Weekly Vulnerabilities Reports > February 12 to 18, 2007

Overview

153 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 66 high severity vulnerabilities. This weekly summary report vulnerabilities in 132 products from 95 vendors including Microsoft, Cisco, PHP, Jupiter CMS, and Trustix. Vulnerabilities are notably categorized as "Code Injection", "Cross-site Scripting", "Resource Management Errors", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 144 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 150 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

32 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-16 CVE-2007-0980 Redhat
Suse
HP
Remote Unauthorized Access vulnerability in HP Serviceguard for Linux A.11.14.06/A.11.15.07/A.11.16.10

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

10.0
2007-02-16 CVE-2007-0976 Activex Soft Remote Buffer Overflow vulnerability in Activex Soft Actsoft DVD Tools 3.8.5

Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.

10.0
2007-02-15 CVE-2007-0954 Mohachat Remote Security vulnerability in Mohachat Moha Chat 0.1B7

MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.

10.0
2007-02-15 CVE-2007-0949 Itinysoft Studio Buffer Overflow vulnerability in iTinySoft Studio Total Video Player M3U Playlist

Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name.

10.0
2007-02-15 CVE-2006-7022 FX APP HTML Injection vulnerability in Fx-App 0.0.8.1

The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.

10.0
2007-02-15 CVE-2006-7018 Oliver Georgi Remote Security vulnerability in Phpwcms

phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.

10.0
2007-02-15 CVE-2006-7015 Jobline Unspecified vulnerability in Jobline 1.1.1

** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter.

10.0
2007-02-15 CVE-2006-7012 Scart Remote Security vulnerability in Scart 2.0

scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.

10.0
2007-02-14 CVE-2007-0915 HP Remote Arbitrary File Creation vulnerability in HP Hp-Ux 11.11

Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.

10.0
2007-02-13 CVE-2007-0910 PHP
Trustix
Multiple vulnerability in PHP 5.2.0 and Prior Versions

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

10.0
2007-02-13 CVE-2007-0219 Microsoft Unspecified vulnerability in Microsoft IE 5.01/6.0/7.0

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.

10.0
2007-02-13 CVE-2007-0217 Microsoft Unspecified vulnerability in Microsoft IE 5.01/6.0

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.

10.0
2007-02-13 CVE-2007-0903 Process ONE Unspecified vulnerability in EJabberD Mod_Roster_ODBC

Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.

10.0
2007-02-12 CVE-2007-0888 Kiwi Enterprises Directory Traversal vulnerability in Kiwi CatTools TFTP

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

10.0
2007-02-12 CVE-2007-0886 Gecad Technologies Buffer Errors vulnerability in Gecad Technologies Axigen Mail Server 1.2.6/2.0.0B1

Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.

10.0
2007-02-12 CVE-2007-0882 SUN Code Injection vulnerability in SUN Solaris and Sunos

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

10.0
2007-02-12 CVE-2006-6997 Mailenable Improper Authentication vulnerability in Mailenable Enterprise and Mailenable Standard

Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors.

10.0
2007-02-14 CVE-2007-0921 Radical Technologies Input Validation vulnerability in Radical Technologies Portal Search

Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.

9.4
2007-02-14 CVE-2007-0913 Microsoft Remote Security vulnerability in PowerPoint

Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G.

9.3
2007-02-13 CVE-2007-0912 Jportal Cross-Site Request Forgery vulnerability in Jportal web Server 2.3.1

Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.

9.3
2007-02-13 CVE-2006-4697 Microsoft Unspecified vulnerability in Microsoft IE 5.01/6.0/7.0

Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-02-13 CVE-2007-0209 Microsoft Code Injection vulnerability in Microsoft Office and Works

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.

9.3
2007-02-13 CVE-2007-0208 Microsoft Improper Input Validation vulnerability in Microsoft products

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.

9.3
2007-02-13 CVE-2007-0214 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.

9.3
2007-02-13 CVE-2007-0025 Microsoft Code Injection vulnerability in Microsoft Visual Studio .Net and Windows 2003 Server

The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

9.3
2007-02-13 CVE-2006-5270 Microsoft Integer Overflow vulnerability in Microsoft Antivirus Engine

Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file.

