Weekly Vulnerabilities Reports > January 29 to February 4, 2007

Overview

184 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 88 high severity vulnerabilities. This weekly summary report vulnerabilities in 187 products from 134 vendors including Apple, Microsoft, Aztek Forum, Wireshark, and Smb4K. Vulnerabilities are notably categorized as "Code Injection", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", and "Permissions, Privileges, and Access Controls".

  • 164 reported vulnerabilities are remotely exploitables.
  • 53 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-31 CVE-2007-0640 Zabbix Buffer Overflow vulnerability in Zabbix

Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."

10.0
2007-01-31 CVE-2007-0466 Telestream Remote Memory Corruption vulnerability in Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33

Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.

10.0
2007-01-30 CVE-2006-6535 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.0

The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.

9.4
2007-01-29 CVE-2007-0543 Zixforum Information Disclosure vulnerability in Zixforum

ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb.

9.4
2007-02-03 CVE-2007-0671 Microsoft Remote Code Execution vulnerability in Microsoft Office Malformed String

Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.

9.3
2007-01-31 CVE-2007-0619 Chmlib Buffer Overflow vulnerability in CHM Lib

chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.

9.3
2007-01-30 CVE-2007-0585 Webfwlog Information Disclosure vulnerability in WebFWLog

include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter.

9.3

88 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-03 CVE-2007-0673 Broadcom
CA
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops r11.1 allows remote attackers to cause a denial of service (daemon crash) via a value of 0xFFFFFFFF at a certain point in an authentication negotiation packet, which results in an out-of-bounds read.

7.8
2007-02-03 CVE-2007-0672 Broadcom
CA
LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.
7.8
2007-02-01 CVE-2007-0648 Cisco Remote Denial Of Service vulnerability in Cisco IOS SIP Packet Handling

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

7.8
2007-01-31 CVE-2007-0634 SUN Remote Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.

7.8
2007-01-31 CVE-2007-0616 Zenphoto Unspecified vulnerability in Zenphoto 1.0.4/1.0.5/1.0.6

Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via ".." sequences in the album parameter to index.php.

7.8
2007-01-31 CVE-2007-0615 Hitachi Remote Denial of Service vulnerability in Hitachi products

Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition Management Server and Log Server before 20070124 allows remote attackers to cause a denial of service (application stop) via unexpected data.

7.8
2007-01-31 CVE-2007-0614 Apple Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and mac OS X

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.

7.8
2007-01-31 CVE-2007-0612 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

7.8
2007-01-29 CVE-2007-0546 Toxiclab Information Disclosure vulnerability in Toxiclab Shoutbox 1

Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.

7.8
2007-01-29 CVE-2007-0545 Maxtricity Information Disclosure vulnerability in Maxtricity Tagger 0.1

Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.

7.8
2007-01-29 CVE-2007-0539 Wordpress Denial-Of-Service vulnerability in WordPress

The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.

7.8
2007-02-03 CVE-2007-0675 Microsoft Code Injection vulnerability in Microsoft Windows Vista

A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

7.6
2007-01-31 CVE-2007-0465 Apple Unspecified vulnerability in Apple Installer and mac OS X

Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.

7.6
2007-02-04 CVE-2007-0706 Fenrir Security Bypass vulnerability in Darksky Rss Bar

Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data.

7.5
2007-02-04 CVE-2007-0705 Fenrir Security Bypass vulnerability in Portable Sleipnir

Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data.

7.5
2007-02-04 CVE-2007-0704 Somery Remote Security vulnerability in Somery 0.4.6

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669.

7.5
2007-02-04 CVE-2007-0703 Webbuilder Remote Security vulnerability in Webbuilder

PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.

7.5
2007-02-04 CVE-2007-0702 Phpeventman Remote File Include vulnerability in PHPeventman 1.0.2

Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.

7.5
2007-02-04 CVE-2007-0701 Epistemon Remote File Include vulnerability in Epistemon 1.0

PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

7.5
2007-02-04 CVE-2007-0699 Portail WEB PHP Code Injection vulnerability in Portail web PHP Portail web PHP 0.99

PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

7.5
2007-02-04 CVE-2006-6966 Phpgraphy Remote Security vulnerability in Phpgraphy

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php.

