Weekly Vulnerabilities Reports > February 5 to 11, 2007

Overview

116 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 58 high severity vulnerabilities. This weekly summary report vulnerabilities in 132 products from 92 vendors including Mozilla, HP, Samba, Phpbb, and Uapplication. Vulnerabilities are notably categorized as "Improper Input Validation", "Cross-site Scripting", "Code Injection", "Use of Externally-Controlled Format String", and "Permissions, Privileges, and Access Controls".

  • 103 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 110 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

4 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-08 CVE-2007-0446 HP Buffer Overflow vulnerability in HP products

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.

10.0
2007-02-08 CVE-2007-0841 Vbdrupal Remote Security vulnerability in Vbdrupal 4.7.5.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors.

10.0
2007-02-08 CVE-2007-0851 Trend Micro Buffer Overflow vulnerability in Trend Micro Antivirus UPX Compressed PE File

Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.

9.3
2007-02-06 CVE-2007-0766 Remotesoft Remote Stack Buffer Overflow vulnerability in Remotesoft .Net Explorer 2.0.1

Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.

9.3

58 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-09 CVE-2006-6992 Gosurf Browser Remote Security vulnerability in Gosurf Browser Gosurf Browser 2.62

Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6991 Fast Browser Remote Security vulnerability in Fast Browser Fast Browser Pro8.1

Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6990 Advanced Search Technologies INC Remote Security vulnerability in Advanced Search Technologies Inc. Enigma Browser 3.8.8

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6989 Netcaptor Remote Security vulnerability in Netcaptor 4.5.7Personal

Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6988 Flashpeak Remote Security vulnerability in Flashpeak Slim Browser 4.07Build100

Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6987 Softinform Remote Security vulnerability in Softinform Finebrowser Freeware3.2.2

Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-09 CVE-2006-6986 Phaseout Remote Security vulnerability in Phaseout 5.4.4

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

7.8
2007-02-07 CVE-2007-0825 Flashfxp Remote Buffer Overflow vulnerability in Flashfxp 3.4.0Build1145

FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.

7.8
2007-02-06 CVE-2007-0756 Chicken OF THE VNC Remote Denial of Service vulnerability in Chicken of the VNC Chicken of the VNC 2.0

Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.

7.8
2007-02-11 CVE-2007-0870 Microsoft Remote Code Execution vulnerability in Microsoft Word 2000

Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.

7.6
2007-02-09 CVE-2007-0867 Site Assistant Remote File Include vulnerability in Site-Assistant Menu.PHP

PHP remote file inclusion vulnerability in classes/menu.php in Site-Assistant 0990 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the paths[version] parameter.

7.5
2007-02-09 CVE-2007-0865 Lushinews SQL Injection vulnerability in Lushinews 1.00/1.01

SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.

7.5
2007-02-09 CVE-2007-0864 Lushiwarplaner SQL Injection vulnerability in Lushiwarplaner 1.0

SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.

7.5
2007-02-08 CVE-2007-0854 Cpanel Code Injection vulnerability in Cpanel Webhost Manager

Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter.

7.5
2007-02-08 CVE-2007-0853 Techexcel INC SQL-Injection vulnerability in Techexcel Inc. Devtrack 6.0.3

SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field.

7.5
2007-02-08 CVE-2007-0850 Syscp Team Local File Include vulnerability in SYSCP System Control Panel Panel_CronScript Table

scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table.

7.5
2007-02-08 CVE-2007-0848 Maian Recipe Remote Security vulnerability in Maian Recipe Maian Recipe 1.0

PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

7.5
2007-02-08 CVE-2007-0847 Open Tibia Server CMS SQL-Injection vulnerability in Open Tibia Server Cms

SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to priv.php.

7.5
2007-02-08 CVE-2007-0845 Advanced Poll Information Disclosure vulnerability in Advanced Poll Admin

admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote attackers to bypass authentication and gain administrator privileges by obtaining a valid session identifier and setting the uid parameter to 1.

7.5
2007-02-08 CVE-2006-6979 Amarok Improper Input Validation vulnerability in Amarok

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.

7.5
2007-02-08 CVE-2006-6976 Centipaid Code Injection vulnerability in Centipaid

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.

7.5
2007-02-08 CVE-2007-0839 Valarsoft Remote File Include vulnerability in Valarsoft Webmatic 2.6

Multiple PHP remote file inclusion vulnerabilities in index/index_album.php in Valarsoft WebMatic 2.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) P_LIB and (2) P_INDEX parameters.

