Weekly Vulnerabilities Reports > January 22 to 28, 2007

Overview

124 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 206 products from 108 vendors including BEA, Apple, Drupal, Easebay Resources, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Code Injection", "SQL Injection", and "Cross-site Scripting".

  • 102 reported vulnerabilities are remotely exploitables.
  • 15 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 114 reported vulnerabilities are exploitable by an anonymous user.
  • BEA has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-26 CVE-2007-0462 Apple Remote Memory Corruption vulnerability in Apple Mac OS X QuickDraw GetSrcBits32ARGB

The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.

10.0
2007-01-26 CVE-2007-0510 Awffull Remote Security vulnerability in Awffull 3.7.1

Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors.

10.0
2007-01-26 CVE-2007-0504 Vote PRO Remote Security vulnerability in Vote Pro

Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.

10.0
2007-01-25 CVE-2007-0496 Neon Labs Remote Security vulnerability in Neon Labs Website

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.

10.0
2007-01-25 CVE-2007-0495 Phpsherpa Remote Security vulnerability in PhpSherpa

PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.

10.0
2007-01-25 CVE-2007-0480 Cisco Devices Crafted IP Option Multiple Remote Code Execution vulnerability in Cisco

Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.

10.0
2007-01-24 CVE-2007-0460 Suse Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Suse Linux

Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."

10.0
2007-01-23 CVE-2007-0449 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.

10.0
2007-01-23 CVE-2007-0417 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.

10.0
2007-01-26 CVE-2007-0515 Microsoft Unspecified vulnerability in Microsoft products

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.

9.3
2007-01-26 CVE-2007-0509 Maklerplus Multiple Unspecified vulnerability in Maklerplus 1.0/1.01

Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.

9.3
2007-01-24 CVE-2007-0018 Altdo
Americanshareware
Audio Edit Magic
Bearshare
Cdburnerxp
Cheetahburner
Code IT Softare
Dandans Digital Media Products
Digital Borneo
Easy Ringtone Maker
Expstudio
Iaudiosoft COM
Imesh COM
J Hepple Products
Joshua Mediasoft
Magicvideosoftare
Mcfunsoft
Mediatox
Movavi
MP3 Soft
Mystik Media Products
Nctsoft Products
Nextlevel Systems
Quikscribe
Recordnrip
Rmbsoft
Roemer Software
Sienzo
Smart Media Systems
Softdiv Softare
Virtual CD
Xrlly Software
Xwaver COM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function.

9.3
2007-01-24 CVE-2007-0469 Rubyforge Denial-Of-Service vulnerability in Rubyforge Rubygems 0.8.11

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

9.3
2007-01-24 CVE-2007-0020 Panic Transmit Remote Heap Overflow vulnerability in Transmit 3

Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.

9.3
2007-01-23 CVE-2007-0427 Microsoft Buffer Overflow vulnerability in Microsoft Html Help Workshop 4.03.0002

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.

9.3
2007-01-26 CVE-2007-0528 Centrality Communications Information Disclosure vulnerability in Pa168 Chipset

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).

9.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-26 CVE-2007-0505 Drupal Multiple vulnerability in Drupal Project and Project Issues Tracking Modules

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

8.5
2007-01-25 CVE-2007-0493 ISC Remote Fetch Context Denial of Service vulnerability in ISC BIND

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

7.8
2007-01-25 CVE-2007-0481 Cisco Remote Memory Corruption vulnerability in Cisco IOS IPv6 Source Routing

Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.

7.8
2007-01-25 CVE-2007-0479 Cisco Denial Of Service vulnerability in Cisco IOS TCP Listener

Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.

7.8
2007-01-23 CVE-2007-0431 AVM Remote Denial of Service vulnerability in AVM Fritzbox 7050

AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).

7.8
2007-01-23 CVE-2006-6948 Myodbc SQL-Injection vulnerability in Myodbc Japanese2.50.25/Japanese2.50.29/Japanese3.51.06

MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 allows remote attackers to cause a denial of service via a certain string in a response, which has unspecified impact on the MySQL database.

7.8
2007-01-23 CVE-2006-6947 NEC Remote Security vulnerability in Multiwriter 1700C

The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.

7.8
2007-01-26 CVE-2007-0535 Vote PRO Remote Security vulnerability in Vote Pro

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504.