7.5
2007-02-03 CVE-2007-0695 Free LAN Intra Internet Portal SQL Injection vulnerability in Free LAN Intra Internet Portal Free LAN Intra Internet Portal 0.9.0.1029/0.9.0.730/1.0Rc1

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-02-03 CVE-2007-0688 Hunkaray Duyuru SQL Injection vulnerability in H√ľnkaray Duyuru Scripti Oku.ASP

SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-02-03 CVE-2007-0684 Cerulean Portal System Remote File Include vulnerability in Cerulean Portal System Cerulean Portal System 0.7B

PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-03 CVE-2007-0683 Omegaboard Project Improper Input Validation vulnerability in Omegaboard Project Omegaboard 1.0

PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-03 CVE-2007-0682 JV2 Remote File Include vulnerability in JV2 Folder Gallery Template.PHP

PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.

7.5
2007-02-03 CVE-2007-0681 Extcalendar Cross-Site Request Forgery vulnerability in ExtCalendar

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

7.5
2007-02-03 CVE-2007-0680 Phpbb Tweaked Remote File Include vulnerability in PHPbb Tweaked PHPbb Tweaked 1

PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-03 CVE-2007-0679 Nicolas Grandjean Remote File Include vulnerability in Nicolas Grandjean PHPmyring 4.1.0B/4.1.1B/4.1.2B

PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.

7.5
2007-02-03 CVE-2007-0678 Fullaspsite SQL Injection vulnerability in FullASPSite ASP Hosting Windows.ASP

SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.

7.5
2007-02-03 CVE-2007-0677 Cronosys Remote File Include vulnerability in Cronosys Cadre PHP Framework 22020724

PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.

7.5
2007-02-01 CVE-2007-0663 Eclectic Designs SQL-Injection vulnerability in Eclectic Designs Cascadianfaq 4.1

SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631.

7.5
2007-02-01 CVE-2007-0662 Hailboards Remote File Include vulnerability in Hailboards 1.2.0

PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-01 CVE-2007-0659 Modxcms Unspecified vulnerability in Modxcms Filedownload 1.7/2.0

download.php in the MuddyDogPaws FileDownload snippet before 2.5 for MODx allows remote attackers to download arbitrary files, as demonstrated by downloading config.inc.php to obtain database credentials.

7.5
2007-02-01 CVE-2007-0657 Alientrap Unspecified vulnerability in Alientrap Nexuiz 2.2.2

Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.

7.5
2007-02-01 CVE-2007-0656 Phpbb2 Modificat Remote File Include vulnerability in PHPbb2-Modificat 0.1.0/0.2.0

PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-01-31 CVE-2007-0642 RBL SQL Injection vulnerability in RBL Tforum 2.00

SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.

7.5
2007-01-31 CVE-2007-0641 Shaffer Solutions Corp Stack Buffer Overflow vulnerability in Shaffer Solutions Corp Dapcnfsd.Dll 0.6.4.0

Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.

7.5
2007-01-31 CVE-2007-0639 Guppy Remote Security vulnerability in GuppY

Multiple static code injection vulnerabilities in error.php in GuppY 4.5.16 and earlier allow remote attackers to inject arbitrary PHP code into a .inc file in the data/ directory via (1) a REMOTE_ADDR cookie or (2) a cookie specifying an element of the msg array with an error number in the first dimension and 0 in the second dimension, as demonstrated by msg[999][0].

7.5
2007-01-31 CVE-2007-0637 Galeria Zdjec Local File Include vulnerability in Galeria Zdjec

Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-01-31 CVE-2007-0635 Encapscms Remote File Include vulnerability in Encapscms 0.3.6

Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

7.5
2007-01-31 CVE-2007-0633 T Systems Solutions FOR Research Gmbh Remote File Include vulnerability in MyNews Themefunc.PHP

PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.

7.5
2007-01-31 CVE-2007-0632 ASP Edge SQL-Injection vulnerability in ASP EDGE

SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.

7.5
2007-01-31 CVE-2007-0631 Eclectic Designs SQL Injection vulnerability in CascadianFaq

SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-01-31 CVE-2007-0630 X DEV SQL-Injection vulnerability in Xnews

Multiple SQL injection vulnerabilities in the generate_csv function in classes/class.news.php in X-dev xNews 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) from, and (3) q parameters, different vectors than CVE-2007-0569.

7.5
2007-01-31 CVE-2007-0623 Maxdev SQL Injection vulnerability in Maxdev Mdpro 1.0.76

SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.

