Weekly Vulnerabilities Reports > January 22 to 28, 2007
Overview
120 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 203 products from 105 vendors including BEA, Apple, Drupal, Easebay Resources, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Cross-site Scripting", and "Code Injection".
- 98 reported vulnerabilities are remotely exploitables.
- 15 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 110 reported vulnerabilities are exploitable by an anonymous user.
- BEA has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
16 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-26 | CVE-2007-0462 | Apple | Remote Memory Corruption vulnerability in Apple Mac OS X QuickDraw GetSrcBits32ARGB The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. | 10.0 |
2007-01-26 | CVE-2007-0510 | Awffull | Remote Security vulnerability in Awffull 3.7.1 Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. | 10.0 |
2007-01-26 | CVE-2007-0504 | Vote PRO | Remote Security vulnerability in Vote Pro Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632. | 10.0 |
2007-01-25 | CVE-2007-0496 | Neon Labs | Remote Security vulnerability in Neon Labs Website PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter. | 10.0 |
2007-01-25 | CVE-2007-0495 | Phpsherpa | Remote Security vulnerability in PhpSherpa PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. | 10.0 |
2007-01-25 | CVE-2007-0480 | Cisco | Devices Crafted IP Option Multiple Remote Code Execution vulnerability in Cisco Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet. | 10.0 |
2007-01-24 | CVE-2007-0460 | Suse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Suse Linux Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations." | 10.0 |
2007-01-23 | CVE-2007-0449 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200. | 10.0 |
2007-01-23 | CVE-2007-0417 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity. | 10.0 |
2007-01-26 | CVE-2007-0515 | Microsoft | Unspecified vulnerability in Microsoft products Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561. | 9.3 |
2007-01-26 | CVE-2007-0509 | Maklerplus | Multiple Unspecified vulnerability in Maklerplus 1.0/1.01 Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages. | 9.3 |
2007-01-24 | CVE-2007-0018 | Altdo Americanshareware Audio Edit Magic Bearshare Cdburnerxp Cheetahburner Code IT Softare Dandans Digital Media Products Digital Borneo Easy Ringtone Maker Expstudio Iaudiosoft COM Imesh COM J Hepple Products Joshua Mediasoft Magicvideosoftare Mcfunsoft Mediatox Movavi MP3 Soft Mystik Media Products Nctsoft Products Nextlevel Systems Quikscribe Recordnrip Rmbsoft Roemer Software Sienzo Smart Media Systems Softdiv Softare Virtual CD Xrlly Software Xwaver COM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. | 9.3 |
2007-01-24 | CVE-2007-0469 | Rubyforge | Denial-Of-Service vulnerability in Rubyforge Rubygems 0.8.11 The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. | 9.3 |
2007-01-24 | CVE-2007-0020 | Panic Transmit | Remote Heap Overflow vulnerability in Transmit 3 Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL. | 9.3 |
2007-01-23 | CVE-2007-0427 | Microsoft | Buffer Overflow vulnerability in Microsoft Html Help Workshop 4.03.0002 Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section. | 9.3 |
2007-01-26 | CVE-2007-0528 | Centrality Communications | Information Disclosure vulnerability in Pa168 Chipset The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). | 9.0 |
37 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-26 | CVE-2007-0505 | Drupal | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue. | 8.5 |
2007-01-25 | CVE-2007-0481 | Cisco | Remote Memory Corruption vulnerability in Cisco IOS IPv6 Source Routing Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header. | 7.8 |
2007-01-25 | CVE-2007-0479 | Cisco | Denial Of Service vulnerability in Cisco IOS TCP Listener Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device. | 7.8 |
2007-01-23 | CVE-2007-0431 | AVM | Remote Denial of Service vulnerability in AVM Fritzbox 7050 AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060). | 7.8 |
2007-01-23 | CVE-2006-6948 | Myodbc | SQL-Injection vulnerability in Myodbc Japanese2.50.25/Japanese2.50.29/Japanese3.51.06 MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database. | 7.8 |
2007-01-23 | CVE-2006-6947 | NEC | Remote Security vulnerability in Multiwriter 1700C The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. | 7.8 |
2007-01-26 | CVE-2007-0535 | Vote PRO | Remote Security vulnerability in Vote Pro Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. | 7.5 |
2007-01-26 | CVE-2007-0531 | Freewebshop | Remote Security vulnerability in Freewebshop 2.2.3/2.2.4 PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | 7.5 |
2007-01-26 | CVE-2007-0525 | Grigoriadis | Remote Security vulnerability in Mini Web Server Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors. | 7.5 |