9.3
2007-02-13 CVE-2006-3448 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Step-By-Step Interactive Training

Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.

9.3
2007-02-13 CVE-2006-1311 Microsoft Remote Code Execution vulnerability in Microsoft Office And Microsoft Windows RichEdit Component

The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.

9.3
2007-02-12 CVE-2007-0879 Smidgeonsoft Remote Buffer Overflow vulnerability in Smidgeonsoft Pebrowse Professional8.2.1.0

Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format.

9.3
2007-02-12 CVE-2007-0770 Graphicsmagick
Imagemagick
Denial-Of-Service vulnerability in ImageMagick

Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

9.3
2007-02-16 CVE-2007-0968 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco

Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.

9.0
2007-02-16 CVE-2007-0960 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco

Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.

9.0

66 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-16 CVE-2007-0967 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1

Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows remote attackers to cause a denial of service (device reboot) via malformed SNMP requests.

7.8
2007-02-16 CVE-2007-0966 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1

Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.

7.8
2007-02-16 CVE-2007-0965 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1

Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a long HTTP request.

7.8
2007-02-16 CVE-2007-0963 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1

Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.3), when set to log at the "debug" level, allows remote attackers to cause a denial of service (device reboot) by sending packets that are not of a particular protocol such as TCP or UDP, which triggers the reboot during generation of Syslog message 710006.

7.8
2007-02-16 CVE-2007-0962 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco products

Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before 7.0(4.14) and 7.1 before 7.1(2.1), and the FWSM 2.x before 2.3(4.12) and 3.x before 3.1(3.24), when "inspect http" is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed HTTP traffic.

7.8
2007-02-16 CVE-2007-0961 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco

Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before 6.3(5.115), 7.0 before 7.0(5.2), and 7.1 before 7.1(2.5), and the FWSM 3.x before 3.1(3.24), when the "inspect sip" option is enabled, allows remote attackers to cause a denial of service (device reboot) via malformed SIP packets.

7.8
2007-02-16 CVE-2007-0959 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco

Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to inspect certain TCP-based protocols, allows remote attackers to cause a denial of service (device reboot) via malformed TCP packets.

7.8
2007-02-15 CVE-2007-0955 Mailenable Denial-Of-Service vulnerability in MailEnable Professional

The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.

7.8
2007-02-15 CVE-2006-7020 Oliver Georgi Remote Security vulnerability in Phpwcms

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).

7.8
2007-02-14 CVE-2007-0923 Radical Technologies Input Validation vulnerability in Radical Technologies Portal Search

buscador/buscador.htm in Portal Search allows remote attackers to obtain sensitive information (business logic) via a query string composed of a search for certain characters.

7.8
2007-02-14 CVE-2007-0919 Nickolas Grigoriadis Directory Traversal vulnerability in Nickolas Grigoriadis Mini web Server 0.0.6

Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI.

7.8
2007-02-13 CVE-2007-0911 PHP Remote Denial of Service vulnerability in PHP 5.2.1

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

7.8
2007-02-12 CVE-2007-0887 Gecad Technologies Null Pointer Dereference vulnerability in Gecad Technologies Axigen Mail Server 1.2.6/2.0.0B1

axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).

7.8
2007-02-12 CVE-2006-7007 H Nomura Denial-Of-Service vulnerability in Tiny Ftpd

Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command, a different vector than CVE-2000-0133.

7.8
2007-02-12 CVE-2007-0880 Capital Request Forms Information Disclosure vulnerability in Capital Request Forms

Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.

7.8
2007-02-12 CVE-2007-0878 Microsoft Remote WML Content Denial of Service vulnerability in Microsoft Windows Mobile 5.0

Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.

7.8
2007-02-13 CVE-2007-0026 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.

7.6
2007-02-16 CVE-2007-0987 Jupiter CMS Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5

Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-02-16 CVE-2007-0985 Phpcc SQL Injection vulnerability in PHPcc

SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.