7.5
2007-01-31 CVE-2007-0618 IBM Authentication Bypass vulnerability in IBM AIX 5.3.0

Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."

7.5
2007-01-30 CVE-2007-0601 Aztek Forum Remote Security vulnerability in Aztek Forum Aztek Forum 4.0

common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.

7.5
2007-01-30 CVE-2007-0600 Makit
Martyn Kilbryde
SQL Injection vulnerability in Makit Newsposter Script News_Page.ASP

SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.

7.5
2007-01-30 CVE-2007-0599 Aztek Forum Remote Security vulnerability in Aztek Forum Aztek Forum 4.0

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.

7.5
2007-01-30 CVE-2007-0598 Aztek Forum SQL-Injection vulnerability in Aztek Forum Aztek Forum 4.0

SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.

7.5
2007-01-30 CVE-2007-0591 VU LE AN Remote File Include vulnerability in VU LE AN Virtual Path 1.0

PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-01-30 CVE-2007-0589 Forum Livre SQL-Injection vulnerability in Forum Livre Forum Livre 1.0

SQL injection vulnerability in Forum Livre 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to info_user.asp.

7.5
2007-01-30 CVE-2007-0584 G Neric Remote File Include vulnerability in Php Generic MembreManager.PHP

PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2007-01-30 CVE-2007-0582 Chernobile SQL Injection vulnerability in Chernobile 1.0

SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field.

7.5
2007-01-30 CVE-2007-0581 Eclipsebb Remote File Include vulnerability in Eclipsebb 0.5.0Lite

PHP remote file inclusion vulnerability in functions.php in EclipseBB 0.5.0 Lite allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-01-30 CVE-2007-0577 Acgvclick Remote File Include vulnerability in Acgvclick 0.2.0

PHP remote file inclusion vulnerability in function.inc.php in ACGVclick 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2007-01-30 CVE-2007-0576 XT Stats Remote File Include vulnerability in Xt-Stats 2.3.0/2.4.0.B3

PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the server_base_dir parameter.

7.5
2007-01-30 CVE-2007-0575 Stefan Holmberg SQL Injection vulnerability in AdMentor Admin Login

Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.

7.5
2007-01-30 CVE-2007-0574 Spoonlabs SQL Injection vulnerability in Spoonlabs Vivvo Article Management CMS 3.40

SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715.

7.5
2007-01-30 CVE-2007-0573 Nsgalphp Remote File Include vulnerability in Nsgalphp 0.41

PHP remote file inclusion vulnerability in includes/config.inc.php in nsGalPHP 0.41 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racineTBS parameter.

7.5
2007-01-30 CVE-2007-0572 Drunken Golem Remote Security vulnerability in Gaming Portal

PHP remote file inclusion vulnerability in include/irc/phpIRC.php in Drunken:Golem Gaming Portal 0.5.1 Alpha 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-01-30 CVE-2007-0571 Phpmyreports Remote File Include vulnerability in PHPmyreports 3.0.11

PHP remote file inclusion vulnerability in include/lib/lib_head.php in phpMyReports 3.0.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathModule parameter.

7.5
2007-01-30 CVE-2007-0570 Johannes Gijsbers Remote File Include vulnerability in Johannes Gijsbers AD Fundum Integratable News Script 0.02B

PHP remote file inclusion vulnerability in ains_main.php in Johannes Gijsbers (aka Taradino) Ad Fundum Integratable News Script (AINS) 0.02b allows remote attackers to execute arbitrary PHP code via a URL in the ains_path parameter.

7.5
2007-01-30 CVE-2007-0569 X DEV SQL Injection vulnerability in X-Dev Xnews 1.3

SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.

7.5
2007-01-30 CVE-2007-0568 Myphpcommander Remote File Include vulnerability in Myphpcommander 2.0

PHP remote file inclusion vulnerability in system/lib/package.php in MyPHPCommander 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the gl_root parameter.

7.5
2007-01-30 CVE-2007-0455 GD Graphics Library Project
PHP
Canonical
Fedoraproject
Redhat
Classic Buffer Overflow vulnerability in multiple products

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

7.5
2007-01-30 CVE-2007-0566 ASP News SQL Injection vulnerability in ASP News News_Detail.ASP

SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-30 CVE-2007-0565 CGI Rescue Remote Command Execution vulnerability in CGI Rescue Shopping Cart Professional

CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.

