Weekly Vulnerabilities Reports > February 5 to 11, 2007
Overview
116 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 58 high severity vulnerabilities. This weekly summary report vulnerabilities in 132 products from 92 vendors including Mozilla, HP, Samba, Phpbb, and Uapplication. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Code Injection", "Use of Externally-Controlled Format String", and "Permissions, Privileges, and Access Controls".
- 103 reported vulnerabilities are remotely exploitables.
- 32 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 110 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 5 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-08 | CVE-2007-0446 | HP | Buffer Overflow vulnerability in HP products Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. | 10.0 |
2007-02-08 | CVE-2007-0841 | Vbdrupal | Remote Security vulnerability in Vbdrupal 4.7.5.0 Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. | 10.0 |
2007-02-08 | CVE-2007-0851 | Trend Micro | Buffer Overflow vulnerability in Trend Micro Antivirus UPX Compressed PE File Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable. | 9.3 |
2007-02-06 | CVE-2007-0766 | Remotesoft | Remote Stack Buffer Overflow vulnerability in Remotesoft .Net Explorer 2.0.1 Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file. | 9.3 |
58 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-09 | CVE-2006-6992 | Gosurf Browser | Remote Security vulnerability in Gosurf Browser Gosurf Browser 2.62 Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6991 | Fast Browser | Remote Security vulnerability in Fast Browser Fast Browser Pro8.1 Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6990 | Advanced Search Technologies INC | Remote Security vulnerability in Advanced Search Technologies Inc. Enigma Browser 3.8.8 Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6989 | Netcaptor | Remote Security vulnerability in Netcaptor 4.5.7Personal Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6988 | Flashpeak | Remote Security vulnerability in Flashpeak Slim Browser 4.07Build100 Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6987 | Softinform | Remote Security vulnerability in Softinform Finebrowser Freeware3.2.2 Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6986 | Phaseout | Remote Security vulnerability in Phaseout 5.4.4 Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-07 | CVE-2007-0825 | Flashfxp | Remote Buffer Overflow vulnerability in Flashfxp 3.4.0Build1145 FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow. | 7.8 |
2007-02-06 | CVE-2007-0756 | Chicken OF THE VNC | Remote Denial of Service vulnerability in Chicken of the VNC Chicken of the VNC 2.0 Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference. | 7.8 |
2007-02-11 | CVE-2007-0870 | Microsoft | Remote Code Execution vulnerability in Microsoft Word 2000 Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027. | 7.6 |
2007-02-09 | CVE-2007-0867 | Site Assistant | Remote File Include vulnerability in Site-Assistant Menu.PHP PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter. | 7.5 |
2007-02-09 | CVE-2007-0865 | Lushinews | SQL Injection vulnerability in Lushinews 1.00/1.01 SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-09 | CVE-2007-0864 | Lushiwarplaner | SQL Injection vulnerability in Lushiwarplaner 1.0 SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-08 | CVE-2007-0854 | Cpanel | Code Injection vulnerability in Cpanel Webhost Manager Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. | 7.5 |
2007-02-08 | CVE-2007-0853 | Techexcel INC | SQL-Injection vulnerability in Techexcel Inc. Devtrack 6.0.3 SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. | 7.5 |
2007-02-08 | CVE-2007-0850 | Syscp Team | Local File Include vulnerability in SYSCP System Control Panel Panel_CronScript Table scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | 7.5 |
2007-02-08 | CVE-2007-0848 | Maian Recipe | Remote Security vulnerability in Maian Recipe Maian Recipe 1.0 PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. | 7.5 |
2007-02-08 | CVE-2007-0847 | Open Tibia Server CMS | SQL-Injection vulnerability in Open Tibia Server Cms SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php. | 7.5 |
2007-02-08 | CVE-2007-0845 | Advanced Poll | Information Disclosure vulnerability in Advanced Poll Admin admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1. | 7.5 |
2007-02-08 | CVE-2006-6979 | Amarok | Improper Input Validation vulnerability in Amarok The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters. | 7.5 |
2007-02-08 | CVE-2006-6976 | Centipaid | Code Injection vulnerability in Centipaid PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | 7.5 |
2007-02-08 | CVE-2007-0839 | Valarsoft | Remote File Include vulnerability in Valarsoft Webmatic 2.6 Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters. | 7.5 |