7.5
2007-01-26 CVE-2007-0531 Freewebshop Remote Security vulnerability in Freewebshop 2.2.3/2.2.4

PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.

7.5
2007-01-26 CVE-2007-0530 Advanced Guestbook Unspecified vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804.

7.5
2007-01-26 CVE-2007-0525 Grigoriadis Remote Security vulnerability in Mini Web Server

Multiple buffer overflows in Nickolas Grigoriadis Mini Web server (MiniWebsvr) before 0.05 have unknown impact and attack vectors.

7.5
2007-01-26 CVE-2007-0520 Unique ADS SQL Injection vulnerability in Unique ADS Unique ADS 1.0

SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.

7.5
2007-01-26 CVE-2007-0518 Scriptsez Information Disclosure vulnerability in Smart PHP Subscriber

Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.

7.5
2007-01-26 CVE-2007-0517 Scriptsez Information Disclosure vulnerability in Scriptsez Random PHP Quote 1.0

Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.

7.5
2007-01-26 CVE-2007-0508 Bbclone Remote Security vulnerability in Bbclone 0.31

PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.

7.5
2007-01-25 CVE-2007-0502 Webspell SQL Injection vulnerability in Webspell 4.01.02

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492.

7.5
2007-01-25 CVE-2007-0500 Bradabra Remote Security vulnerability in bradabra

PHP remote file inclusion vulnerability in include/includes.php in Bradabra 2.0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2007-01-25 CVE-2007-0498 SKY Gunning Remote Security vulnerability in SKY Gunning Myspeach 2.1Beta

PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.

7.5
2007-01-25 CVE-2007-0492 Webspell SQL-Injection vulnerability in webSPELL

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) galleryID parameter.

7.5
2007-01-25 CVE-2007-0487 Zoneo Soft Unspecified vulnerability in Zoneo-Soft Freeforum 0.9.0

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.

7.5
2007-01-25 CVE-2007-0486 Phpadsnew Code Injection vulnerability in PHPadsnew 2.0.7

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc.

7.5
2007-01-25 CVE-2007-0485 Webchat ORG Remote File Include vulnerability in Webchat.Org Webchat 0.77

PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 allows remote attackers to execute arbitrary PHP code via a URL in the WEBCHATPATH parameter.

7.5
2007-01-25 CVE-2007-0484 Enthusiast SQL-Injection vulnerability in Enthusiast 3.1

Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files.

7.5
2007-01-24 CVE-2007-0471 Checkpoint Permissions, Privileges, and Access Controls vulnerability in Checkpoint Connectra NGX R60/R62

sre/params.php in the Integrity Clientless Security (ICS) component in Check Point Connectra NGX R62 3.x and earlier before Security Hotfix 5, and possibly VPN-1 NGX R62, allows remote attackers to bypass security requirements via a crafted Report parameter, which returns a valid ICSCookie authentication token.

7.5
2007-01-23 CVE-2007-0435 T COM Improper Authentication vulnerability in T-Com Speedport 500V and Speedport 500V Firmware

T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

7.5
2007-01-23 CVE-2007-0432 BEA Products Multiple vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.5

BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities.

7.5
2007-01-23 CVE-2006-6946 NEC Remote Security vulnerability in Multiwriter 1700C

The web server in the NEC MultiWriter 1700C allows remote attackers to modify the device configuration via unspecified vectors.

7.5
2007-01-23 CVE-2007-0425 BEA Remote Security vulnerability in JRockit

Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 through 8.1 SP5, and JRockit 1.4.2 R4.5 and earlier, allows attackers to gain privileges via unspecified vectors, related to an "overflow condition," probably a buffer overflow.

7.5
2007-01-23 CVE-2007-0418 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1 does not enforce a security policy that declares permissions for EJB methods that have array parameters, which allows remote attackers to obtain unauthorized access to these methods.

7.5
2007-01-23 CVE-2007-0416 BEA Products Multiple vulnerability in BEA

The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and 9.1 does not verify credentials when decrypting client messages, which allows remote attackers to bypass application security.

7.5
2007-01-23 CVE-2007-0408 BEA Products Multiple vulnerability in BEA

BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate.

7.5
2007-01-23 CVE-2007-0404 Django Project Remote Arbitrary Command Execution vulnerability in Django Project Django 0.95

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.