7.5
2007-01-30 CVE-2007-0561 Xero Portal Remote File Include vulnerability in Xero Portal Xero Portal 1.2

Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.

7.5
2007-01-30 CVE-2007-0560 ASP Edge SQL Injection vulnerability in ASP Edge ASP Edge 1.2B

SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.

7.5
2007-01-30 CVE-2007-0559 RP World Remote Security vulnerability in RP World RP World 1.0.2

PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.

7.5
2007-01-30 CVE-2007-0558 Inter7 Remote Security vulnerability in Inter7 Vhostadmin 1.0

PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.

7.5
2007-01-29 CVE-2007-0554 GUO XU Guos Posting System SQL Injection vulnerability in GUO XU Guos Posting System GUO XU Guos Posting System 1.2

SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-01-29 CVE-2007-0551 Cmsmadesimple Remote Security vulnerability in Cmsmadesimple CMS Made Simple 2.7

Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.

7.5
2007-01-29 CVE-2006-6963 Docebo Remote Security vulnerability in Docebo 3.0.3

Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_lms] parameter to (1) class.module/class.definition.php and (2) modules/scorm/scorm_utils.php.

7.5
2007-01-29 CVE-2006-6958 Phpbluedragon Code Injection vulnerability in PHPbluedragon CMS 2.9.1

Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076.

7.5
2007-02-04 CVE-2007-0709 Comodo Denial-Of-Service vulnerability in Comodo Firewall Pro

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

7.2
2007-02-04 CVE-2007-0708 Comodo Denial of Service vulnerability in Comodo Firewall PRO 2.4.16.174

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

7.2
2007-01-30 CVE-2006-5753 Linux
Redhat
Local Denial of Service vulnerability in Linux Kernel ListXATTR

Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.

7.2
2007-01-29 CVE-2007-0557 Rmake Local Security vulnerability in Rmake 1.0.3

rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.

7.2
2007-02-03 CVE-2007-0686 Intel Denial-Of-Service vulnerability in Intel 2200Bg Proset Wireless 9.0.3.9

The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651.

7.1
2007-02-03 CVE-2007-0674 Microsoft Remote Denial of Service vulnerability in Microsoft Windows Mobile 2003/2003Se/5.0

Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.

7.1
2007-02-01 CVE-2007-0647 Apple Products Format String vulnerability in Apple mac OS X 10.3.9

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.

7.1
2007-02-01 CVE-2007-0646 Apple USE of Externally-Controlled Format String vulnerability in Apple Imovie, mac OS X and Safari

Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

7.1
2007-02-01 CVE-2007-0644 Apple Products Format String vulnerability in Apple Safari 2.0.4419.3

Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions.

7.1
2007-01-30 CVE-2007-0603 PGP Remote Code Execution vulnerability in PGP Corporate Desktop 9.5

PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.

7.1
2007-01-30 CVE-2007-0588 Apple Remote Memory Corruption vulnerability in Apple Mac OS X QuickDraw InternalUnpackBits

The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function.

7.1

82 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-01-30 CVE-2007-0602 Trend Micro Local Security vulnerability in Trend Micro Viruswall 3.81

Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.

6.9
2007-02-04 CVE-2007-0707 GOM Player Unspecified vulnerability in GOM Player GOM Player 2.0.12.3375

Stack-based buffer overflow in GOM Player 2.0.12.3375 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag.

6.8
2007-02-03 CVE-2007-0698 Mentiss Acgv SQL-Injection vulnerability in Acgvannu

Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the id_mod parameter to templates/modif.html, and other unspecified vectors.

6.8
2007-02-03 CVE-2007-0696 Free LAN Intra Internet Portal Cross-Site Scripting vulnerability in Free Lan Intra Internet Portal

Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.

6.8
2007-02-03 CVE-2007-0676 EXO SQL Injection vulnerability in Exophpdesk 1.2/1.2.1

SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2007-02-02 CVE-2007-0666 Ipswitch Remote Security vulnerability in Ipswitch WS FTP Server 5.04

Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

6.8
2007-02-02 CVE-2007-0665 Ipswitch Unspecified vulnerability in Ipswitch WS FTP PRO 2007

Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command.

6.8
2007-02-01 CVE-2007-0660 Dotnetnuke Cross-Site Scripting vulnerability in Dotnetnuke Iframe 03.02.00

Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."