7.5
2007-02-08 CVE-2007-0837 Agermenu Remote File Include vulnerability in Agermenu 0.03

PHP remote file inclusion vulnerability in examples/inc/top.inc.php in AgerMenu 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.

7.5
2007-02-07 CVE-2007-0828 Mysqlnewsengine Remote File Include vulnerability in MySQLNewsEngine Affichearticles.PHP3

PHP remote file inclusion vulnerability in affichearticles.php3 in MySQLNewsEngine allows remote attackers to execute arbitrary PHP code via a URL in the newsenginedir parameter.

7.5
2007-02-07 CVE-2007-0826 Kisisel Site 2007 SQL Injection vulnerability in Kisisel Site 2007

SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2007-02-07 CVE-2007-0824 Lightro Remote File Include vulnerability in Lightro CMS 1Beta

PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dateien[news] parameter.

7.5
2007-02-07 CVE-2007-0820 Cedric Remote File Include vulnerability in Cedric Claire Portailphp 2

Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to execute arbitrary PHP code via a URL in the chemin parameter to (1) mod_news/index.php, (2) mod_news/goodies.php, or (3) mod_search/index.php.

7.5
2007-02-07 CVE-2006-6974 Headstart Solutions SQL-Injection vulnerability in Deskpro

Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.

7.5
2007-02-07 CVE-2006-6973 Headstart Solutions Remote Security vulnerability in Deskpro

Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/.

7.5
2007-02-07 CVE-2006-6972 Btitracker SQL-Injection vulnerability in Btitracker

SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters.

7.5
2007-02-07 CVE-2007-0812 Woltlab SQL Injection vulnerability in Woltlab Burning Board Lite Pms.PHP

SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.

7.5
2007-02-07 CVE-2007-0810 Geeklog Remote File Include vulnerability in Geeklog 2

PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in GeekLog 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_libraries] parameter.

7.5
2007-02-07 CVE-2007-0809 Ptirhiikmods Remote File Include vulnerability in Ptirhiikmods Mod-Ch 2.1.2

PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-07 CVE-2007-0808 Mina Ajans Remote Security vulnerability in Mina Ajans Script

PHP remote file inclusion vulnerability in Mina Ajans Script allows remote attackers to execute arbitrary PHP code via a URL in the syf parameter to an unspecified PHP script.

7.5
2007-02-07 CVE-2007-0806 LES News Security Bypass vulnerability in LES News LES News 2.2

Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/index_fr.php3, and possibly the adminews index documents for other localizations.

7.5
2007-02-07 CVE-2007-0804 Ggcms Remote PHP Code Execution vulnerability in Ggcms 1.1.0Rc1

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

7.5
2007-02-07 CVE-2007-0803 Stlport Project Classic Buffer Overflow vulnerability in Stlport Project Stlport 5.0.0/5.0.1/5.0.2

Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor."

7.5
2007-02-06 CVE-2007-0799 Uapplication SQL-Injection vulnerability in Uapplication Ublog Reload1.0.5

SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-02-06 CVE-2007-0797 Bluevirus Design Remote File Include vulnerability in Bluevirus-Design Sma-Db 0.3.9

PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfad_z parameter.

7.5
2007-02-06 CVE-2007-0796 Bluecoat Remote Heap Overflow vulnerability in Bluecoat Winproxy 6.0/6.1

Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption.

7.5
2007-02-06 CVE-2007-0795 WAP Remote Security vulnerability in WAP Portal Server 1.X

Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

7.5
2007-02-06 CVE-2007-0793 Globalmegacorp Remote Security vulnerability in Globalmegacorp Dvddb 0.6

PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.

7.5
2007-02-06 CVE-2007-0792 Mozilla HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla 2.23.3

The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.

7.5
2007-02-06 CVE-2007-0790 Smartftp Buffer Errors vulnerability in Smartftp 2.0.1002

Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner.

7.5
2007-02-06 CVE-2007-0786 Noname Media SQL Injection vulnerability in Noname Media Photo Galerie Standard 1.1

SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-02-06 CVE-2007-0785 Flipsource Remote File Include vulnerability in Flip

PHP remote file inclusion vulnerability in previewtheme.php in Flipsource Flip 2.01-final 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

7.5
2007-02-06 CVE-2007-0784 RBL SQL-Injection vulnerability in Tpassword

SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.

