Weekly Vulnerabilities Reports > February 12 to 18, 2007
Overview
145 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 63 high severity vulnerabilities. This weekly summary report vulnerabilities in 128 products from 91 vendors including Microsoft, Cisco, PHP, Jupiter CMS, and Trustix. Vulnerabilities are notably categorized as "Code Injection", "Cross-site Scripting", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 136 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities have public exploit available.
- 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 142 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
30 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-16 | CVE-2007-0980 | Redhat Suse HP | Remote Unauthorized Access vulnerability in HP Serviceguard for Linux A.11.14.06/A.11.15.07/A.11.16.10 Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. | 10.0 |
2007-02-16 | CVE-2007-0976 | Activex Soft | Remote Buffer Overflow vulnerability in Activex Soft Actsoft DVD Tools 3.8.5 Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value. | 10.0 |
2007-02-15 | CVE-2007-0954 | Mohachat | Remote Security vulnerability in Mohachat Moha Chat 0.1B7 MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors. | 10.0 |
2007-02-15 | CVE-2007-0949 | Itinysoft Studio | Buffer Overflow vulnerability in iTinySoft Studio Total Video Player M3U Playlist Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. | 10.0 |
2007-02-15 | CVE-2006-7022 | FX APP | HTML Injection vulnerability in Fx-App 0.0.8.1 The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | 10.0 |
2007-02-15 | CVE-2006-7018 | Oliver Georgi | Remote Security vulnerability in Phpwcms phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | 10.0 |
2007-02-15 | CVE-2006-7012 | Scart | Remote Security vulnerability in Scart 2.0 scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. | 10.0 |
2007-02-14 | CVE-2007-0915 | HP | Remote Arbitrary File Creation vulnerability in HP Hp-Ux 11.11 Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request. | 10.0 |
2007-02-13 | CVE-2007-0910 | PHP Trustix | Multiple vulnerability in PHP 5.2.0 and Prior Versions Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. | 10.0 |
2007-02-13 | CVE-2007-0219 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. | 10.0 |
2007-02-13 | CVE-2007-0217 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. | 10.0 |
2007-02-13 | CVE-2007-0903 | Process ONE | Unspecified vulnerability in EJabberD Mod_Roster_ODBC Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors. | 10.0 |
2007-02-12 | CVE-2007-0888 | Kiwi Enterprises | Directory Traversal vulnerability in Kiwi CatTools TFTP Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command. | 10.0 |
2007-02-12 | CVE-2007-0886 | Gecad Technologies | Buffer Errors vulnerability in Gecad Technologies Axigen Mail Server 1.2.6/2.0.0B1 Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow. | 10.0 |
2007-02-12 | CVE-2006-6997 | Mailenable | Improper Authentication vulnerability in Mailenable Enterprise and Mailenable Standard Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. | 10.0 |
2007-02-14 | CVE-2007-0921 | Radical Technologies | Input Validation vulnerability in Radical Technologies Portal Search Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI. | 9.4 |
2007-02-14 | CVE-2007-0913 | Microsoft | Remote Security vulnerability in PowerPoint Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. | 9.3 |
2007-02-13 | CVE-2007-0912 | Jportal | Cross-Site Request Forgery vulnerability in Jportal web Server 2.3.1 Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php. | 9.3 |
2007-02-13 | CVE-2006-4697 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-02-13 | CVE-2007-0209 | Microsoft | Code Injection vulnerability in Microsoft Office and Works Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | 9.3 |
2007-02-13 | CVE-2007-0208 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code. | 9.3 |
2007-02-13 | CVE-2007-0214 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters. | 9.3 |
2007-02-13 | CVE-2007-0025 | Microsoft | Code Injection vulnerability in Microsoft Visual Studio .Net and Windows 2003 Server The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | 9.3 |
2007-02-13 | CVE-2006-5270 | Microsoft | Integer Overflow vulnerability in Microsoft Antivirus Engine Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file. | 9.3 |
2007-02-13 | CVE-2006-3448 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Step-By-Step Interactive Training Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. | 9.3 |