7.5
2007-02-16 CVE-2007-0984 Aspcode NET SQL Injection vulnerability in Aspcode.Net Pollmentor 2.0

SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.

7.5
2007-02-16 CVE-2007-0981 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.

7.5
2007-02-16 CVE-2007-0974 IAN Bezanson Remote Security vulnerability in IAN Bezanson Dropbox 0.0.3Beta

Multiple unspecified vulnerabilities in Ian Bezanson DropBox before 0.0.4 beta have unknown impact and attack vectors, possibly related to a variable extraction vulnerability.

7.5
2007-02-16 CVE-2007-0972 Jupiter CMS Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5

Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters.

7.5
2007-02-16 CVE-2007-0971 Jupiter CMS Scripts Multiple Input Validation vulnerability in Jupiter CMS Jupiter CMS 1.1.5

Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts.

7.5
2007-02-16 CVE-2007-0970 Webtester SQL-Injection vulnerability in WebTester

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

7.5
2007-02-15 CVE-2007-0324 Lizardtech Buffer Overflow vulnerability in Lizardtech Djvu Browser Plug-In 6.0/6.0.1/6.1

Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2007-02-15 CVE-2007-0951 Fullaspsite SQL-Injection vulnerability in ASP Hosting Site

SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2007-02-15 CVE-2006-7024 Harpia Remote File Include vulnerability in Harpia

Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) func_prog parameter to (a) preload.php and (b) index.php; (2) header_prog parameter to (c) missing.php and (d) email.php, (e) files.php, (f) headlines.php, (g) search.php, (h) topics.php, and (i) users.php in _mods/; (3) theme_root parameter to (j) footer.php, (k) header.php, (l) pfooter.php, and (m) pheader.php in _inc; (4) mod_root parameter to _inc/header.php; and the (5) mod_dir and (6) php_ext parameters to (n) _inc/web_statsConfig.php.

7.5
2007-02-15 CVE-2006-7021 Plume CMS Code Injection vulnerability in Plume-Cms Plume CMS 1.1.3

PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.

7.5
2007-02-15 CVE-2006-7019 Phpwcms Remote Security vulnerability in phpwcms

phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.

7.5
2007-02-15 CVE-2006-7017 Nicecoder Denial-Of-Service vulnerability in Nicecoder Indexu 5.0.1

Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php.

7.5
2007-02-15 CVE-2006-7016 Phpjobboard Security Bypass vulnerability in Phpjobboard

phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.

7.5
2007-02-15 CVE-2006-7014 Bloggit Remote Security vulnerability in Bloggit

admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.

7.5
2007-02-15 CVE-2006-7013 Simple Machines Unspecified vulnerability in Simple Machines Simple Machines Forum

** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address.

7.5
2007-02-15 CVE-2006-7011 Develooping Remote File Include vulnerability in Develooping Flash Chat 4.5.7/4.6/4.6.1

** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter.

7.5
2007-02-14 CVE-2007-0932 Alcatel Lucent
Aruba
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN.

7.5
2007-02-14 CVE-2007-0931 Alcatel Lucent
Aruba
Multiple vulnerability in Aruba Mobility Controller

Heap-based buffer overflow in the management interfaces in (1) Aruba Mobility Controllers 200, 800, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via long credential strings.

7.5
2007-02-14 CVE-2007-0930 Apache Stats Input Validation vulnerability in Apache Stats Extract Function

Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.

7.5
2007-02-14 CVE-2007-0927 Utorrent Remote Buffer Overflow vulnerability in Utorrent 1.6

Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.

7.5
2007-02-14 CVE-2007-0926 Kvguestbook Remote Security vulnerability in Kvguestbook 1.0Beta

The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows remote attackers to gain administrative privileges, probably via modified $mysql['pass'] and $gbpass variables.

7.5
2007-02-14 CVE-2007-0924 Till Gerken Authentication Bypass vulnerability in Till Gerken PHPpolls 1.0.3

Till Gerken phpPolls 1.0.3 allows remote attackers to bypass authentication and perform certain administrative actions via a direct request to phpPollAdmin.php3.

