Weekly Vulnerabilities Reports > January 15 to 21, 2007
Overview
159 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 61 high severity vulnerabilities. This weekly summary report vulnerabilities in 127 products from 97 vendors including Oracle, Apple, Joomla, Phpmyadmin, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Cross-site Scripting", "Use of Externally-Controlled Format String", and "Reachable Assertion".
- 135 reported vulnerabilities are remotely exploitables.
- 32 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 138 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 31 reported vulnerabilities.
- Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-19 | CVE-2007-0386 | Postnuke Software Foundation | Remote Security vulnerability in Postnuke Software Foundation Postnuke 0.764 Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug." | 10.0 |
2007-01-19 | CVE-2007-0368 | Michiel Broek | Local Privilege Escalation Vulnerabilites in MBSE-BBS MBSE_Root Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable. | 10.0 |
2007-01-18 | CVE-2007-0303 | Pancake ORG | Multiple Unspecified vulnerability in Zina Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." | 10.0 |
2007-01-17 | CVE-2006-6940 | OWA | Remote Security vulnerability in OWA 1.1.3 Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message. | 10.0 |
2007-01-16 | CVE-2007-0261 | Snews | Authentication Bypass vulnerability in Snews 1.5.29/1.5.30 snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter. | 10.0 |
2007-01-16 | CVE-2007-0254 | Xine | Remote Format String vulnerability in Xine Errors.C Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. | 10.0 |
2007-01-16 | CVE-2006-5172 | Broadcom CA | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe String Handling Overflow," a different vulnerability than CVE-2006-5171. | 10.0 |
2007-01-16 | CVE-2006-5171 | Broadcom CA | Stack-based buffer overflow in the RPC interface in Mediasvr.exe in Computer Associates (CA) Brightstor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Protection Suites r2 allows remote attackers to execute arbitrary code via crafted SUNRPC packets, aka the "Mediasvr.exe Overflow," a different vulnerability than CVE-2006-5172. | 10.0 |
2007-01-16 | CVE-2007-0236 | Apple | Buffer Errors vulnerability in Apple mac OS X 10.4.8 Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | 10.0 |
2007-01-19 | CVE-2007-0352 | Microsoft | Buffer Overflow vulnerability in Microsoft Html Help Workshop 4.02.0002 Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string. | 9.3 |
2007-01-18 | CVE-2007-0315 | Filezilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Filezilla Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). | 9.3 |
2007-01-16 | CVE-2007-0255 | Xine | Remote Format String vulnerability in Xine 0.99.4 XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017. | 9.3 |
2007-01-18 | CVE-2007-0313 | Gonicus | Remote Security vulnerability in Gonicus System Administration Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests. | 9.0 |
61 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-17 | CVE-2007-0272 | Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Oracle Database Server Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via unspecified vectors involving certain public procedures, aka DB05. | 8.5 |
2007-01-19 | CVE-2007-0389 | Arsdigita | Directory Traversal vulnerability in Arsdigita products Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI. | 7.8 |
2007-01-19 | CVE-2007-0385 | Postnuke Software Foundation | Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.764 The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. | 7.8 |
2007-01-19 | CVE-2007-0358 | HP | Denial Of Service vulnerability in HP Jetdirect Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors. | 7.8 |
2007-01-18 | CVE-2007-0318 | Apple | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | 7.8 |
2007-01-18 | CVE-2007-0312 | Wcsimple Poll | Information Disclosure vulnerability in Wcsimple Poll wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt. | 7.8 |
2007-01-17 | CVE-2007-0295 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01. | 7.8 |
2007-01-16 | CVE-2007-0262 | Wordpress | Information Disclosure vulnerability in Wordpress 2.0.6/2.1 WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix. | 7.8 |