2007-02-08 | CVE-2007-0837 | Agermenu | Remote File Include vulnerability in Agermenu 0.03 PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | 7.5 |
2007-02-07 | CVE-2007-0828 | Mysqlnewsengine | Remote File Include vulnerability in MySQLNewsEngine Affichearticles.PHP3 PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter. | 7.5 |
2007-02-07 | CVE-2007-0826 | Kisisel Site 2007 | SQL Injection vulnerability in Kisisel Site 2007 SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
2007-02-07 | CVE-2007-0824 | Lightro | Remote File Include vulnerability in Lightro CMS 1Beta PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter. | 7.5 |
2007-02-07 | CVE-2007-0820 | Cedric | Remote File Include vulnerability in Cedric Claire Portailphp 2 Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php. | 7.5 |
2007-02-07 | CVE-2006-6974 | Headstart Solutions | SQL-Injection vulnerability in Deskpro Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | 7.5 |
2007-02-07 | CVE-2006-6973 | Headstart Solutions | Remote Security vulnerability in Deskpro Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. | 7.5 |
2007-02-07 | CVE-2006-6972 | Btitracker | SQL-Injection vulnerability in Btitracker SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. | 7.5 |
2007-02-07 | CVE-2007-0812 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board Lite Pms.PHP SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter. | 7.5 |
2007-02-07 | CVE-2007-0810 | Geeklog | Remote File Include vulnerability in Geeklog 2 PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter. | 7.5 |
2007-02-07 | CVE-2007-0809 | Ptirhiikmods | Remote File Include vulnerability in Ptirhiikmods Mod-Ch 2.1.2 PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-02-07 | CVE-2007-0808 | Mina Ajans | Remote Security vulnerability in Mina Ajans Script PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script. | 7.5 |
2007-02-07 | CVE-2007-0806 | LES News | Security Bypass vulnerability in LES News LES News 2.2 Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations. | 7.5 |
2007-02-07 | CVE-2007-0804 | Ggcms | Remote PHP Code Execution vulnerability in Ggcms 1.1.0Rc1 Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file. | 7.5 |
2007-02-07 | CVE-2007-0803 | Stlport Project | Classic Buffer Overflow vulnerability in Stlport Project Stlport 5.0.0/5.0.1/5.0.2 Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor." | 7.5 |
2007-02-06 | CVE-2007-0799 | Uapplication | SQL-Injection vulnerability in Uapplication Ublog Reload1.0.5 SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-02-06 | CVE-2007-0797 | Bluevirus Design | Remote File Include vulnerability in Bluevirus-Design Sma-Db 0.3.9 PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter. | 7.5 |
2007-02-06 | CVE-2007-0796 | Bluecoat | Remote Heap Overflow vulnerability in Bluecoat Winproxy 6.0/6.1 Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption. | 7.5 |
2007-02-06 | CVE-2007-0795 | WAP | Remote Security vulnerability in WAP Portal Server 1.X Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php. | 7.5 |
2007-02-06 | CVE-2007-0793 | Globalmegacorp | Remote Security vulnerability in Globalmegacorp Dvddb 0.6 PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter. | 7.5 |
2007-02-06 | CVE-2007-0792 | Mozilla | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla 2.23.3 The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | 7.5 |
2007-02-06 | CVE-2007-0790 | Smartftp | Buffer Errors vulnerability in Smartftp 2.0.1002 Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. | 7.5 |
2007-02-06 | CVE-2007-0786 | Noname Media | SQL Injection vulnerability in Noname Media Photo Galerie Standard 1.1 SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-06 | CVE-2007-0785 | Flipsource | Remote File Include vulnerability in Flip PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | 7.5 |
2007-02-06 | CVE-2007-0784 | RBL | SQL-Injection vulnerability in Tpassword SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. | 7.5 |
2007-02-06 | CVE-2007-0765 | DB Masters Multimedia | SQL Injection vulnerability in Curium CMS News.PHP SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter. | 7.5 |
2007-02-06 | CVE-2007-0762 | Phpbb | Remote File Include vulnerability in PHPbb++ Build100 PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-02-06 | CVE-2007-0761 | Phpbb | Remote Security vulnerability in PHPbb Ezboard Converter 0.2 PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter. | 7.5 |
2007-02-06 | CVE-2007-0760 | Eqdkp | Authentication Bypass vulnerability in Eqdkp 1.3.1 EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer. | 7.5 |
2007-02-06 | CVE-2007-0759 | Umberto Caldera | Input Validation vulnerability in Umberto Caldera Easymoblog 0.5.1 Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php. | 7.5 |
2007-02-06 | CVE-2007-0758 | Phpprobid | Remote File Include vulnerability in PHPprobid 5.24 PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. | 7.5 |