2007-02-13 | CVE-2006-1311 | Microsoft | Remote Code Execution vulnerability in Microsoft Office And Microsoft Windows RichEdit Component The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. | 9.3 |
2007-02-12 | CVE-2007-0879 | Smidgeonsoft | Remote Buffer Overflow vulnerability in Smidgeonsoft Pebrowse Professional8.2.1.0 Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. | 9.3 |
2007-02-12 | CVE-2007-0770 | Graphicsmagick Imagemagick | Denial-Of-Service vulnerability in ImageMagick Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. | 9.3 |
2007-02-16 | CVE-2007-0968 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections. | 9.0 |
2007-02-16 | CVE-2007-0960 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors. | 9.0 |
63 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-16 | CVE-2007-0967 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests. | 7.8 |
2007-02-16 | CVE-2007-0966 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic. | 7.8 |
2007-02-16 | CVE-2007-0965 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request. | 7.8 |
2007-02-16 | CVE-2007-0963 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006. | 7.8 |
2007-02-16 | CVE-2007-0962 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco products Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic. | 7.8 |
2007-02-16 | CVE-2007-0961 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets. | 7.8 |
2007-02-16 | CVE-2007-0959 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets. | 7.8 |
2007-02-15 | CVE-2007-0955 | Mailenable | Denial-Of-Service vulnerability in MailEnable Professional The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read. | 7.8 |
2007-02-15 | CVE-2006-7020 | Oliver Georgi | Remote Security vulnerability in Phpwcms CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER). | 7.8 |
2007-02-14 | CVE-2007-0923 | Radical Technologies | Input Validation vulnerability in Radical Technologies Portal Search buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters. | 7.8 |
2007-02-14 | CVE-2007-0919 | Nickolas Grigoriadis | Directory Traversal vulnerability in Nickolas Grigoriadis Mini web Server 0.0.6 Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. | 7.8 |
2007-02-13 | CVE-2007-0911 | PHP | Remote Denial of Service vulnerability in PHP 5.2.1 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). | 7.8 |
2007-02-12 | CVE-2007-0887 | Gecad Technologies | Null Pointer Dereference vulnerability in Gecad Technologies Axigen Mail Server 1.2.6/2.0.0B1 axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp). | 7.8 |
2007-02-12 | CVE-2006-7007 | H Nomura | Denial-Of-Service vulnerability in Tiny Ftpd Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133. | 7.8 |
2007-02-12 | CVE-2007-0880 | Capital Request Forms | Information Disclosure vulnerability in Capital Request Forms Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. | 7.8 |
2007-02-12 | CVE-2007-0878 | Microsoft | Remote WML Content Denial of Service vulnerability in Microsoft Windows Mobile 5.0 Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685. | 7.8 |
2007-02-13 | CVE-2007-0026 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | 7.6 |
2007-02-16 | CVE-2007-0897 | Clamav Apple Debian | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | 7.5 |
2007-02-16 | CVE-2007-0987 | Jupiter CMS | Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-02-16 | CVE-2007-0985 | Phpcc | SQL Injection vulnerability in PHPcc SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | 7.5 |
2007-02-16 | CVE-2007-0984 | Aspcode NET | SQL Injection vulnerability in Aspcode.Net Pollmentor 2.0 SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | 7.5 |
2007-02-16 | CVE-2007-0981 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | 7.5 |
2007-02-16 | CVE-2007-0974 | IAN Bezanson | Remote Security vulnerability in IAN Bezanson Dropbox 0.0.3Beta Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability. | 7.5 |
2007-02-16 | CVE-2007-0972 | Jupiter CMS | Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. | 7.5 |
2007-02-16 | CVE-2007-0971 | Jupiter CMS | Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. | 7.5 |
2007-02-16 | CVE-2007-0970 | Webtester | SQL-Injection vulnerability in WebTester Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input. | 7.5 |
2007-02-15 | CVE-2007-0324 | Lizardtech | Buffer Overflow vulnerability in Lizardtech Djvu Browser Plug-In 6.0/6.0.1/6.1 Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-02-15 | CVE-2007-0951 | Fullaspsite | SQL-Injection vulnerability in ASP Hosting Site SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2007-02-15 | CVE-2006-7024 | Harpia | Remote File Include vulnerability in Harpia Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php. | 7.5 |