2007-01-16 | CVE-2007-0259 | Ezboxx | Information Exposure vulnerability in Ezboxx Portal System Beta0.7.6 Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message. | 7.8 |
2007-01-16 | CVE-2007-0256 | Videolan | Denial Of Service vulnerability in Videolan VLC Media Player 0.8.6A VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file. | 7.8 |
2007-01-16 | CVE-2007-0251 | Snort | Unspecified vulnerability in Snort 2.6.1.2 Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files. | 7.8 |
2007-01-16 | CVE-2006-6933 | EFS Software | Information Disclosure vulnerability in EFS Software Easy Chat Server 2.1 Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. | 7.8 |
2007-01-16 | CVE-2006-5876 | Libsoup | Remote Denial of Service vulnerability in Libsoup 2.2.98 The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. | 7.8 |
2007-01-19 | CVE-2007-0395 | Comvironment | Remote File Include vulnerability in Comvironment 4.0 PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. | 7.5 |
2007-01-19 | CVE-2007-0388 | Woltlab | SQL-Injection vulnerability in Burning Board SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters. | 7.5 |
2007-01-19 | CVE-2007-0387 | Joomla | SQL-Injection vulnerability in Joomla 20070118 SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-01-19 | CVE-2007-0382 | Letterman | SQL Injection vulnerability in Letterman 1.2.3 Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2) saveNewsletter, and (3) cancelNewsletter functions. | 7.5 |
2007-01-19 | CVE-2007-0381 | Adaptive Technology Resource Centre | SQL-Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2007-01-19 | CVE-2007-0378 | Docman | SQL-Injection vulnerability in Docman 1.3Rc2 Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-01-19 | CVE-2007-0377 | Xoops | SQL Injection vulnerability in Xoops 2.0.16 Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors. | 7.5 |
2007-01-19 | CVE-2007-0374 | Joomla Mambo | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
2007-01-19 | CVE-2007-0372 | Francisco Burzi | SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.9 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or (6) position parameter in modules/Advertising/admin/index.php; or unspecified vectors in the (7) advertising, (8) weblinks, or (9) reviews section. | 7.5 |
2007-01-19 | CVE-2007-0370 | Phpbp | SQL-Injection vulnerability in PHPbp Rc32.204 Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation that uploads the PHP code through an image_form parameter specifying a multiple-extension filename such as .jpg.vil.gif.php, which is stored in upload/banners/ under a different name, and executable via a direct request. | 7.5 |
2007-01-19 | CVE-2007-0369 | Phpbp | SQL-Injection vulnerability in PHPbp Rc32.204 SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum. | 7.5 |
2007-01-19 | CVE-2006-6944 | Phpmyadmin | Security Bypass vulnerability in phpMyAdmin phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | 7.5 |
2007-01-19 | CVE-2007-0361 | Comscripts | Remote File Include vulnerability in Comscripts PHPmyphorum 1.5A PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter. | 7.5 |
2007-01-19 | CVE-2007-0360 | Oreon Project | Remote File Include vulnerability in Oreon PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | 7.5 |
2007-01-19 | CVE-2007-0359 | Uberghey | Remote File Include vulnerability in Uberghey CMS 0.3.1 PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter. | 7.5 |
2007-01-19 | CVE-2007-0350 | SME | SQL Injection vulnerability in SME Filemailer Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. | 7.5 |
2007-01-18 | CVE-2007-0346 | SME | SQL-Injection vulnerability in SME Filemailer 1.21 SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the us parameter. | 7.5 |
2007-01-18 | CVE-2007-0344 | Colloquy | USE of Externally-Controlled Format String vulnerability in Colloquy Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit. | 7.5 |
2007-01-18 | CVE-2007-0340 | Thwboard | SQL-Injection vulnerability in Thwboard SQL injection vulnerability in inc/header.inc.php in ThWboard 3.0b2.84-php5 and earlier allows remote attackers to execute arbitrary SQL commands via the board[styleid] parameter to index.php. | 7.5 |