7.5
2007-02-14 CVE-2007-0920 Philboard SQL Injection vulnerability in Philboard Philboard_forum.ASP

SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2007-02-13 CVE-2007-0909 PHP
Trustix
Multiple vulnerability in PHP 5.2.0 and Prior Versions

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

7.5
2007-02-13 CVE-2007-0906 PHP
Trustix
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.

7.5
2007-02-13 CVE-2007-0905 PHP
Trustix
Multiple vulnerability in PHP 5.2.0 and Prior Versions

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension.

7.5
2007-02-13 CVE-2007-0904 Lightro SQL-Injection vulnerability in Lightro CMS 1.0

SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.

7.5
2007-02-13 CVE-2007-0900 Tagit Remote File Include vulnerability in TagIt! TagBoard

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249.

7.5
2007-02-12 CVE-2007-0892 Matthieu Aubry Crlf Injection vulnerability in Matthieu Aubry PHPmyvisites

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with "FILE:".

7.5
2007-02-12 CVE-2006-7010 Joomla SQL-Injection vulnerability in Joomla

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.

7.5
2007-02-12 CVE-2006-7009 Joomla Remote Security vulnerability in Joomla

Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

7.5
2007-02-12 CVE-2006-7008 Joomla Remote Security vulnerability in Joomla

Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

7.5
2007-02-12 CVE-2006-7006 Robin DE Graff Remote File Include vulnerability in Robin DE Graff Somery 0.4.4

** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter.

7.5
2007-02-12 CVE-2006-7005 PHP Script Tools SQL-Injection vulnerability in PSY Auction

SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-02-12 CVE-2006-7003 Fusionphp Remote Security vulnerability in Fusion Polls

PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.

7.5
2007-02-12 CVE-2007-0884 Roaring Penguin Remote Buffer Overflow vulnerability in Roaring Penguin Software Mimedefang 2.59/2.60

Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.

7.5
2007-02-12 CVE-2007-0875 Mcrefer SQL Injection vulnerability in Mcrefer 1.0

** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-02-12 CVE-2007-0873 Nabocorp Authentication Bypass vulnerability in Nabocorp Nabopoll 1.1/1.2

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.

7.5
2007-02-12 CVE-2007-0871 Extremepow Unspecified vulnerability in Extremepow Extreme File Hosting

Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.

7.5
2007-02-12 CVE-2006-6993 DEV SQL-Injection vulnerability in DEV Neuron Blog 1.1

Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters.

7.5
2007-02-16 CVE-2007-0978 IBM Local Security vulnerability in IBM AIX 5.3

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

7.2
2007-02-13 CVE-2007-0211 Microsoft Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP

The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."

7.2
2007-02-13 CVE-2007-0210 Microsoft Privilege Escalation vulnerability in Microsoft Windows Image Acquisition Service

The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 allows local users to gain privileges via unspecified vectors involving an "unchecked buffer," probably a buffer overflow.

7.2
2007-02-16 CVE-2007-0977 IBM Remote Security vulnerability in Lotus Domino 5.0/6.0

IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.

7.1
2007-02-14 CVE-2007-0918 Cisco Improper Input Validation vulnerability in Cisco IOS

The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.

7.1
2007-02-14 CVE-2007-0914 SUN Remote Denial of Service vulnerability in SUN Solaris 10.0

Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors.

7.1
2007-02-12 CVE-2006-7001 Phpmychat Plus Directory Traversal vulnerability in Phpmychat Plus

Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a ..

7.1

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-16 CVE-2007-0983 Ansatheus Code Injection vulnerability in Ansatheus AT Contenator

PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter.

6.8
2007-02-16 CVE-2007-0973 Jupiter CMS Cross-Site Scripting vulnerability in Jupiter CMS Jupiter CMS 1.1.5

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.

6.8
2007-02-16 CVE-2007-0969 Webtester Input Validation vulnerability in WebTester

Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.

6.8
2007-02-15 CVE-2007-0952 Scriptsez NET Cross-Site Scripting vulnerability in Virtual Calendar

Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the (1) t and (2) yr parameters, and the (3) sho parameter when the m parameter is outside the intended range.