2007-01-26 | CVE-2007-0520 | Unique ADS | SQL Injection vulnerability in Unique ADS Unique ADS 1.0 SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 7.5 |
2007-01-26 | CVE-2007-0518 | Scriptsez | Information Disclosure vulnerability in Smart PHP Subscriber Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt. | 7.5 |
2007-01-26 | CVE-2007-0517 | Scriptsez | Information Disclosure vulnerability in Scriptsez Random PHP Quote 1.0 Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt. | 7.5 |
2007-01-26 | CVE-2007-0508 | Bbclone | Remote Security vulnerability in Bbclone 0.31 PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter. | 7.5 |
2007-01-25 | CVE-2007-0502 | Webspell | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492. | 7.5 |
2007-01-25 | CVE-2007-0500 | Bradabra | Remote Security vulnerability in bradabra PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
2007-01-25 | CVE-2007-0498 | SKY Gunning | Remote Security vulnerability in SKY Gunning Myspeach 2.1Beta PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter. | 7.5 |
2007-01-25 | CVE-2007-0492 | Webspell | SQL-Injection vulnerability in webSPELL Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter. | 7.5 |
2007-01-25 | CVE-2007-0485 | Webchat ORG | Remote File Include vulnerability in Webchat.Org Webchat 0.77 PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter. | 7.5 |
2007-01-25 | CVE-2007-0484 | Enthusiast | SQL-Injection vulnerability in Enthusiast 3.1 Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. | 7.5 |
2007-01-24 | CVE-2007-0471 | Checkpoint | Permissions, Privileges, and Access Controls vulnerability in Checkpoint Connectra NGX R60/R62 sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token. | 7.5 |
2007-01-23 | CVE-2007-0435 | T COM | Improper Authentication vulnerability in T-Com Speedport 500V and Speedport 500V Firmware T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value. | 7.5 |
2007-01-23 | CVE-2007-0432 | BEA | Products Multiple vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.5 BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities. | 7.5 |
2007-01-23 | CVE-2006-6946 | NEC | Remote Security vulnerability in Multiwriter 1700C The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors. | 7.5 |
2007-01-23 | CVE-2007-0425 | BEA | Remote Security vulnerability in JRockit Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow. | 7.5 |
2007-01-23 | CVE-2007-0418 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods. | 7.5 |
2007-01-23 | CVE-2007-0416 | BEA | Products Multiple vulnerability in BEA The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security. | 7.5 |
2007-01-23 | CVE-2007-0408 | BEA | Products Multiple vulnerability in BEA BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate. | 7.5 |
2007-01-23 | CVE-2007-0404 | Django Project | Remote Arbitrary Command Execution vulnerability in Django Project Django 0.95 bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file. | 7.5 |
2007-01-23 | CVE-2007-0021 | Apple | Remote Format String vulnerability in Apple Ichat 3.1.6 Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | 7.5 |
2007-01-22 | CVE-2007-0403 | Easebay Resources | SQL-Injection vulnerability in Paypal Subscription Manager SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 7.5 |
2007-01-22 | CVE-2007-0401 | Easebay Resources | SQL-Injection vulnerability in Easebay Resources Login Manager 3.0 SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter. | 7.5 |
2007-01-27 | CVE-2007-0536 | Rpath | Local Security vulnerability in Rpath Linux 1 The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | 7.2 |
2007-01-24 | CVE-2006-6952 | CA | Products Drivers Multiple Local Privilege Escalation Vulenrabilities in Computer Associates Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers. | 7.2 |
2007-01-24 | CVE-2007-0444 | Citrix | Buffer Errors vulnerability in Citrix Metaframe and Metaframe Presentation Server Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. | 7.2 |
2007-01-24 | CVE-2007-0470 | SUN | Local Privilege Escalation vulnerability in Sun Solaris Tip Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. | 7.2 |
2007-01-23 | CVE-2007-0003 | Andrew Morgan | Authentication Bypass vulnerability in Andrew Morgan Linux PAM 0.99.7.0 pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. | 7.2 |
2007-01-23 | CVE-2007-0022 | Apple | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | 7.2 |
60 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-25 | CVE-2007-0503 | SUN | Local Arbitrary Command Execution vulnerability in Kodak Color Management System Utilities Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | 6.9 |
2007-01-24 | CVE-2007-0023 | Apple | Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8 The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. | 6.9 |
2007-01-26 | CVE-2007-0527 | Website Baker | SQL Injection vulnerability in Website Baker Website Baker SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. | 6.8 |
2007-01-26 | CVE-2007-0514 | Hitachi | Cross-Site Scripting vulnerability in Ucosminexus Developer Light Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. | 6.8 |