7.5
2007-02-06 CVE-2007-0765 DB Masters Multimedia SQL Injection vulnerability in Curium CMS News.PHP

SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.

7.5
2007-02-06 CVE-2007-0762 Phpbb Remote File Include vulnerability in PHPbb++ Build100

PHP remote file inclusion vulnerability in includes/functions.php in phpBB++ Build 100 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-06 CVE-2007-0761 Phpbb Remote Security vulnerability in PHPbb Ezboard Converter 0.2

PHP remote file inclusion vulnerability in config.php in phpBB ezBoard converter (ezconvert) 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert_dir parameter.

7.5
2007-02-06 CVE-2007-0760 Eqdkp Authentication Bypass vulnerability in Eqdkp 1.3.1

EQdkp 1.3.1 and earlier authenticates administrative requests by verifying that the HTTP Referer header specifies an admin/ URL, which allows remote attackers to read or modify account names and passwords via a spoofed Referer.

7.5
2007-02-06 CVE-2007-0759 Umberto Caldera Input Validation vulnerability in Umberto Caldera Easymoblog 0.5.1

Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.

7.5
2007-02-06 CVE-2007-0758 Phpprobid Remote File Include vulnerability in PHPprobid 5.24

PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter.

7.5
2007-02-06 CVE-2007-0757 Miguel Nunes Remote File Include vulnerability in DreamStats System Rootpath

PHP remote file inclusion vulnerability in index.php in Miguel Nunes Call of Duty 2 (CoD2) DreamStats System 4.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.

7.5
2007-02-06 CVE-2007-0454 Samba
Debian
Mandrakesoft
USE of Externally-Controlled Format String vulnerability in multiple products

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

7.5
2007-02-08 CVE-2007-0856 Trend Micro Local Privilege Escalation vulnerability in Trend Micro AntiVirus Scan Engine TMComm

TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.

7.2
2007-02-08 CVE-2007-0849 Syscp Team Unspecified vulnerability in Syscp Team Syscp

scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568.

7.2
2007-02-08 CVE-2007-0819 HP Unspecified vulnerability in HP Network Node Manager 7.5

HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.

7.2

47 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-09 CVE-2007-0866 HP Local Code Execution vulnerability in HP Openview Storage Data Protector 5.50

Unspecified vulnerability in HP OpenView Storage Data Protector on HP-UX B.11.00, B.11.11, or B.11.23 allows local users to execute arbitrary code via unknown vectors.

6.8
2007-02-08 CVE-2007-0855 Rarlab Buffer Overflow vulnerability in Rarlab Unrar 3.60/3.61

Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

6.8
2007-02-08 CVE-2007-0852 Techexcel INC HTML Injection and SQL Injection vulnerability in Techexcel Inc. Devtrack 6.0.3

Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query.

6.8
2007-02-08 CVE-2007-0846 Open Tibia Server CMS Input Validation vulnerability in OTSCMS

Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.

6.8
2007-02-08 CVE-2007-0840 Hlstats Cross Site Scripting vulnerability in Hlstats 1.34

Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class.

6.8
2007-02-07 CVE-2007-0834 Darrens 5 Dollar Script Archive Cross-Site Scripting vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8

Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via the user name field when the user joins a chat room, a different vulnerability than CVE-2007-0807.

6.8
2007-02-07 CVE-2007-0827 Alibaba Remote Code Execution vulnerability in Alipay Password Input ActiveX Control

The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote attackers to execute arbitrary code via a JavaScript function that invokes the Remove method with an invalid index argument, which is used as an offset for a function call.

6.8
2007-02-07 CVE-2007-0807 Darrens 5 Dollar Script Archive HTML Injection vulnerability in Darrens 5-Dollar Script Archive Flashchat 4.7.8

Cross-site scripting (XSS) vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title (aka room name) that is not properly handled by the "who's online" feature.

6.8
2007-02-07 CVE-2006-6969 Jetty Unspecified vulnerability in Jetty Http Server

Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 before 6.1.0pre3 generates predictable session identifiers using java.util.random, which makes it easier for remote attackers to guess a session identifier through brute force attacks, bypass authentication requirements, and possibly conduct cross-site request forgery attacks.

6.8
2007-02-06 CVE-2007-0787 Simple Invoices Local File Include vulnerability in Simple Invoices Simple Invoices 20070202

PHP remote file inclusion vulnerability in controller.php in Simple Invoices before 20070202 allows remote attackers to execute arbitrary PHP code via a URL in the (1) module or (2) view parameter.