6.8
2007-02-15 CVE-2007-0950 Fullaspsite Input Validation vulnerability in Fullaspsite Shop Listmain.ASP

Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

6.8
2007-02-12 CVE-2006-7004 PHP Script Tools Cross-Site Scripting vulnerability in PSY Auction

Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

6.8
2007-02-12 CVE-2007-0885 Rainbow Portal Cross-Site Scripting vulnerability in Atlassian JIRA BrowseProject.JSPA

Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.

6.8
2007-02-12 CVE-2007-0881 Openi CMS Group Remote File Include vulnerability in Openi-Cms Group Openi-Cms 1.0

PHP remote file inclusion vulnerability in the Seitenschutz plugin for OPENi-CMS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the (1) config[oi_dir] and possibly (2) config[openi_dir] parameters to open-admin/plugins/site_protection/index.php.

6.8
2007-02-12 CVE-2007-0874 Allons Voter Authentication Bypass vulnerability in Allons Voter Allons Voter 1.0

Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php.

6.8
2007-02-16 CVE-2007-0898 Clam Anti Virus Path Traversal vulnerability in Clam Anti-Virus Clamav

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a ..

6.4
2007-02-14 CVE-2007-0917 Cisco Multiple vulnerability in Cisco IOS Intrusion Prevention System

The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.

6.4
2007-02-12 CVE-2006-6994 Indirmax ORG 7PK - Security Features vulnerability in Indirmax.Org Ozzywork Galeri 2.0

Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.

6.4
2007-02-12 CVE-2006-6995 V3 Chat Input Validation vulnerability in V3 Chat Instant Messenger

mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.

6.0
2007-02-16 CVE-2007-0964 Cisco Products Multiple Remote Denial Of Service vulnerability in Cisco Firewall Services Module 3.1

Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to use "aaa authentication match" or "aaa authentication include", allows remote attackers to cause a denial of service (device reboot) via a malformed HTTPS request.

5.4
2007-02-16 CVE-2007-0986 Jupiter CMS Code Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.5

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.

5.1
2007-02-15 CVE-2007-0652 Mailenable HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client

Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

5.1
2007-02-16 CVE-2007-0979 Lifetype Information Exposure vulnerability in Lifetype

Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before 1.2-beta2, allows remote attackers to obtain sensitive information (file contents) via a "crafted URL."

5.0
2007-02-16 CVE-2007-0975 Apache Stats Remote Security vulnerability in Apache Stats

Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.

5.0
2007-02-14 CVE-2007-0929 Guillaume Fontaine Directory Traversal vulnerability in Php Rrd Browser

Directory traversal vulnerability in php rrd browser before 0.2.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter.

5.0
2007-02-14 CVE-2007-0928 Virtual Calendar Information Disclosure vulnerability in Virtual Calendar

Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt.

5.0
2007-02-13 CVE-2007-0908 PHP
Canonical
Improper Input Validation vulnerability in multiple products

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

5.0
2007-02-13 CVE-2007-0907 PHP
Trustix
Multiple vulnerability in PHP 5.2.0 and Prior Versions

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

5.0
2007-02-13 CVE-2007-0902 Moinmoin Cross-Site Scripting vulnerability in Moinmoin 1.5.7

Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information.

5.0
2007-02-13 CVE-2007-0842 Microsoft Resource Management Errors vulnerability in Microsoft Visual C++ and Visual Studio

The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values.

5.0
2007-02-12 CVE-2007-0894 Mediawiki Information Disclosure vulnerability in Mediawiki

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

5.0
2007-02-12 CVE-2007-0893 Matthieu Aubry Path Traversal vulnerability in Matthieu Aubry PHPmyvisites

Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.

5.0
2007-02-12 CVE-2007-0883 Second Rule LLC Directory Traversal vulnerability in IP3 NetAccess

Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a ..

5.0
2007-02-12 CVE-2007-0877 March Networks Denial of Service vulnerability in March Networks Digital Video Recorders

Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital Video Recorders allows attackers to cause an unspecified denial of service.