2007-02-15 | CVE-2006-7021 | Plume CMS | Code Injection vulnerability in Plume-Cms Plume CMS 1.1.3 PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. | 7.5 |
2007-02-15 | CVE-2006-7019 | Phpwcms | Remote Security vulnerability in phpwcms phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | 7.5 |
2007-02-15 | CVE-2006-7017 | Nicecoder | Denial-Of-Service vulnerability in Nicecoder Indexu 5.0.1 Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php. | 7.5 |
2007-02-15 | CVE-2006-7016 | Phpjobboard | Security Bypass vulnerability in Phpjobboard phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | 7.5 |
2007-02-15 | CVE-2006-7014 | Bloggit | Remote Security vulnerability in Bloggit admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request. | 7.5 |
2007-02-14 | CVE-2007-0932 | Alcatel Lucent Aruba | Permissions, Privileges, and Access Controls vulnerability in multiple products The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. | 7.5 |
2007-02-14 | CVE-2007-0931 | Alcatel Lucent Aruba | Multiple vulnerability in Aruba Mobility Controller Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings. | 7.5 |
2007-02-14 | CVE-2007-0930 | Apache Stats | Input Validation vulnerability in Apache Stats Extract Function Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function. | 7.5 |
2007-02-14 | CVE-2007-0927 | Utorrent | Remote Buffer Overflow vulnerability in Utorrent 1.6 Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header. | 7.5 |
2007-02-14 | CVE-2007-0926 | Kvguestbook | Remote Security vulnerability in Kvguestbook 1.0Beta The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables. | 7.5 |
2007-02-14 | CVE-2007-0924 | Till Gerken | Authentication Bypass vulnerability in Till Gerken PHPpolls 1.0.3 Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3. | 7.5 |
2007-02-14 | CVE-2007-0920 | Philboard | SQL Injection vulnerability in Philboard Philboard_forum.ASP SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
2007-02-13 | CVE-2007-0909 | PHP Trustix | Multiple vulnerability in PHP 5.2.0 and Prior Versions Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. | 7.5 |
2007-02-13 | CVE-2007-0906 | PHP Trustix | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. | 7.5 |
2007-02-13 | CVE-2007-0905 | PHP Trustix | Multiple vulnerability in PHP 5.2.0 and Prior Versions PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. | 7.5 |
2007-02-13 | CVE-2007-0904 | Lightro | SQL-Injection vulnerability in Lightro CMS 1.0 SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php. | 7.5 |
2007-02-13 | CVE-2007-0900 | Tagit | Remote File Include vulnerability in TagIt! TagBoard Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. | 7.5 |
2007-02-12 | CVE-2007-0892 | Matthieu Aubry | Crlf Injection vulnerability in Matthieu Aubry PHPmyvisites CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:". | 7.5 |
2007-02-12 | CVE-2006-7010 | Joomla | SQL-Injection vulnerability in Joomla The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | 7.5 |
2007-02-12 | CVE-2006-7009 | Joomla | Remote Security vulnerability in Joomla Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | 7.5 |
2007-02-12 | CVE-2006-7008 | Joomla | Remote Security vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | 7.5 |
2007-02-12 | CVE-2006-7005 | PHP Script Tools | SQL-Injection vulnerability in PSY Auction SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-12 | CVE-2006-7003 | Fusionphp | Remote Security vulnerability in Fusion Polls PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | 7.5 |
2007-02-12 | CVE-2007-0884 | Roaring Penguin | Remote Buffer Overflow vulnerability in Roaring Penguin Software Mimedefang 2.59/2.60 Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | 7.5 |
2007-02-12 | CVE-2007-0873 | Nabocorp | Authentication Bypass vulnerability in Nabocorp Nabopoll 1.1/1.2 nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/. | 7.5 |
2007-02-12 | CVE-2007-0871 | Extremepow | Unspecified vulnerability in Extremepow Extreme File Hosting Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php. | 7.5 |
2007-02-12 | CVE-2006-6993 | DEV | SQL-Injection vulnerability in DEV Neuron Blog 1.1 Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. | 7.5 |
2007-02-16 | CVE-2007-0978 | IBM | Local Security vulnerability in IBM AIX 5.3 Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data. | 7.2 |