2007-01-18 | CVE-2007-0339 | Scriptme | SQL-Injection vulnerability in Scriptme SME Filemailer 1.21 SQL injection vulnerability in index.php (aka the login form) in Scriptme SMe FileMailer 1.21 allows remote attackers to execute arbitrary SQL commands via the Password field (ps parameter). | 7.5 |
2007-01-18 | CVE-2007-0338 | Bolintech | Remote Security vulnerability in Dreamftp Server Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log. | 7.5 |
2007-01-18 | CVE-2007-0337 | KGB | Local File Include vulnerability in KGB Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-01-18 | CVE-2007-0334 | Ingate | Authentication Replay vulnerability in InGate Firewall And SIParator Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. | 7.5 |
2007-01-18 | CVE-2007-0332 | Xentraz | Unspecified vulnerability in Xentraz Liens Dynamiques 2.1 (1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. | 7.5 |
2007-01-18 | CVE-2007-0330 | Ipswitch | Local Memory Corruption vulnerability in Ipswitch WS FTP PRO 2007 Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. | 7.5 |
2007-01-18 | CVE-2007-0317 | Filezilla | Remote Format String vulnerability in Filezilla 3.0.0Beta1/3.0.0Beta2 Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. | 7.5 |
2007-01-18 | CVE-2007-0316 | ALL IN ONE Control Panel | SQL Injection vulnerability in All In One Control Panel Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and the (2) did parameter to public/code/cp_downloads.php, different vectors than CVE-2007-0223. | 7.5 |
2007-01-18 | CVE-2007-0314 | Article System | Remote File Include vulnerability in Article System Article System 1.0 Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.php, (3) client.php, and (4) classes.php. | 7.5 |
2007-01-18 | CVE-2007-0309 | Francisco Burzi | SQL Injection vulnerability in PHP-Nuke Block-Old_Articles.PHP SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2007-01-18 | CVE-2007-0307 | Poplar Gedcom Viewer | Remote File Include vulnerability in Poplar Gedcom Viewer Poplar Gedcom Viewer 1.2.2 PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter. | 7.5 |
2007-01-18 | CVE-2007-0306 | Digiappz | SQL Injection vulnerability in DigiAppz DigiAffiliate Visu_User.ASP SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-18 | CVE-2007-0305 | Okulsistem Okul WEB | SQL Injection vulnerability in Okulsistem Okul web Otomasyon Sistemi 4.0.1 SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-18 | CVE-2007-0304 | Mint | SQL-Injection vulnerability in Haber Sistemi SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-01-17 | CVE-2007-0292 | Oracle | Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5 Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. | 7.5 |
2007-01-17 | CVE-2007-0280 | Oracle | Multiple vulnerability in Oracle products Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. | 7.5 |
2007-01-17 | CVE-2007-0279 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | 7.5 |
2007-01-17 | CVE-2006-6937 | Pensacola WEB Designs | Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter. | 7.5 |
2007-01-16 | CVE-2007-0266 | Ezboxx | Cross-Site Scripting vulnerability in Ezboxx Portal System Beta0.7.6 SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter. | 7.5 |
2007-01-16 | CVE-2007-0252 | Easy Content Filemanager | Remote Security vulnerability in Easy-Content Filemanager Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors. | 7.5 |
2007-01-16 | CVE-2006-6932 | Image Gallery With Access Database | SQL Injection vulnerability in Image Gallery with Access Database Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp. | 7.5 |
2007-01-16 | CVE-2006-6767 | Time Travellers | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |
2007-01-19 | CVE-2007-0391 | Bitdefender | Local Format String vulnerability in Bitdefender Client Professionalplus8.02 Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings. | 7.2 |
2007-01-19 | CVE-2007-0355 | Apple | Buffer Errors vulnerability in Apple mac OS X and Minimal SLP Service Agent Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field. | 7.2 |
2007-01-18 | CVE-2007-0333 | Agnitum | Local Privilege Escalation vulnerability in Agnitum Outpost Firewall 4.0 Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | 7.2 |
2007-01-19 | CVE-2007-0396 | HP | Remote Denial Of Service vulnerability in HP Hp-Ux 11.23 Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors. | 7.1 |