5.0
2007-02-12 CVE-2007-0872 Plain OLD Webserver Directory Traversal vulnerability in Plain OLD Webserver Plain OLD Webserver 0.0.7/0.0.8

Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a ..

5.0
2007-02-12 CVE-2006-7000 Headstart Solutions Remote Security vulnerability in Deskpro 2.0.0/2.0.1

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages.

5.0
2007-02-12 CVE-2006-6998 Headstart Solutions Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1

install/loader_help.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERY_STRING, which calls the phpinfo function.

5.0
2007-02-14 CVE-2007-0916 HP Local Denial of Service vulnerability in HP Hp-Ux 11.11/11.23

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.

4.9
2007-02-12 CVE-2007-0889 Kiwi Enterprises Information Disclosure vulnerability in Kiwi Cattools

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file.

4.6
2007-02-16 CVE-2007-0897 Clam Anti Virus Remote Denial of Service vulnerability in ClamAV CAB File

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

4.3
2007-02-16 CVE-2007-0451 Apache Resource Management Errors vulnerability in Apache Spamassassin

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Upgrade to SpamAssassin version 3.1.8

4.3
2007-02-16 CVE-2007-0982 Taskfreak Cross-Site Scripting vulnerability in Taskfreak 0.5.5

Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.

4.3
2007-02-15 CVE-2007-0651 Mailenable HTML Injection and Cross-Site Scripting vulnerability in MailEnable Web Mail Client

Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.

4.3
2007-02-15 CVE-2007-0953 Atmail HTML Injection vulnerability in @Mail Search.HTML

Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

4.3
2007-02-15 CVE-2006-7023 FX APP Cross-Site Scripting vulnerability in Fx-App 0.0.8.1

Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.

4.3
2007-02-14 CVE-2007-0925 Communityserver ORG Cross-Site Scripting vulnerability in Community Server SearchResults.ASPX

Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2007-02-14 CVE-2007-0922 Radical Technologies Cross-Site Scripting vulnerability in Portal Search

Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in Portal Search allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2007-02-14 CVE-2006-5860 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion and Jrun

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2007-02-14 CVE-2006-5859 Adobe Cross-Site Scripting vulnerability in Adobe Coldfusion 7.0/7.0.1

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

4.3
2007-02-13 CVE-2007-0901 Moinmoin Cross-Site Scripting vulnerability in Moinmoin 1.5.7

Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857.

4.3
2007-02-13 CVE-2007-0896 Mozilla
Sage
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

4.3
2007-02-12 CVE-2007-0891 Matthieu Aubry Cross-Site Scripting vulnerability in Matthieu Aubry PHPmyvisites

Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2007-02-12 CVE-2007-0890 Cpanel Cross-Site Scripting vulnerability in CPanel PassWDMySQL

Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.

4.3
2007-02-12 CVE-2007-0876 Qdig Cross-Site Scripting vulnerability in Qdig QWD Variable

Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.

4.3
2007-02-12 CVE-2006-7002 Wheatblog Cross-Site Scripting vulnerability in Wheatblog 1.1

Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field.

4.3
2007-02-12 CVE-2006-6999 Headstart Solutions Information Exposure vulnerability in Headstart Solutions Deskpro 2.0.0/2.0.1

attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.

4.3
2007-02-12 CVE-2006-6996 THE WAR Forge Cross-Site Scripting vulnerability in the WAR Forge Warforge.News 1.0

Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-13 CVE-2007-0895 SUN Local Security vulnerability in Solaris

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435.

2.6
2007-02-16 CVE-2007-0710 Apple Resource Management Errors vulnerability in Apple Ichat

The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.

2.1
2007-02-16 CVE-2007-0859 Palm Information Disclosure vulnerability in Palm Treo 650/680/700P

The Find feature in Palm OS Treo smart phones operates despite the system password lock, which allows attackers with physical access to obtain sensitive information (memory contents) by doing (1) text searches or (2) paste operations after pressing certain keyboard shortcut keys.

2.1
2007-02-15 CVE-2007-0958 Linux Local Information Disclosure vulnerability in Linux Kernel BINFMT_ELF PT_INTERP

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.

2.1