6.8
2007-02-06 CVE-2007-0763 F3Site HTML Injection vulnerability in F3Site 2.1

Cross-site scripting (XSS) vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field.

6.8
2007-02-06 CVE-2007-0452 Samba Denial of Service vulnerability in Samba Deferred CIFS File Open

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

6.8
2007-02-06 CVE-2007-0556 Postgresql Information Disclosure and Denial of Service vulnerability in PostgreSQL

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service (server crash) and possibly access database content via an "ALTER COLUMN TYPE" SQL statement, which can be leveraged to read arbitrary memory from the server.

6.6
2007-02-08 CVE-2007-0835 Coppermine Unspecified vulnerability in Coppermine Photo Gallery

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters (";" semicolon) in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command.

6.5
2007-02-06 CVE-2007-0764 F3Site File-Upload vulnerability in F3Site 2.1

Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.

6.5
2007-02-08 CVE-2007-0844 PAM SSH Authentication Bypass vulnerability in PAM SSH PAM SSH 1.91

The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.

6.4
2007-02-07 CVE-2007-0802 Mozilla
Opera
Improper Input Validation vulnerability in multiple products

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter.

6.4
2007-02-09 CVE-2007-0868 Yahoo Denial of Service vulnerability in Yahoo! Messenger Chat Room

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2007-02-09 CVE-2006-6985 Maxthon Remote Security vulnerability in Maxthon 1.5.6Build42

Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

5.0
2007-02-09 CVE-2006-6984 More Quick Tools Remote Security vulnerability in More Quick Tools Greenbrowser 3.4.0622

Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

5.0
2007-02-09 CVE-2006-6983 Myweb4Net Remote Security vulnerability in Myweb4Net Browser 3.8.8.0

Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

5.0
2007-02-08 CVE-2006-6982 3Proxy Remote Security vulnerability in 3Proxy 0.5/0.5.1/0.5.2

3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic authentication, which might cause browsers with incomplete RFC2616/RFC2617 support to use basic cleartext authentication even if NTLM is available, which makes it easier for attackers to steal credentials.

5.0
2007-02-08 CVE-2006-6981 3Proxy Denial-Of-Service vulnerability in 3Proxy 0.5/0.5.1/0.5.2

3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows remote attackers to cause a denial of service (blocked account) via unspecified vectors related to NTLM authentication, which causes a password hash to be overwritten.

5.0
2007-02-08 CVE-2006-2220 Phpbb Improper Input Validation vulnerability in PHPbb 2.0.20

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.

5.0
2007-02-08 CVE-2006-2219 Phpbb Group Improper Input Validation vulnerability in PHPbb Group PHPbb 2.0.20

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.

5.0
2007-02-08 CVE-2007-0838 Freeproxy Denial of Service vulnerability in Freeproxy 3.92

FreeProxy before 3.92 Build 1626 allows malicious users to cause a denial of service (infinite loop) via a HOST: header with a hostname and port number that refers to the server itself.

5.0
2007-02-07 CVE-2007-0821 Cedric Remote File Include vulnerability in Cedric Claire Portailphp 2

Multiple directory traversal vulnerabilities in Cedric CLAIRE PortailPhp 2 allow remote attackers to read arbitrary files via a ..

5.0
2007-02-07 CVE-2007-0816 Broadcom Unspecified vulnerability in Broadcom Brightstor Arcserve Backup 11/11.1/11.5

The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.

5.0
2007-02-07 CVE-2006-6970 Opera Permissions, Privileges, and Access Controls vulnerability in Opera Browser 9.10

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.

5.0
2007-02-08 CVE-2007-0669 Twiki Unspecified vulnerability in Twiki

Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.

4.6
2007-02-06 CVE-2007-0453 Samba Remote Buffer Overflow vulnerability in Samba NSS host lookup Winbind

Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

4.6
2007-02-07 CVE-2007-0829 Alwil Unspecified vulnerability in Alwil Avast Antivirus

avast! Server Edition before 4.7.726 does not demand a password in a certain intended context, even when a password has been set, which allows local users to bypass authentication requirements.

4.4
2007-02-09 CVE-2007-0869 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.6.4

Cross-site scripting (XSS) vulnerability in the Attachment Manager (admincp/attachment.php) in Jelsoft vBulletin 3.6.4 allows remote attackers to inject arbitrary web script or HTML via the Extension field.