7.5
2007-01-23 CVE-2007-0021 Apple Remote Format String vulnerability in Apple Ichat 3.1.6

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.

7.5
2007-01-22 CVE-2007-0403 Easebay Resources SQL-Injection vulnerability in Paypal Subscription Manager

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

7.5
2007-01-22 CVE-2007-0401 Easebay Resources SQL-Injection vulnerability in Easebay Resources Login Manager 3.0

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.

7.5
2007-01-27 CVE-2007-0536 Rpath Local Security vulnerability in Rpath Linux 1

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.

7.2
2007-01-24 CVE-2006-6952 CA Products Drivers Multiple Local Privilege Escalation Vulenrabilities in Computer Associates

Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.

7.2
2007-01-24 CVE-2007-0444 Citrix Buffer Errors vulnerability in Citrix Metaframe and Metaframe Presentation Server

Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.

7.2
2007-01-24 CVE-2007-0470 SUN Local Privilege Escalation vulnerability in Sun Solaris Tip

Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

7.2
2007-01-23 CVE-2007-0003 Andrew Morgan Authentication Bypass vulnerability in Andrew Morgan Linux PAM 0.99.7.0

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.

7.2
2007-01-23 CVE-2007-0022 Apple Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8

Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

7.2

60 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-25 CVE-2007-0503 SUN Local Arbitrary Command Execution vulnerability in Kodak Color Management System Utilities

Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.

6.9
2007-01-24 CVE-2007-0023 Apple Local Privilege Escalation vulnerability in Apple mac OS X 10.4.8

The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.

6.9
2007-01-26 CVE-2007-0527 Website Baker SQL Injection vulnerability in Website Baker Website Baker

SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter.

6.8
2007-01-26 CVE-2007-0514 Hitachi Cross-Site Scripting vulnerability in Ucosminexus Developer Light

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

6.8
2007-01-26 CVE-2007-0511 Phpxmldom Remote File Include vulnerability in PHPxmldom 0.3

Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.

6.8
2007-01-25 CVE-2007-0501 Mafia Scum Tools Code Injection vulnerability in Mafia Scum Tools Mafia Scum Tools

PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter.

6.8
2007-01-25 CVE-2007-0499 Sangwan KIM Code Injection vulnerability in Sangwan KIM PHPindexpage

PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter.

6.8
2007-01-25 CVE-2007-0497 Upload Service Remote File Include vulnerability in Upload-Service 1.0

PHP remote file inclusion vulnerability in upload/top.php in Upload-Service 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the maindir parameter.

6.8
2007-01-25 CVE-2007-0491 SKY Gunning Remote Security vulnerability in Myspeach

PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630.

6.8
2007-01-25 CVE-2007-0489 Visohotlink Remote File Include vulnerability in VisoHotlink Functions.Visohotlink.PHP

PHP remote file inclusion vulnerability in includes/functions.visohotlink.php in VisoHotlink 1.01 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-01-25 CVE-2007-0483 Enthusiast Input Validation vulnerability in Enthusiast 3.1

Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php.

6.8
2007-01-25 CVE-2007-0477 Openads Cross-Site Scripting vulnerability in Openads 2.3.30

Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php.

6.8
2007-01-24 CVE-2007-0468 Microsoft Remote Security vulnerability in Microsoft Visual Studio 6.0

Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.

6.8
2007-01-23 CVE-2006-6951 Odysseus Blog Cross-Site Scripting vulnerability in Odysseus Blog Blog.PHP

Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog allows remote attackers to inject arbitrary web script or HTML via the page parameter.

6.8
2007-01-23 CVE-2007-0426 Oracle Products Multiple vulnerability in Oracle Weblogic Portal 9.2

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.

6.8
2007-01-23 CVE-2007-0411 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when WS-Security is used, does not properly validate certificates, which allows remote attackers to conduct a man-in-the-middle (MITM) attack.

6.8
2007-01-23 CVE-2007-0407 Plain Black HTML Injection vulnerability in WebGUI Registration Username

Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308.

6.8
2007-01-22 CVE-2007-0402 Easebay Resources Cross-Site Scripting vulnerability in Paypal Subscription Manager

Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.

6.8
2007-01-22 CVE-2007-0400 Easebay Resources Cross-Site Scripting vulnerability in Easebay Resources Login Manager 3.0

Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

6.8
2007-01-22 CVE-2007-0398 Arnotic Cross-Site Scripting vulnerability in A-Forum

Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.