2007-02-06 | CVE-2007-0757 | Miguel Nunes | Remote File Include vulnerability in DreamStats System Rootpath PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | 7.5 |
2007-02-06 | CVE-2007-0454 | Samba Debian Mandrakesoft | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. | 7.5 |
2007-02-08 | CVE-2007-0856 | Trend Micro | Local Privilege Escalation vulnerability in Trend Micro AntiVirus Scan Engine TMComm TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context. | 7.2 |
2007-02-08 | CVE-2007-0849 | Syscp Team | Unspecified vulnerability in Syscp Team Syscp scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | 7.2 |
2007-02-08 | CVE-2007-0819 | HP | Unspecified vulnerability in HP Network Node Manager 7.5 HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service. | 7.2 |
47 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-09 | CVE-2007-0866 | HP | Local Code Execution vulnerability in HP Openview Storage Data Protector 5.50 Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors. | 6.8 |
2007-02-08 | CVE-2007-0855 | Rarlab | Buffer Overflow vulnerability in Rarlab Unrar 3.60/3.61 Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive. | 6.8 |
2007-02-08 | CVE-2007-0852 | Techexcel INC | HTML Injection and SQL Injection vulnerability in Techexcel Inc. Devtrack 6.0.3 Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. | 6.8 |
2007-02-08 | CVE-2007-0846 | Open Tibia Server CMS | Input Validation vulnerability in OTSCMS Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter. | 6.8 |
2007-02-08 | CVE-2007-0840 | Hlstats | Cross Site Scripting vulnerability in Hlstats 1.34 Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. | 6.8 |
2007-02-07 | CVE-2007-0834 | Darrens 5 Dollar Script Archive | Cross-Site Scripting vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8 Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807. | 6.8 |
2007-02-07 | CVE-2007-0827 | Alibaba | Remote Code Execution vulnerability in Alipay Password Input ActiveX Control The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call. | 6.8 |
2007-02-07 | CVE-2007-0807 | Darrens 5 Dollar Script Archive | HTML Injection vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8 Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature. | 6.8 |
2007-02-07 | CVE-2006-6969 | Jetty | Unspecified vulnerability in Jetty Http Server Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks. | 6.8 |
2007-02-06 | CVE-2007-0787 | Simple Invoices | Local File Include vulnerability in Simple Invoices Simple Invoices 20070202 PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter. | 6.8 |
2007-02-06 | CVE-2007-0763 | F3Site | HTML Injection vulnerability in F3Site 2.1 Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field. | 6.8 |
2007-02-06 | CVE-2007-0452 | Samba | Denial of Service vulnerability in Samba Deferred CIFS File Open smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop. | 6.8 |
2007-02-06 | CVE-2007-0556 | Postgresql | Information Disclosure and Denial of Service vulnerability in PostgreSQL The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server. | 6.6 |
2007-02-08 | CVE-2007-0835 | Coppermine | Unspecified vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. | 6.5 |
2007-02-06 | CVE-2007-0764 | F3Site | File-Upload vulnerability in F3Site 2.1 Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php. | 6.5 |
2007-02-08 | CVE-2007-0844 | PAM SSH | Authentication Bypass vulnerability in PAM SSH PAM SSH 1.91 The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase. | 6.4 |
2007-02-07 | CVE-2007-0802 | Mozilla Opera | Improper Input Validation vulnerability in multiple products Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. | 6.4 |
2007-02-09 | CVE-2007-0868 | Yahoo | Denial of Service vulnerability in Yahoo! Messenger Chat Room Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2007-02-09 | CVE-2006-6985 | Maxthon | Remote Security vulnerability in Maxthon 1.5.6Build42 Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
2007-02-09 | CVE-2006-6984 | More Quick Tools | Remote Security vulnerability in More Quick Tools Greenbrowser 3.4.0622 Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
2007-02-09 | CVE-2006-6983 | Myweb4Net | Remote Security vulnerability in Myweb4Net Browser 3.8.8.0 Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 5.0 |
2007-02-08 | CVE-2006-6982 | 3Proxy | Remote Security vulnerability in 3Proxy 0.5/0.5.1/0.5.2 3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials. | 5.0 |
2007-02-08 | CVE-2006-6981 | 3Proxy | Denial-Of-Service vulnerability in 3Proxy 0.5/0.5.1/0.5.2 3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten. | 5.0 |
2007-02-08 | CVE-2006-2220 | Phpbb | Improper Input Validation vulnerability in PHPbb 2.0.20 phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. | 5.0 |