4.3
2007-02-08 CVE-2007-0857 Moinmoin Cross-Site Scripting vulnerability in MoinMoin

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.

4.3
2007-02-08 CVE-2006-6978 Fckeditor Cross-Site Scripting vulnerability in Fckeditor

Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.

4.3
2007-02-08 CVE-2006-6977 Freetextbox Cross-Site Scripting vulnerability in Freetextbox

Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.

4.3
2007-02-07 CVE-2007-0817 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 6.1/7.0.1/7.0.2

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page.

4.3
2007-02-07 CVE-2007-0815 Uapplication HTML Injection vulnerability in Uapplication Uphotogallery 1.1

Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter.

4.3
2007-02-07 CVE-2007-0814 Adrenalin Labs HTML Injection vulnerability in Adrenalin's ASP Chat

Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP Chat allow remote attackers to inject arbitrary web script or HTML (1) via the psuedo (pseudo) field or (2) during chat.

4.3
2007-02-07 CVE-2007-0813 Home Production Cross-Site Scripting vulnerability in MySearchEngine

Cross-site scripting (XSS) vulnerability in Home production MySearchEngine allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-02-07 CVE-2007-0801 Mozilla Unspecified vulnerability in Mozilla Firefox 1.5.0.9

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.

4.3
2007-02-07 CVE-2007-0800 Mozilla Unspecified vulnerability in Mozilla Firefox 1.5.0.9

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

4.3
2007-02-06 CVE-2007-0798 Uapplication HTML Injection and SQL Injection vulnerability in Uapplication Ublog Reload 1.0.5

Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (2) badword.asp, (3) polls.asp, and (4) users.asp.

4.3
2007-02-06 CVE-2007-0791 Mozilla HTML Injection And Information disclosure vulnerability in Mozilla Bugzilla

Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla 2.20.3, 2.22.1, and 2.23.3, and earlier versions down to 2.20.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-02-06 CVE-2007-0788 Mediawiki HTML Injection vulnerability in Mediawiki 1.9.0/1.9.1

Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."

4.3
2007-02-06 CVE-2007-0768 Yahoo HTML Injection vulnerability in Yahoo! Messenger Notification Message

Multiple cross-site scripting (XSS) vulnerabilities in the Contact Details functionality in Yahoo! Messenger 8.1.0.209 and earlier allow user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG element to the (1) First Name, (2) Last Name, and (3) Nickname fields.

4.3
2007-02-08 CVE-2007-0836 Coppermine Remote And Local File Include vulnerability in Coppermine Photo Gallery

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to include arbitrary local and possibly remote files via the (1) "Path to custom header include" and (2) "Path to custom footer include" form fields.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-08 CVE-2006-6980 Magnatune COM Denial-Of-Service vulnerability in Album Browser

The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.

2.6
2007-02-07 CVE-2007-0805 HP Information Disclosure vulnerability in HP Tru64 5.1

The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local users to obtain sensitive information, including environment variables of arbitrary processes, via the "auxewww" argument, a similar issue to CVE-1999-1587.

2.1
2007-02-07 CVE-2007-0823 Slackware Information Disclosure vulnerability in Slackware Linux 10.2

xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory.

1.9
2007-02-07 CVE-2007-0822 Linux Unspecified vulnerability in Linux Kernel 2.6.15

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

1.9
2007-02-06 CVE-2007-0006 Linux Local Denial of Service vulnerability in Linux Kernel Key_Alloc_Serial()

The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinlock CPU recursion." The scheme for selecting serial numbers was changed from incrementing a counter to random number selection, increasing the likelihood of a serial number collision.

1.9
2007-02-07 CVE-2007-0833 Vmware Information Disclosure vulnerability in VMWare Workstation 5.5.3Build34685

VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and from this virtual machine" option is enabled, preserves clipboard data on the guest operating system after it was deleted on the host operating system, which might allow local users to read clipboard contents by moving the focus back to the host operating system.

1.2
2007-02-07 CVE-2007-0832 Vmware Information Disclosure vulnerability in VMWare Workstation 5.5.3Build34685

VMware Workstation 5.5.3 34685 does not immediately change the availability of a shared clipboard when the "Enable copy and paste to and from this virtual machine" checkbox is changed, which allows local users to obtain sensitive information or conduct certain attacks that are facilitated by weaker isolation between the host and guest operating systems.

1.2