2007-01-19 | CVE-2006-5964 | Pentaware | Multiple vulnerability in Pentaware Pentasuite-Pro and Pentazip choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local users, and user-assisted remote attackers to cause a denial of service (system crash) by right clicking on a file with a long filename. | 7.1 |
2007-01-17 | CVE-2007-0299 | Apple | Denial-Of-Service vulnerability in Apple mac OS X 10.4.8 Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. | 7.1 |
2007-01-16 | CVE-2007-0263 | Total Commander | Unspecified vulnerability in Total Commander Total Commander Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. | 7.1 |
77 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-19 | CVE-2007-0390 | Sabros US | Cross-Site Scripting vulnerability in Sabros.Us 1.7 Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | 6.8 |
2007-01-19 | CVE-2007-0379 | Docman | Cross-Site Scripting vulnerability in Docman 1.3Rc2 Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2007-01-19 | CVE-2007-0373 | Joomla | SQL Injection vulnerability in Joomla 1.5.0Beta Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. | 6.8 |
2007-01-19 | CVE-2007-0365 | Nicola Asuni | Cross-Site Scripting vulnerability in All In One Control Panel Multiple cross-site scripting (XSS) vulnerabilities in All In One Control Panel (AIOCP) 1.3.009 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2007-01-19 | CVE-2006-6942 | Phpmyadmin Debian | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php. | 6.8 |
2007-01-19 | CVE-2007-0363 | Openads | Cross-Site Scripting vulnerability in Openads for PostgreSQL Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.8 |
2007-01-19 | CVE-2007-0362 | Freshreader | HTML Injection vulnerability in FreshReader Feed Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes. | 6.8 |
2007-01-19 | CVE-2007-0353 | Mywebland | Cross-Site Scripting vulnerability in Mywebland Mybloggie 2.1.5 Cross-site scripting (XSS) vulnerability in (1) index.php and (2) login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO string. | 6.8 |
2007-01-18 | CVE-2007-0345 | Apple | Local Security vulnerability in Apple mac OS X 10.4.8 The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group), which allows local admin users to gain root privileges by modifying a program and then performing permissions repair via diskutil. | 6.8 |
2007-01-18 | CVE-2007-0341 | Phpmyadmin | Cross-Site Scripting vulnerability in PHPmyadmin 2.8.1 Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992. | 6.8 |
2007-01-18 | CVE-2007-0335 | JAX Scripts | Local File Include vulnerability in JAX Scripts JAX Petition Book 1.0.3.06 Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-01-18 | CVE-2007-0331 | Xentraz | Cross-Site Scripting vulnerability in Xentraz Liens Dynamiques 2.1 Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. | 6.8 |
2007-01-18 | CVE-2007-0308 | Plain Black | Cross-Site Scripting vulnerability in WebGUI Wiki Title Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles. | 6.8 |
2007-01-18 | CVE-2007-0302 | Instantasp | Cross-Site Scripting vulnerability in Instantasp 4.1.0 Multiple cross-site scripting (XSS) vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to (a) Logon.aspx, and the (2) Username and (3) Update parameters to (b) Members1.aspx. | 6.8 |
2007-01-18 | CVE-2007-0301 | Fdweb | Remote File Include vulnerability in Fdweb Espace Membre 2.01 PHP remote file inclusion vulnerability in _admin/admin_menu.php in FdWeB Espace Membre 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 6.8 |
2007-01-18 | CVE-2007-0300 | TLM CMS | Remote File Include vulnerability in TLM CMS Chemin Parameter PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 6.8 |
2007-01-17 | CVE-2007-0243 | SUN | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | 6.8 |
2007-01-17 | CVE-2007-0298 | Dexxaboy | Remote File Include vulnerability in Dexxaboy Lunarpoll 1.0 PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter. | 6.8 |
2007-01-17 | CVE-2007-0278 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) NLS Runtime and lmsgen (DB12), and (2) Oracle Text and ctxkbtc (DB14). | 6.8 |
2007-01-17 | CVE-2007-0277 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.4 Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has unknown impact and attack vectors related to the Export component and expdp or impdp, aka DB11. | 6.8 |