6.8
2007-02-01 CVE-2007-0650 Makeindex Remote Buffer Overflow vulnerability in Makeindex 2.14

Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.

6.8
2007-02-01 CVE-2007-0645 Apple Products Format String vulnerability in Apple Iphoto 6.0.5

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions.

6.8
2007-01-31 CVE-2007-0617 Earthlink Unspecified vulnerability in Earthlink Total Access

The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

6.8
2007-01-31 CVE-2007-0611 Free LAN Intra Internet Portal Cross-Site Scripting vulnerability in Free Lan Intra Internet Portal

Multiple cross-site scripting (XSS) vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) inc.page.php and (2) inc.text.php.

6.8
2007-01-31 CVE-2007-0610 Cmsmadesimple Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.7

Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter.

6.8
2007-01-30 CVE-2007-0604 SIX Apart LTD Cross-Site Scripting vulnerability in Movable Type

Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry screen," a different vulnerability than CVE-2007-0231.

6.8
2007-01-30 CVE-2007-0592 Indexcor Cross-Site Scripting vulnerability in Indexcor Ezdatabase 2.1.3

Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.

6.8
2007-01-30 CVE-2007-0580 Javier Suarez Sanz Remote File Include vulnerability in Javier Suarez Sanz Foro Domus 2.10

PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 allows remote attackers to execute arbitrary PHP code via a URL in the sesion_idioma parameter.

6.8
2007-01-30 CVE-2007-0567 Interactive Scripts COM Cross-Site Scripting vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5

Cross-site scripting (XSS) vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the _p parameter.

6.8
2007-01-29 CVE-2007-0553 Phproxy HTML Injection vulnerability in PHProxy Index.Inc.PHP

Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php in PHProxy before 0.5 beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) data[realm] and (2) _url parameters, different vectors than CVE-2004-2604.

6.8
2007-01-29 CVE-2007-0552 OH NO NOT Another CMS Cross-Site Scripting vulnerability in OH NO NOT Another CMS OH NO NOT Another CMS 0.0.8.4

Cross-site scripting (XSS) vulnerability in install/default/error404.html in Oh no! Not another CMS (Onnac) 0.0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the error_url parameter.

6.8
2007-01-29 CVE-2007-0550 212Cafe Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 0.08Beta

Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.

6.8
2007-01-29 CVE-2007-0549 212Cafe Cross-Site Scripting vulnerability in 212Cafe 212Cafeboard 6.30Beta

Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

6.8
2007-01-29 CVE-2007-0542 212Cafe Cross-Site Scripting vulnerability in 212Cafe Guestbook 4.00Beta

Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

6.8
2007-01-29 CVE-2006-6962 Joomla Code Injection vulnerability in Joomla RS Gallery2 1.11.2

PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.

6.8
2007-01-29 CVE-2006-6961 Webroot Software Denial-Of-Service vulnerability in Spy Sweeper

WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on file contents, which allows remote attackers to bypass malware detection by changing a file's name.

6.8
2007-01-29 CVE-2006-6960 Webroot Software Security Bypass vulnerability in Spy Sweeper

The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier does not handle non-ZIP archives, which allows remote attackers to bypass the malware detection via files with (1) RAR, (2) GZ, (3) TAR, (4) CAB, or (5) ACE compression.

6.8
2007-01-29 CVE-2006-6957 Docebo Code Injection vulnerability in Docebo

PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter.

6.8
2007-02-03 CVE-2007-0687 Michelle SQL Injection vulnerability in Michelles L2J DropCalc I-Search.PHP

SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

6.5
2007-02-02 CVE-2007-0667 Ledgersmb
SQL Ledger
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
6.5
2007-01-31 CVE-2007-0626 Drupal Unspecified vulnerability in Drupal 5.0

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

6.5
2007-02-03 CVE-2007-0697 Mentiss Acgv Unspecified vulnerability in Mentiss Acgv Acgvannu

index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html.

6.4
2007-01-31 CVE-2007-0629 Plain Black Unspecified vulnerability in Plain Black Webgui 7.3.8

The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets.

6.4
2007-02-02 CVE-2007-0668 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.