2007-01-26 | CVE-2007-0511 | Phpxmldom | Remote File Include vulnerability in PHPxmldom 0.3 Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/. | 6.8 |
2007-01-25 | CVE-2007-0501 | Mafia Scum Tools | Code Injection vulnerability in Mafia Scum Tools Mafia Scum Tools PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter. | 6.8 |
2007-01-25 | CVE-2007-0499 | Sangwan KIM | Code Injection vulnerability in Sangwan KIM PHPindexpage PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter. | 6.8 |
2007-01-25 | CVE-2007-0497 | Upload Service | Remote File Include vulnerability in Upload-Service 1.0 PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter. | 6.8 |
2007-01-25 | CVE-2007-0491 | SKY Gunning | Remote Security vulnerability in Myspeach PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. | 6.8 |
2007-01-25 | CVE-2007-0489 | Visohotlink | Remote File Include vulnerability in VisoHotlink Functions.Visohotlink.PHP PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2007-01-25 | CVE-2007-0483 | Enthusiast | Input Validation vulnerability in Enthusiast 3.1 Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. | 6.8 |
2007-01-25 | CVE-2007-0477 | Openads | Cross-Site Scripting vulnerability in Openads 2.3.30 Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. | 6.8 |
2007-01-24 | CVE-2007-0468 | Microsoft | Remote Security vulnerability in Microsoft Visual Studio 6.0 Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file. | 6.8 |
2007-01-23 | CVE-2006-6951 | Odysseus Blog | Cross-Site Scripting vulnerability in Odysseus Blog Blog.PHP Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.8 |
2007-01-23 | CVE-2007-0426 | Oracle | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions. | 6.8 |
2007-01-23 | CVE-2007-0411 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack. | 6.8 |
2007-01-23 | CVE-2007-0407 | Plain Black | HTML Injection vulnerability in WebGUI Registration Username Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. | 6.8 |
2007-01-22 | CVE-2007-0402 | Easebay Resources | Cross-Site Scripting vulnerability in Paypal Subscription Manager Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter. | 6.8 |
2007-01-22 | CVE-2007-0400 | Easebay Resources | Cross-Site Scripting vulnerability in Easebay Resources Login Manager 3.0 Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | 6.8 |
2007-01-22 | CVE-2007-0398 | Arnotic | Cross-Site Scripting vulnerability in A-Forum Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field. | 6.8 |
2007-01-23 | CVE-2007-0433 | BEA | Products Multiple vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.2 Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled. | 6.5 |
2007-01-23 | CVE-2007-0405 | Django Project | Unspecified vulnerability in Django Project Django 0.95 The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user. | 6.5 |
2007-01-23 | CVE-2007-0421 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log. | 6.4 |
2007-01-26 | CVE-2007-0507 | Drupal | SQL Injection vulnerability in Drupal Acidfree 4.61.0/4.71.0 SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles. | 6.0 |
2007-01-26 | CVE-2007-0506 | Drupal | Multiple vulnerability in Drupal Project and Project Issues Tracking Modules The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests. | 6.0 |
2007-01-22 | CVE-2007-0399 | Simple Machines | HTML Injection vulnerability in Simple Machines Simple Machines Forum 1.1Rc3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. | 6.0 |
2007-01-23 | CVE-2007-0441 | HP | Remote Security vulnerability in OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors. | 5.1 |
2007-01-26 | CVE-2007-0533 | Atozed Software | Remote Denial of Service vulnerability in Atozed Software Intraweb Component 9.0 The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object. | 5.0 |
2007-01-26 | CVE-2007-0532 | Tuan DO | Information Disclosure vulnerability in Tuan DO Uploader 6Beta1 Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt. | 5.0 |
2007-01-26 | CVE-2007-0513 | Hitachi | Remote Denial of Service vulnerability in Hitachi HiRDB DataReplicator Server Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. | 5.0 |
2007-01-26 | CVE-2007-0512 | Hitachi | Remote Denial of Service vulnerability in Hitachi TPI Link and TPI Server Base Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port. | 5.0 |
2007-01-25 | CVE-2007-0490 | Open Realty | Information Disclosure vulnerability in Open-Realty 2.3.4 index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. | 5.0 |
2007-01-25 | CVE-2007-0488 | Huawei | Denial-Of-Service vulnerability in Huawei Versatile Routing Platform 1.432500E003Firmware The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command. | 5.0 |
2007-01-24 | CVE-2007-0461 | Dazuko | Denial-Of-Service vulnerability in Dazuko Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors. | 5.0 |
2007-01-23 | CVE-2007-0442 | IBM | Remote Security vulnerability in IBM OS/400 Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. | 5.0 |