2007-01-17 | CVE-2007-0276 | Oracle | Multiple vulnerability in Oracle Database Server 8.1.7.4/9.0.1.5 Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and 9.0.1.5 have unknown impact and attack vectors related to (1) Advanced Security Option and oklist or okdstry (DB10), (2) Oracle Net Services (DB13), and (3) Recovery Manager and oklist (DB16). | 6.8 |
2007-01-17 | CVE-2006-6936 | Pensacola WEB Designs | Input Validation vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary HTML or web script via (1) the catname parameter to displaypic.asp or (2) the search field. | 6.8 |
2007-01-16 | CVE-2007-0265 | Ezboxx | Cross-Site Scripting vulnerability in Portal System Beta Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal System Beta 0.7.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pic parameter to custom/piczoom.asp, (2) the nocatname parameter to boxx/user-upload.asp, or (3) the iid parameter to indexes/newscomments.asp. | 6.8 |
2007-01-16 | CVE-2007-0258 | Fastilo Opensolution | Cross-Site Scripting vulnerability in Open Solution Quick.Cart Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo 2.0 and (2) Open Solution Quick.Cart 2.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. | 6.8 |
2007-01-16 | CVE-2007-0249 | Nwom | Input Validation vulnerability in Nwom Topsites 3.0 Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites 3.0 allows remote attackers to inject arbitrary web script or HTML via the o parameter. | 6.8 |
2007-01-17 | CVE-2007-0267 | Apple Freebsd | Resource Management Errors vulnerability in multiple products The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. | 6.6 |
2007-01-16 | CVE-2007-0264 | Winzip | Remote Buffer Overflow vulnerability in Winzip 9.0 Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. | 6.6 |
2007-01-19 | CVE-2007-0019 | Maxum Development Corporation | Unspecified vulnerability in Maxum Development Corporation Rumpus FTP Server Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. | 6.5 |
2007-01-17 | CVE-2007-0274 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and 10.1.0.5 have unknown impact and attack vectors related to (1) Export and sys.dbms_logrep_util (DB08), and (2) Oracle Streams and sys.dbms_capture_adm_internal privileges (DB09). | 6.5 |
2007-01-17 | CVE-2007-0271 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors related to the Log Miner component and sys.dbms_log_mnr privileges, aka DB04. | 6.5 |
2007-01-17 | CVE-2007-0270 | Oracle | Buffer Errors vulnerability in Oracle Database Server 10.1.0.4/9.2.0.7 Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via the GET_PROPERTY function in SYS.DBMS_DRS, aka DB03. | 6.5 |
2007-01-17 | CVE-2007-0268 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7 Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). | 6.5 |
2007-01-20 | CVE-2007-0397 | Cisco | Unspecified vulnerability in Cisco products The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information. | 6.4 |
2007-01-17 | CVE-2007-0293 | Oracle | Multiple vulnerability in Oracle Enterprise Manager 10.1.0.5/10.2.0.1 Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors related to (1) Oracle Agent (EM03) and (2) EM04 and (3) EM05 in Enterprise Manager Console. | 6.4 |
2007-01-17 | CVE-2007-0289 | Oracle | Multiple vulnerability in Oracle Application Server 9.0.4.2 Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06. | 6.4 |
2007-01-17 | CVE-2007-0284 | Oracle | Multiple vulnerability in Oracle Application Server and Collaboration Suite Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. | 6.4 |
2007-01-19 | CVE-2007-0351 | Microsoft Zonelabs | Local Security vulnerability in Microsoft Windows Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. | 6.2 |
2007-01-17 | CVE-2007-0290 | Oracle | Multiple vulnerability in Oracle E-Business Suite 11.5.10.2 Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06). | 5.5 |
2007-01-17 | CVE-2007-0269 | Oracle | Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3/9.2.0.8 Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to the Change Data Capture and sys.dbms_cdc_subscribe privileges, aka DB02. | 5.5 |
2007-01-19 | CVE-2007-0384 | Postnuke Software Foundation | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.764 Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