6.2
2007-01-31 CVE-2007-0467 Apple Denial-Of-Service vulnerability in Apple mac OS X 10.4.8

crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

6.2
2007-01-30 CVE-2007-0596 Aztek Forum Remote Security vulnerability in Aztek Forum Aztek Forum 4.0

PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.

6.0
2007-01-29 CVE-2007-0544 Mybb HTML Injection vulnerability in Mybb 1.2.3

Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.

6.0
2007-01-30 CVE-2007-0590 Forum Livre Cross-Site Scripting vulnerability in Forum Livre Forum Livre 1.0

Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre 1.0 remote attackers to inject arbitrary web script or HTML via the palavra parameter.

5.8
2007-02-01 CVE-2007-0661 Intel Remote Denial of Service vulnerability in Intel Southbridge 2 Baseboard Management Controller

Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service.

5.4
2007-01-30 CVE-2007-0579 Horde Local File Include vulnerability in Horde Groupware Calendar Component

Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors.

5.1
2007-02-04 CVE-2007-0700 Portail WEB PHP Path Traversal vulnerability in Portail web PHP Portail web PHP 2.5.1.1

Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a ..

5.0
2007-02-02 CVE-2007-0664 Acme Labs Unspecified vulnerability in Acme Labs Thttpd

thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.

5.0
2007-02-02 CVE-2007-0459 Wireshark Protocol Denial of Service vulnerability in Wireshark 0.99.2/0.99.3/0.99.4

packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.4 allows remote attackers to cause a denial of service (application crash or hang) via fragmented HTTP packets.

5.0
2007-02-01 CVE-2007-0658 Drupal Unspecified vulnerability in Drupal and Textimage

The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

5.0
2007-01-31 CVE-2007-0638 Vlad Alexa Mancini Information Disclosure vulnerability in Vlad Alexa Mancini PHPfootball 1.6

show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.

5.0
2007-01-31 CVE-2007-0624 Maxdev Remote Security vulnerability in Maxdev Mdpro 1.0.76

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.

5.0
2007-01-31 CVE-2007-0622 Mybb Cross-Site Request Forgery vulnerability in Mybb 1.2.2

Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users.

5.0
2007-01-31 CVE-2007-0620 Vlad Leont Information Disclosure vulnerability in Vlad Leont FD Script 1.3/1.3.1/1.3.2

download.php in FD Script 1.3.2 and earlier allows remote attackers to read source of files under the web document root with certain extensions, including .php, via a relative pathname in the fname parameter, as demonstrated by downloading config.php.

5.0
2007-01-31 CVE-2007-0613 Apple Remote Denial of Service vulnerability in Apple Ichat, Instant Message Framework and Mdnsresponder

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries.

5.0
2007-01-30 CVE-2007-0597 Aztek Forum Information Disclosure vulnerability in Aztek Forum Aztek Forum 4.0

Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.

5.0
2007-01-30 CVE-2007-0594 Siteman Information Disclosure vulnerability in Siteman 2.0.X2

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.

5.0
2007-01-30 CVE-2007-0593 Siteman Information Disclosure vulnerability in Siteman 1.1.11

Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.

5.0
2007-01-30 CVE-2007-0464 Apple
Cfnetwork
Buffer Errors vulnerability in Cfnetwork 129.19

The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.

5.0
2007-01-29 CVE-2007-0548 Karjasoft Denial-Of-Service vulnerability in Karjasoft Sami Http Server 2.0.1

KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.

5.0
2007-01-29 CVE-2007-0541 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.

5.0
2007-01-29 CVE-2007-0540 Wordpress Unspecified vulnerability in Wordpress

WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

5.0
2007-01-29 CVE-2007-0538 Telligent Systems Denial-Of-Service vulnerability in Community Server Forums

Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.

5.0
2007-01-29 CVE-2007-0463 Apple Unspecified vulnerability in Apple Software Update 2.0.5

Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type.

5.0
2007-01-31 CVE-2007-0627 Michael Still Information Disclosure vulnerability in GTalkbot Username and Password

Michael Still gtalkbot before 1.2 places username and password arguments on the command line, which allows local users to obtain sensitive information by listing the process.

4.9
2007-01-31 CVE-2007-0625 Nomachine Remote Denial Of Service vulnerability in NoMachine NX Server NXCONFIGURE.SH

nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not validate the invoking user, which allows local users to modify server configuration keys in /usr/NX/etc/server.cfg, resulting in an unspecified denial of service.

