oracle Application Server 10.1.4.0

Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.

1.7
2007-01-17 CVE-2007-0287 Oracle Multiple vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.

1.7