2007-01-23 | CVE-2007-0429 | Divx | Remote Denial of Service vulnerability in Divx Player 6.4.1 DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | 5.0 |
2007-01-23 | CVE-2007-0428 | Wzdftpd | Denial-Of-Service vulnerability in wzdftpd Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference. | 5.0 |
2007-01-23 | CVE-2006-6950 | Conti | Insecure Default Accounts and Directory Traversal vulnerability in Conti Ftpserver 1.0Build2.8 Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a .. | 5.0 |
2007-01-23 | CVE-2007-0424 | BEA | Products Multiple vulnerability in BEA Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption. | 5.0 |
2007-01-23 | CVE-2007-0422 | BEA | Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections. | 5.0 |
2007-01-23 | CVE-2007-0420 | BEA | Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2 BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests. | 5.0 |
2007-01-23 | CVE-2007-0419 | BEA | Products Multiple vulnerability in BEA The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage). | 5.0 |
2007-01-23 | CVE-2007-0415 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions. | 5.0 |
2007-01-23 | CVE-2007-0414 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages. | 5.0 |
2007-01-23 | CVE-2007-0412 | BEA | Products Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1 BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files. | 5.0 |
2007-01-23 | CVE-2007-0410 | BEA | Products Multiple vulnerability in BEA Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events." | 5.0 |
2007-01-26 | CVE-2007-0516 | Yana Framework | Remote Security vulnerability in Yana Framework Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. | 4.9 |
2007-01-23 | CVE-2007-0430 | Apple | Denial-Of-Service vulnerability in Mac OS X The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | 4.9 |
2007-01-25 | CVE-2007-0482 | SUN | Unspecified vulnerability in SUN RAY Server Software 2.0/3.0 cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | 4.6 |
2007-01-25 | CVE-2007-0476 | Gentoo | Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30 The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. | 4.6 |
2007-01-23 | CVE-2007-0434 | BEA | Products Multiple vulnerability in BEA Aqualogic Enterprise Security 2.0/2.1/2.2 BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection. | 4.6 |
2007-01-23 | CVE-2006-6949 | Conti | Insecure Default Accounts and Directory Traversal vulnerability in Conti Ftpserver 1.0Build2.8 Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file. | 4.6 |
2007-01-23 | CVE-2007-0406 | Gxine | Denial-Of-Service vulnerability in gxine Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable. | 4.6 |
2007-01-23 | CVE-2007-0423 | Oracle | Products Multiple vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact. | 4.4 |
2007-01-23 | CVE-2007-0413 | BEA | Products Multiple vulnerability in BEA BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file. | 4.4 |
2007-01-26 | CVE-2007-0534 | Drupal | Cross-Site Scripting vulnerability in Project Issue Tracking Module Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking." | 4.3 |
2007-01-26 | CVE-2007-0529 | PHP Link Directory | Cross-Site Scripting vulnerability in PHP Link Directory Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality. | 4.3 |
2007-01-26 | CVE-2007-0526 | Bitweaver | Cross-Site Scripting vulnerability in Bitweaver 1.3.1 Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php. | 4.3 |
2007-01-25 | CVE-2007-0494 | ISC | Data Processing Errors vulnerability in ISC Bind ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. | 4.3 |
2007-01-25 | CVE-2007-0478 | Apple | Cross-Site Scripting vulnerability in Apple Safari and Webcore WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. | 4.3 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-01-26 | CVE-2007-0519 | XMB Software | Cross-Site Scripting vulnerability in XMB Software U2U Instant Messenger Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field. | 3.5 |
2007-01-26 | CVE-2007-0523 | Nokia | Improper Input Validation vulnerability in Nokia N70 The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | 3.3 |
2007-01-26 | CVE-2007-0522 | Motorola | Improper Input Validation vulnerability in Motorola Motorazr V3 The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | 3.3 |
2007-01-26 | CVE-2007-0521 | Sony Ericsson | Improper Input Validation vulnerability in Sony Ericsson K700I and W810I The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | 3.3 |
2007-01-26 | CVE-2007-0524 | LG Electronics | Improper Input Validation vulnerability in LG Electronics Chocolate Kg800 The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | 2.9 |
2007-01-24 | CVE-2007-0010 | Gnome | Unspecified vulnerability in Gnome GTK The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. | 2.1 |
2007-01-23 | CVE-2007-0409 | BEA | Products Multiple vulnerability in BEA BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. | 1.5 |