4.9
2007-01-30 CVE-2006-5754 Linux Local Denial of Service vulnerability in Linux Kernel AIO_Setup_Ring

The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.

4.9
2007-02-04 CVE-2007-0436 Barron Mccann Permissions, Privileges, and Access Controls vulnerability in Barron Mccann products

Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.

4.6
2007-02-03 CVE-2007-0670 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.2/5.3

Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.

4.6
2007-01-29 CVE-2006-6959 Webroot Software Local Security vulnerability in Webroot Software SPY Sweeper 4.5.9

WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.

4.6
2007-02-03 CVE-2007-0475 Smb4K Multiple vulnerability in SMB4K

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

4.4
2007-02-02 CVE-2007-0458 Wireshark Protocol Denial of Service vulnerability in Wireshark 0.99.3/0.99.4

Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors, a different issue than CVE-2006-5468.

4.3
2007-02-02 CVE-2007-0457 Wireshark Protocol Denial of Service vulnerability in Wireshark

Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

4.3
2007-02-02 CVE-2007-0456 Wireshark Protocol Denial of Service vulnerability in Wireshark 0.99.3/0.99.4

Unspecified vulnerability in the LLT dissector in Wireshark (formerly Ethereal) 0.99.3 and 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

4.3
2007-02-01 CVE-2007-0649 Openemr Code Injection vulnerability in Openemr

Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays.

4.3
2007-01-31 CVE-2007-0643 Bloodshed Software Buffer Overflow vulnerability in Bloodshed Software Dev-C++ 4.9.9.2

Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.

4.3
2007-01-31 CVE-2007-0628 SUN Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter.

4.3
2007-01-30 CVE-2007-0595 Designmind Cross-Site Scripting vulnerability in High5 Review Script

Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).

4.3
2007-01-30 CVE-2007-0583 Http Commander Cross-Site Scripting vulnerability in Http Commander Http Commander 6.0

Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx.

4.3
2007-01-30 CVE-2007-0578 Mpg123 Denial of Service vulnerability in MPG123 HTTP_Open() Connection Handling

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.

4.3
2007-01-30 CVE-2007-0563 Symantec Denial of Service And Cross-Site Scripting vulnerability in Symantec Web Security

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.

4.3
2007-01-30 CVE-2007-0562 Microsoft Denial-Of-Service vulnerability in Microsoft Windows Explorer 6.00.2900.2180

Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted .avi file, which triggers the crash when the user right clicks on the file.

4.3
2007-01-29 CVE-2007-0347 Cvstrac Remote Denial of Service vulnerability in CVSTrac

The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

4.3
2007-01-29 CVE-2007-0547 CGI Rescue Cross-Site Scripting vulnerability in WebFORM

Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-01-29 CVE-2006-6965 Andreas Gohr Unspecified vulnerability in Andreas Gohr Dokuwiki Release20060309/Release20060309E

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter.

4.3
2007-01-29 CVE-2006-6956 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

4.3
2007-01-29 CVE-2006-6955 Opera Improper Input Validation vulnerability in Opera Browser

Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

4.3
2007-01-29 CVE-2006-6954 Flock Improper Input Validation vulnerability in Flock 1.0.7

Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

4.3
2007-01-30 CVE-2007-0564 Symantec Denial-Of-Service vulnerability in Web Security

The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file.

4.0
2007-01-29 CVE-2006-6964 Mailenable Information Disclosure vulnerability in MailEnable Professional

MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-03 CVE-2007-0472 Smb4K Multiple vulnerability in SMB4K

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

3.7
2007-02-03 CVE-2007-0474 Smb4K Multiple vulnerability in SMB4K

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."

3.3
2007-02-03 CVE-2007-0685 Microsoft Remote Denial of Service vulnerability in Microsoft Windows Mobile 2003/2003Se/5.0

Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.

2.6
2007-01-29 CVE-2007-0537 KDE Cross-Site Scripting vulnerability in KDE Konqueror 3.5.5

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

2.6
2007-01-31 CVE-2007-0636 Inotify Unspecified vulnerability in Inotify Incron

Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."

2.1
2007-01-29 CVE-2006-6953 Globetrotter Information Exposure vulnerability in Globetrotter Mobility Manager

The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots.

2.1
2007-02-03 CVE-2007-0473 Smb4K Multiple vulnerability in SMB4K

The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.

1.9