2007-01-16 | CVE-2006-6487 | DT Guestbook | Cross-Site Scripting vulnerability in DT Guestbook DT Guestbook 1.0F Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the error[] parameter. | 5.1 |
2007-01-19 | CVE-2007-0380 | Docman | Information Disclosure vulnerability in Docman 1.3Rc2 DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors. | 5.0 |
2007-01-19 | CVE-2007-0375 | Joomla | Information Disclosure vulnerability in Joomla 1.5.0Beta Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | 5.0 |
2007-01-19 | CVE-2006-6943 | Phpmyadmin | Improper Input Validation vulnerability in PHPmyadmin PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php. | 5.0 |
2007-01-19 | CVE-2007-0357 | Fritzdsl | Directory Traversal Information Disclosure vulnerability in Fritzdsl 02.02.29 Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. | 5.0 |
2007-01-19 | CVE-2007-0356 | Common Controls Replacement Project Microsoft | Remote Denial of Service vulnerability in FolderTreeView ActiveX Control The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ActiveX control (ccrpftv6.ocx) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP.RootFolder property value. | 5.0 |
2007-01-19 | CVE-2007-0349 | Nicecoder | Directory Traversal vulnerability in indexu Directory traversal vulnerability in upgrade.php in nicecoder.com INDEXU 5.x allows remote attackers to include arbitrary local files via a .. | 5.0 |
2007-01-19 | CVE-2006-6941 | Freewebshop | Information Disclosure vulnerability in FreeWebshop index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message. | 5.0 |
2007-01-18 | CVE-2007-0343 | Openbsd | Remote Denial Of Service vulnerability in OpenBSD ICMP6 Echo Request OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets. | 5.0 |
2007-01-18 | CVE-2007-0329 | Joonas Viljanen | Directory Traversal vulnerability in Jv2 Folder Gallery download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. | 5.0 |
2007-01-18 | CVE-2006-6489 | Sisco | Remote Denial of Service vulnerability in SISCO OSI Stack Malformed Packet The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. | 5.0 |
2007-01-18 | CVE-2007-0311 | Texas Imperial Software | Remote Denial of Service vulnerability in WFTPD Server SITE ADMIN Command Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command. | 5.0 |
2007-01-18 | CVE-2007-0310 | BMC | Unspecified vulnerability in BMC Remedy Action Request System 5.01.02Patch1267 BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names. | 5.0 |
2007-01-17 | CVE-2007-0285 | Oracle | Multiple vulnerability in Oracle products Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01. | 5.0 |
2007-01-17 | CVE-2007-0281 | Oracle | Multiple vulnerability in Oracle products Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. | 5.0 |
2007-01-17 | CVE-2007-0222 | Oracle | Remote Directory Traversal vulnerability in Oracle Application Server 10.1.3 Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. | 5.0 |
2007-01-17 | CVE-2006-6938 | Nitrotech | Remote File Include vulnerability in Nitrotech 0.0.3A Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via ".." sequences in the root parameter. | 5.0 |
2007-01-16 | CVE-2007-0250 | Nwom | Input Validation vulnerability in Nwom Topsites 3.0 index.php in Nwom topsites 3.0 allows remote attackers to obtain potentially sensitive information via a ' (quote) character in the o parameter, which forces a SQL error. | 5.0 |
2007-01-16 | CVE-2006-6931 | Snort | Denial of Service vulnerability in Snort Backtracking Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack." | 5.0 |
2007-01-16 | CVE-2007-0248 | Squid | Remote Denial of Service vulnerability in Squid 2.6.Stable6 The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. | 5.0 |
2007-01-16 | CVE-2007-0247 | Squid | Resource Management Errors vulnerability in Squid squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. | 5.0 |
2007-01-19 | CVE-2007-0394 | HP | Local Security vulnerability in HP Hp-Ux 11.11 HP HP-UX B11.11 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
2007-01-19 | CVE-2007-0393 | SUN | Local Security vulnerability in SUN Solaris 9.0 Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
2007-01-19 | CVE-2007-0392 | IBM | Local Security vulnerability in IBM AIX 5.3 IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
2007-01-19 | CVE-2007-0367 | Maxum Development Corporation | Local Security vulnerability in Rumpus Ftp Server Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files. | 4.6 |