2007-02-08 | CVE-2006-2219 | Phpbb Group | Improper Input Validation vulnerability in PHPbb Group PHPbb 2.0.20 phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. | 5.0 |
2007-02-08 | CVE-2007-0838 | Freeproxy | Denial of Service vulnerability in Freeproxy 3.92 FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself. | 5.0 |
2007-02-07 | CVE-2007-0821 | Cedric | Remote File Include vulnerability in Cedric Claire Portailphp 2 Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-07 | CVE-2007-0816 | Broadcom | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11/11.1/11.5 The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields. | 5.0 |
2007-02-07 | CVE-2006-6970 | Opera | Permissions, Privileges, and Access Controls vulnerability in Opera Browser 9.10 Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter. | 5.0 |
2007-02-08 | CVE-2007-0669 | Twiki | Unspecified vulnerability in Twiki Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files. | 4.6 |
2007-02-06 | CVE-2007-0453 | Samba | Remote Buffer Overflow vulnerability in Samba NSS host lookup Winbind Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions. | 4.6 |
2007-02-07 | CVE-2007-0829 | Alwil | Unspecified vulnerability in Alwil Avast Antivirus avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements. | 4.4 |
2007-02-09 | CVE-2007-0869 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.6.4 Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field. | 4.3 |
2007-02-08 | CVE-2007-0857 | Moinmoin | Cross-Site Scripting vulnerability in MoinMoin Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action. | 4.3 |
2007-02-08 | CVE-2006-6978 | Fckeditor | Cross-Site Scripting vulnerability in Fckeditor Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | 4.3 |
2007-02-08 | CVE-2006-6977 | Freetextbox | Cross-Site Scripting vulnerability in Freetextbox Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag. | 4.3 |
2007-02-07 | CVE-2007-0817 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion 6.1/7.0.1/7.0.2 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page. | 4.3 |
2007-02-07 | CVE-2007-0815 | Uapplication | HTML Injection vulnerability in Uapplication Uphotogallery 1.1 Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2007-02-07 | CVE-2007-0814 | Adrenalin Labs | HTML Injection vulnerability in Adrenalin's ASP Chat Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat. | 4.3 |
2007-02-07 | CVE-2007-0813 | Home Production | Cross-Site Scripting vulnerability in MySearchEngine Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-02-07 | CVE-2007-0801 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.5.0.9 The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. | 4.3 |
2007-02-07 | CVE-2007-0800 | Mozilla | Unspecified vulnerability in Mozilla Firefox 1.5.0.9 Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | 4.3 |
2007-02-06 | CVE-2007-0798 | Uapplication | HTML Injection and SQL Injection vulnerability in Uapplication Ublog Reload 1.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp. | 4.3 |
2007-02-06 | CVE-2007-0791 | Mozilla | HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-02-06 | CVE-2007-0788 | Mediawiki | HTML Injection vulnerability in Mediawiki 1.9.0/1.9.1 Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript." | 4.3 |
2007-02-06 | CVE-2007-0768 | Yahoo | HTML Injection vulnerability in Yahoo! Messenger Notification Message Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields. | 4.3 |
2007-02-08 | CVE-2007-0836 | Coppermine | Remote And Local File Include vulnerability in Coppermine Photo Gallery admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-08 | CVE-2006-6980 | Magnatune COM | Denial-Of-Service vulnerability in Album Browser The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors. | 2.6 |
2007-02-07 | CVE-2007-0805 | HP | Information Disclosure vulnerability in HP Tru64 5.1 The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587. | 2.1 |
2007-02-07 | CVE-2007-0823 | Slackware | Information Disclosure vulnerability in Slackware Linux 10.2 xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. | 1.9 |
2007-02-07 | CVE-2007-0822 | Linux | Unspecified vulnerability in Linux Kernel 2.6.15 umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. | 1.9 |
2007-02-06 | CVE-2007-0006 | Linux | Local Denial of Service vulnerability in Linux Kernel Key_Alloc_Serial() The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." The scheme for selecting serial numbers was changed from incrementing a counter to random number selection, increasing the likelihood of a serial number collision. | 1.9 |
2007-02-07 | CVE-2007-0833 | Vmware | Information Disclosure vulnerability in VMWare Workstation 5.5.3Build34685 VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system. | 1.2 |
2007-02-07 | CVE-2007-0832 | Vmware | Information Disclosure vulnerability in VMWare Workstation 5.5.3Build34685 VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems. | 1.2 |