2007-02-13 | CVE-2007-0211 | Microsoft | Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware." | 7.2 |
2007-02-13 | CVE-2007-0210 | Microsoft | Privilege Escalation vulnerability in Microsoft Windows Image Acquisition Service The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow. | 7.2 |
2007-02-16 | CVE-2007-0977 | IBM | Remote Security vulnerability in Lotus Domino 5.0/6.0 IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428. | 7.1 |
2007-02-14 | CVE-2007-0918 | Cisco | Unspecified vulnerability in Cisco IOS The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. | 7.1 |
2007-02-14 | CVE-2007-0914 | SUN | Remote Denial of Service vulnerability in SUN Solaris 10.0 Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | 7.1 |
2007-02-12 | CVE-2006-7001 | Phpmychat Plus | Directory Traversal vulnerability in Phpmychat Plus Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-16 | CVE-2007-0983 | Ansatheus | Code Injection vulnerability in Ansatheus AT Contenator PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter. | 6.8 |
2007-02-16 | CVE-2007-0973 | Jupiter CMS | Cross-Site Scripting vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action. | 6.8 |
2007-02-16 | CVE-2007-0969 | Webtester | Input Validation vulnerability in WebTester Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files. | 6.8 |
2007-02-15 | CVE-2007-0952 | Scriptsez NET | Cross-Site Scripting vulnerability in Virtual Calendar Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range. | 6.8 |
2007-02-15 | CVE-2007-0950 | Fullaspsite | Input Validation vulnerability in Fullaspsite Shop Listmain.ASP Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 6.8 |
2007-02-12 | CVE-2006-7004 | PHP Script Tools | Cross-Site Scripting vulnerability in PSY Auction Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | 6.8 |
2007-02-12 | CVE-2007-0885 | Rainbow Portal | Cross-Site Scripting vulnerability in Atlassian JIRA BrowseProject.JSPA Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 6.8 |
2007-02-12 | CVE-2007-0881 | Openi CMS Group | Remote File Include vulnerability in Openi-Cms Group Openi-Cms 1.0 PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php. | 6.8 |
2007-02-12 | CVE-2007-0874 | Allons Voter | Authentication Bypass vulnerability in Allons Voter Allons Voter 1.0 Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. | 6.8 |
2007-02-16 | CVE-2007-0898 | Clam Anti Virus | Path Traversal vulnerability in Clam Anti-Virus Clamav Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. | 6.4 |
2007-02-14 | CVE-2007-0917 | Cisco | Multiple vulnerability in Cisco IOS Intrusion Prevention System The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets. | 6.4 |
2007-02-12 | CVE-2006-6995 | V3 Chat | Input Validation vulnerability in V3 Chat Instant Messenger mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | 6.0 |
2007-02-16 | CVE-2007-0964 | Cisco | Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1 Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request. | 5.4 |
2007-02-16 | CVE-2007-0986 | Jupiter CMS | Code Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.5 PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | 5.1 |
2007-02-15 | CVE-2007-0652 | Mailenable | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. | 5.1 |
2007-02-16 | CVE-2007-0979 | Lifetype | Information Exposure vulnerability in Lifetype Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL." | 5.0 |
2007-02-16 | CVE-2007-0975 | Apache Stats | Remote Security vulnerability in Apache Stats Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array. | 5.0 |
2007-02-14 | CVE-2007-0929 | Guillaume Fontaine | Directory Traversal vulnerability in Php Rrd Browser Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter. | 5.0 |
2007-02-14 | CVE-2007-0928 | Virtual Calendar | Information Disclosure vulnerability in Virtual Calendar Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. | 5.0 |
2007-02-13 | CVE-2007-0908 | PHP Canonical | Improper Input Validation vulnerability in multiple products The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable. | 5.0 |
2007-02-13 | CVE-2007-0907 | PHP Trustix | Multiple vulnerability in PHP 5.2.0 and Prior Versions Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. | 5.0 |
2007-02-13 | CVE-2007-0902 | Moinmoin | Cross-Site Scripting vulnerability in Moinmoin 1.5.7 Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. | 5.0 |
2007-02-12 | CVE-2007-0894 | Mediawiki | Information Disclosure vulnerability in Mediawiki MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message. | 5.0 |