2007-01-19 | CVE-2007-0366 | Maxum Development Corporation | Local Security vulnerability in Rumpus Ftp Server Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. | 4.6 |
2007-01-17 | CVE-2006-6939 | GNU | Unspecified vulnerability in GNU ED 0.2 GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function. | 4.6 |
2007-01-18 | CVE-2007-0336 | Rixstep | Local Privilege Escalation vulnerability in Rixstep Undercover Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. | 4.4 |
2007-01-17 | CVE-2007-0014 | SUN | Cryptographic Issues vulnerability in SUN Chainkey Java Code Protection ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | 4.4 |
2007-01-19 | CVE-2007-0371 | Common Controls Replacement Project | Denial of Service vulnerability in BrowseDialog ActiveX Control CCRPBDS6.DLL A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long CCRP_BDc.SelectedFolder property value. | 4.3 |
2007-01-19 | CVE-2007-0364 | Nicecoder | Cross-Site Scripting vulnerability in Nicecoder Indexu 5.0/5.0.1 Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (b) user_detail.php; the (3) friend_name, (4) friend_email, (5) error_msg, (6) my_name, (7) my_email, and (8) id parameters to (c) tell_friend.php; the (9) error_msg, (10) email, (11) name, and (12) subject parameters to (d) sendmail.php; the (13) email, (14) error_msg, and (15) username parameters to (e) send_pwd.php; the (16) keyword parameter to (f) search.php; the (17) error_msg, (18) username, (19) password, (20) password2, and (21) email parameters to (g) register.php; the (22) url, (23) contact_name, and (24) email parameters to (h) power_search.php; the (25) path and (26) total parameters to (i) new.php; the (27) query parameter to (j) modify.php; the (28) error_msg parameter to (k) login.php; the (29) error_msg and (30) email parameters to (l) mailing_list.php; the (31) gateway parameter to (m) upgrade.php; and another unspecified vector. | 4.3 |
2007-01-19 | CVE-2006-5963 | Pentaware | Multiple vulnerability in Pentaware Pentasuite-Pro and Pentazip Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename. | 4.3 |
2007-01-18 | CVE-2007-0342 | Apple Omnigroup | Resource Management Errors vulnerability in multiple products WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019. | 4.3 |
2007-01-17 | CVE-2007-0273 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and attack vectors related to XMLDB, aka DB06. | 4.3 |
2007-01-17 | CVE-2007-0297 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03. | 4.0 |
2007-01-17 | CVE-2007-0291 | Oracle | Multiple vulnerability in Oracle E-Business Suite 6.2.3 Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02. | 4.0 |
2007-01-17 | CVE-2007-0283 | Oracle | Multiple vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in Oracle Application Server 9.0.4.3 and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to Oracle Containers for J2EE, aka OC4J02. | 4.0 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-16 | CVE-2007-0235 | Libgtop | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libgtop Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor. | 3.7 |
2007-01-17 | CVE-2007-0275 | Oracle | Cross-Site Scripting vulnerability in Oracle products Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01. | 3.5 |
2007-01-17 | CVE-2007-0282 | Oracle | Multiple vulnerability in Oracle products Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. | 3.2 |
2007-01-17 | CVE-2007-0286 | Oracle | Multiple vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07. | 2.6 |
2007-01-17 | CVE-2007-0296 | Oracle | Multiple vulnerability in Oracle January 2007 Security Update Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13, 8.47.11, and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE02. | 2.1 |
2007-01-17 | CVE-2007-0294 | Oracle | Multiple vulnerability in Oracle Enterprise Manager 10.2.0.1 Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has unknown impact and attack vectors related to Database Cloning & Data Guard Management, aka EM06. | 1.7 |
2007-01-17 | CVE-2007-0288 | Oracle | Multiple vulnerability in Oracle Application Server 10.1.4.0 Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01. | 1.7 |
2007-01-17 | CVE-2007-0287 | Oracle | Multiple vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08. | 1.7 |