6.8
2007-01-23 CVE-2007-0433 BEA Products Multiple vulnerability in BEA Aqualogic Service BUS 2.0/2.1/2.2

Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2, when using Active Directory LDAP for authentication, allows remote authenticated users to access the server even after the account has been disabled.

6.5
2007-01-23 CVE-2007-0405 Django Project Unspecified vulnerability in Django Project Django 0.95

The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.

6.5
2007-01-23 CVE-2007-0421 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 allows remote attackers to cause a denial of service (disk consumption) via requests containing malformed headers, which cause a large amount of data to be written to the server log.

6.4
2007-01-26 CVE-2007-0507 Drupal SQL Injection vulnerability in Drupal Acidfree 4.61.0/4.71.0

SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.

6.0
2007-01-26 CVE-2007-0506 Drupal Multiple vulnerability in Drupal Project and Project Issues Tracking Modules

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

6.0
2007-01-22 CVE-2007-0399 Simple Machines HTML Injection vulnerability in Simple Machines Simple Machines Forum 1.1Rc3

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

6.0
2007-01-23 CVE-2007-0441 HP Remote Security vulnerability in OpenView Network Node Manager

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allows remote attackers to execute arbitrary commands via unknown vectors.

5.1
2007-01-26 CVE-2007-0533 Atozed Software Remote Denial of Service vulnerability in Atozed Software Intraweb Component 9.0

The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.

5.0
2007-01-26 CVE-2007-0532 Tuan DO Information Disclosure vulnerability in Tuan DO Uploader 6Beta1

Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrator password hash via a direct request for userdata/user_1.txt.

5.0
2007-01-26 CVE-2007-0513 Hitachi Remote Denial of Service vulnerability in Hitachi HiRDB DataReplicator Server

Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data.

5.0
2007-01-26 CVE-2007-0512 Hitachi Remote Denial of Service vulnerability in Hitachi TPI Link and TPI Server Base

Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service (process crash) via invalid data to an OpenTP1 port.

5.0
2007-01-25 CVE-2007-0490 Open Realty Information Disclosure vulnerability in Open-Realty 2.3.4

index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.

5.0
2007-01-25 CVE-2007-0488 Huawei Denial-Of-Service vulnerability in Huawei Versatile Routing Platform 1.432500E003Firmware

The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the Quidway R1600 Router, and possibly other models, allows remote attackers to cause a denial of service (device crash) via a long show arp command.

5.0
2007-01-24 CVE-2007-0461 Dazuko Denial-Of-Service vulnerability in Dazuko

Multiple memory leaks in the Dazuko anti-virus helper module before 2.3.2 allow attackers to cause a denial of service (memory consumption) via unknown vectors.

5.0
2007-01-23 CVE-2007-0442 IBM Remote Security vulnerability in IBM OS/400

Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset.

5.0
2007-01-23 CVE-2007-0429 Divx Remote Denial of Service vulnerability in Divx Player 6.4.1

DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.

5.0
2007-01-23 CVE-2007-0428 Wzdftpd Denial-Of-Service vulnerability in wzdftpd

Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.

5.0
2007-01-23 CVE-2006-6950 Conti Insecure Default Accounts and Directory Traversal vulnerability in Conti Ftpserver 1.0Build2.8

Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 allows remote attackers to read arbitrary files and list arbitrary directories via a ..

5.0
2007-01-23 CVE-2007-0424 BEA Products Multiple vulnerability in BEA

Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for Netscape Enterprise Server before September 2006 for Netscape Enterprise Server allow remote attackers to cause a denial of service via certain requests that trigger errors that lead to a server being marked as unavailable, hosting web server failure, or CPU consumption.

5.0
2007-01-23 CVE-2007-0422 BEA Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2

BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, allows remote attackers to cause a denial of service (server inaccessibility) via manipulated socket connections.

5.0
2007-01-23 CVE-2007-0420 BEA Products Multiple vulnerability in BEA Weblogic Server 9.0/9.1/9.2

BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to obtain sensitive information via malformed HTTP requests, which reveal data from previous requests.

5.0
2007-01-23 CVE-2007-0419 BEA Products Multiple vulnerability in BEA

The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).