2007-02-12 | CVE-2007-0893 | Matthieu Aubry | Path Traversal vulnerability in Matthieu Aubry PHPmyvisites Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. | 5.0 |
2007-02-12 | CVE-2007-0883 | Second Rule LLC | Directory Traversal vulnerability in IP3 NetAccess Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-12 | CVE-2007-0877 | March Networks | Denial of Service vulnerability in March Networks Digital Video Recorders Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service. | 5.0 |
2007-02-12 | CVE-2007-0872 | Plain OLD Webserver | Directory Traversal vulnerability in Plain OLD Webserver Plain OLD Webserver 0.0.7/0.0.8 Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-12 | CVE-2006-7000 | Headstart Solutions | Remote Security vulnerability in Deskpro 2.0.0/2.0.1 Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | 5.0 |
2007-02-12 | CVE-2006-6998 | Headstart Solutions | Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1 install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function. | 5.0 |
2007-02-14 | CVE-2007-0916 | HP | Local Denial of Service vulnerability in HP Hp-Ux 11.11/11.23 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. | 4.9 |
2007-02-12 | CVE-2007-0889 | Kiwi Enterprises | Information Disclosure vulnerability in Kiwi Cattools Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. | 4.6 |
2007-02-16 | CVE-2007-0451 | Apache | Resource Management Errors vulnerability in Apache Spamassassin Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Upgrade to SpamAssassin version 3.1.8 | 4.3 |
2007-02-16 | CVE-2007-0982 | Taskfreak | Cross-Site Scripting vulnerability in Taskfreak 0.5.5 Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. | 4.3 |
2007-02-15 | CVE-2007-0651 | Mailenable | HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/. | 4.3 |
2007-02-15 | CVE-2007-0953 | Atmail | HTML Injection vulnerability in @Mail Search.HTML Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | 4.3 |
2007-02-15 | CVE-2006-7023 | FX APP | Cross-Site Scripting vulnerability in Fx-App 0.0.8.1 Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item. | 4.3 |
2007-02-14 | CVE-2007-0925 | Communityserver ORG | Cross-Site Scripting vulnerability in Community Server SearchResults.ASPX Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2007-02-14 | CVE-2007-0922 | Radical Technologies | Cross-Site Scripting vulnerability in Portal Search Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2007-02-14 | CVE-2006-5860 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion and Jrun Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2007-02-14 | CVE-2006-5859 | Adobe | Cross-Site Scripting vulnerability in Adobe Coldfusion 7.0/7.0.1 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | 4.3 |
2007-02-13 | CVE-2007-0901 | Moinmoin | Cross-Site Scripting vulnerability in Moinmoin 1.5.7 Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. | 4.3 |
2007-02-13 | CVE-2007-0896 | Mozilla Sage | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712. | 4.3 |
2007-02-12 | CVE-2007-0891 | Matthieu Aubry | Cross-Site Scripting vulnerability in Matthieu Aubry PHPmyvisites Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2007-02-12 | CVE-2007-0890 | Cpanel | Cross-Site Scripting vulnerability in CPanel PassWDMySQL Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. | 4.3 |
2007-02-12 | CVE-2007-0876 | Qdig | Cross-Site Scripting vulnerability in Qdig QWD Variable Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI. | 4.3 |
2007-02-12 | CVE-2006-7002 | Wheatblog | Cross-Site Scripting vulnerability in Wheatblog 1.1 Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. | 4.3 |
2007-02-12 | CVE-2006-6999 | Headstart Solutions | Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1 attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | 4.3 |
2007-02-12 | CVE-2006-6996 | THE WAR Forge | Cross-Site Scripting vulnerability in the WAR Forge Warforge.News 1.0 Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-13 | CVE-2007-0895 | SUN | Local Security vulnerability in Solaris Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. | 2.6 |
2007-02-16 | CVE-2007-0710 | Apple | Resource Management Errors vulnerability in Apple Ichat The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614. | 2.1 |
2007-02-16 | CVE-2007-0859 | Palm | Information Disclosure vulnerability in Palm Treo 650/680/700P The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys. | 2.1 |
2007-02-15 | CVE-2007-0958 | Linux | Local Information Disclosure vulnerability in Linux Kernel BINFMT_ELF PT_INTERP Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073. | 2.1 |