5.0
2007-01-23 CVE-2007-0415 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce access control after a dynamic update and dynamic redeployment of an application that is implemented through exploded jars, which allows attackers to bypass intended access restrictions.

5.0
2007-01-23 CVE-2007-0414 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, and 9.0 allows remote attackers to cause a denial of service (server hang) via certain requests that cause muxer threads to block when processing error pages.

5.0
2007-01-23 CVE-2007-0412 BEA Products Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 through 8.1 SP5 allows remote attackers to read arbitrary files inside the class-path property via .ear or exploded .ear files that use the manifest class-path property to point to utility jar files.

5.0
2007-01-23 CVE-2007-0410 BEA Products Multiple vulnerability in BEA

Unspecified vulnerability in the thread management in BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and 9.1, when T3 authentication is used, allows remote attackers to cause a denial of service (thread and system hang) via unspecified "sequences of events."

5.0
2007-01-26 CVE-2007-0516 Yana Framework Remote Security vulnerability in Yana Framework

Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors.

4.9
2007-01-23 CVE-2007-0430 Apple Denial-Of-Service vulnerability in Mac OS X

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

4.9
2007-01-25 CVE-2007-0482 SUN Unspecified vulnerability in SUN RAY Server Software 2.0/3.0

cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.

4.6
2007-01-25 CVE-2007-0476 Gentoo Unspecified vulnerability in Gentoo Linux 2.1.30/2.2.28/2.3.30

The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.

4.6
2007-01-23 CVE-2007-0434 BEA Products Multiple vulnerability in BEA Aqualogic Enterprise Security 2.0/2.1/2.2

BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 SP1, and 2.2 does not properly set the severity level of audit events when the system load is high, which might make it easier for attackers to avoid detection.

4.6
2007-01-23 CVE-2006-6949 Conti Insecure Default Accounts and Directory Traversal vulnerability in Conti Ftpserver 1.0Build2.8

Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in MyServerSettings.ini, which allows local users to obtain sensitive information by reading this file.

4.6
2007-01-23 CVE-2007-0406 Gxine Denial-Of-Service vulnerability in gxine

Multiple buffer overflows in the (1) main function in (a) client.c, and the (2) server_setup and (3) server_client_connect functions in (b) server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service (daemon crash) or gain privileges via a long HOME environment variable.

4.6
2007-01-23 CVE-2007-0423 Oracle Products Multiple vulnerability in Oracle Weblogic Portal 9.2

BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact.

4.4
2007-01-23 CVE-2007-0413 BEA Products Multiple vulnerability in BEA

BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a backup of config.xml after offline editing, which allows local users to obtain sensitive information by reading this backup file.

4.4
2007-01-26 CVE-2007-0534 Drupal Cross-Site Scripting vulnerability in Project Issue Tracking Module

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking."

4.3
2007-01-26 CVE-2007-0529 PHP Link Directory Cross-Site Scripting vulnerability in PHP Link Directory

Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.

4.3
2007-01-26 CVE-2007-0526 Bitweaver Cross-Site Scripting vulnerability in Bitweaver 1.3.1

Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.

4.3
2007-01-25 CVE-2007-0494 ISC Data Processing Errors vulnerability in ISC Bind

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.

4.3
2007-01-25 CVE-2007-0478 Apple Cross-Site Scripting vulnerability in Apple Safari and Webcore

WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.

4.3

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-26 CVE-2007-0519 XMB Software Cross-Site Scripting vulnerability in XMB Software U2U Instant Messenger

Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.

3.5
2007-01-26 CVE-2007-0523 Nokia Improper Input Validation vulnerability in Nokia N70

The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

3.3
2007-01-26 CVE-2007-0522 Motorola Improper Input Validation vulnerability in Motorola Motorazr V3

The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

3.3
2007-01-26 CVE-2007-0521 Sony Ericsson Improper Input Validation vulnerability in Sony Ericsson K700I and W810I

The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

3.3
2007-01-26 CVE-2007-0524 LG Electronics Improper Input Validation vulnerability in LG Electronics Chocolate Kg800

The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.

2.9
2007-01-24 CVE-2007-0010 THE Gimp Team Remote Denial of Service vulnerability in the Gimp Team Gimp Toolkit 2.4.12

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.

2.1
2007-01-23 CVE-2007-0409 BEA Products Multiple vulnerability in BEA

BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password.

1.5