Weekly Vulnerabilities Reports > February 19 to 25, 2007
Overview
130 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 153 products from 100 vendors including Microsoft, Cisco, IBM, Linux, and Meetinghouse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Path Traversal".
- 112 reported vulnerabilities are remotely exploitables.
- 32 reported vulnerabilities have public exploit available.
- 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 126 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Virtualsystem has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-24 | CVE-2006-7052 | Keith Reichley | Remote File Include vulnerability in Keith Reichley Dotwidget for Articles 0.2 Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php. | 10.0 |
2007-02-23 | CVE-2006-7036 | Andys Chat | Remote Security vulnerability in Andys Chat Andys Chat 4.5 PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. | 10.0 |
2007-02-23 | CVE-2006-7032 | Tufat | Remote File Include vulnerability in FlashBB PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | 10.0 |
2007-02-23 | CVE-2006-7027 | Microsoft | Remote Security vulnerability in Microsoft ISA Server 2004 Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. | 10.0 |
2007-02-22 | CVE-2007-1073 | Mcrefer | Remote Security vulnerability in McRefer Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php. | 10.0 |
2007-02-22 | CVE-2006-6490 | Supportsoft Symantec | Remote Buffer Overflow vulnerability in SupportSoft ActiveX Controls Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. | 10.0 |
2007-02-22 | CVE-2007-1063 | Cisco | USE of Hard-Coded Credentials vulnerability in Cisco products The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. | 10.0 |
2007-02-22 | CVE-2007-1062 | Cisco | Improper Authentication vulnerability in Cisco products The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time | 10.0 |
2007-02-21 | CVE-2007-1045 | Malbum | Permissions, Privileges, and Access Controls vulnerability in Malbum 0.3 mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges. | 10.0 |
2007-02-21 | CVE-2007-1039 | Peanutkb | Input Validation vulnerability in Peanutkb Peanut Knowledge Base 0.0.1/0.0.2/0.0.3 Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors. | 10.0 |
2007-02-21 | CVE-2007-1070 | Microsoft Trend Micro | Stack Buffer Overflow vulnerability in Trend Micro Serverprotect 5.58/5.61/5.62 Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll. | 10.0 |
2007-02-21 | CVE-2007-1024 | Marcello Vitagliano | Remote File Include vulnerability in Marcello Vitagliano Meganoides News 1.1.1 PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | 10.0 |
2007-02-21 | CVE-2007-1021 | Xfairguy | SQL Injection vulnerability in Xfairguy Codeavalanche News 1.X SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. | 10.0 |
2007-02-21 | CVE-2007-1015 | Aktueldownload | SQL-Injection vulnerability in Aktueldownload Haber Script SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 10.0 |
2007-02-21 | CVE-2007-1014 | Vicftps | Remote Buffer Overflow vulnerability in Vicftps 3.9 Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. | 10.0 |
2007-02-21 | CVE-2007-1013 | Virtualsystem | Remote File Include vulnerability in Virtualsystem Htaccess Passwort Generator 1.1 PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. | 10.0 |
2007-02-20 | CVE-2007-1007 | Ekiga Redhat | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | 10.0 |
2007-02-20 | CVE-2007-1006 | Ekiga | USE of Externally-Controlled Format String vulnerability in Ekiga Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | 10.0 |
2007-02-20 | CVE-2006-5276 | Snort Sourcefire | Stack Buffer Overflow vulnerability in Snort/Sourcefire DCE/RPC Packet Reassembly Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic. | 10.0 |
2007-02-24 | CVE-2006-7064 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | 9.3 |
2007-02-24 | CVE-2006-7061 | Scriptsez NET | Cross-Site Scripting vulnerability in E-Dating System Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | 9.3 |
2007-02-24 | CVE-2006-7046 | Clan Manager PRO | Code Injection vulnerability in Clan Manager PRO Clan Manager PRO 1.1.0 PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. | 9.3 |
2007-02-23 | CVE-2007-0321 | Macrovision | Unspecified vulnerability in Macrovision Flexnet Connect Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method. | 9.3 |
2007-02-23 | CVE-2007-0320 | Macrovision | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Macrovision Installfromtheweb Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents. | 9.3 |
2007-02-23 | CVE-2007-1083 | Verisign | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Verisign Mpki Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method. | 9.3 |
2007-02-22 | CVE-2007-1074 | DJI | Remote Buffer Overflow vulnerability in NewsBin Pro NBI File Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file. | 9.3 |
2007-02-21 | CVE-2007-1041 | Sandh | Buffer Errors vulnerability in Sandh News Rover 12.1 Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string. | 9.3 |
2007-02-21 | CVE-2007-1037 | Rsbr Software | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rsbr-Software News File Grabber Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. | 9.3 |
2007-02-21 | CVE-2007-1018 | Virtualsystem | Remote Security vulnerability in VS-News-System PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. | 9.3 |
2007-02-21 | CVE-2007-1017 | Virtualsystem | Remote File Include vulnerability in VS-News-System Show_News_Inc.PHP PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. | 9.3 |
2007-02-20 | CVE-2007-0325 | Trend Micro | Buffer Errors vulnerability in Trend Micro products Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
53 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-24 | CVE-2006-7062 | Kmail | Remote Security vulnerability in Kmail calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | 7.8 |
2007-02-24 | CVE-2006-7054 | Arkoon | Denial-Of-Service vulnerability in Fast360 The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite. | 7.8 |
2007-02-23 | CVE-2006-5877 | Ubuntu Enigmail | Denial Of Service vulnerability in Enigmail Memory Allocation The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | 7.8 |
2007-02-23 | CVE-2006-7041 | Atrium Software | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. | 7.8 |
2007-02-23 | CVE-2006-7040 | Atrium Software | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service. | 7.8 |
2007-02-23 | CVE-2006-7038 | Atrium Software | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | 7.8 |
2007-02-23 | CVE-2006-7035 | Super Link Exchange Script | Denial-Of-Service vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | 7.8 |
2007-02-23 | CVE-2006-7028 | SUN | Denial-Of-Service vulnerability in Solaris Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. | 7.8 |
2007-02-22 | CVE-2007-1080 | Turbosoft | Denial Of Service And Buffer Overflow vulnerability in Turbosoft Turboftp 5.3.0 Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command. | 7.8 |
2007-02-22 | CVE-2007-1079 | Rhinosoft | Stack Buffer Overflow vulnerability in FTP Voyager CWD Parameter Stack-based buffer overflow in Rhino Software, Inc. | 7.8 |
2007-02-22 | CVE-2007-1075 | Turbosoft | Denial Of Service And Buffer Overflow vulnerability in Turbosoft Turboftp 5.3.0 TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters. | 7.8 |
2007-02-22 | CVE-2007-1071 | Apple | Integer Overflow vulnerability in Apple Mac OS X ImageIO GIF Image Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. | 7.8 |
2007-02-21 | CVE-2007-1030 | Niels Provos | Denial Of Service vulnerability in Niels Provos Libevent 1.2/1.2A Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset. | 7.8 |
2007-02-20 | CVE-2007-0772 | Linux | Resource Management Errors vulnerability in Linux Kernel The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer. | 7.8 |
2007-02-23 | CVE-2007-1085 | Unspecified vulnerability in Google Desktop Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | 7.6 | |
2007-02-21 | CVE-2007-1029 | Quicksoft | Remote Stack Buffer Overflow vulnerability in EasyMail Objects Connect Method Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name. | 7.6 |
2007-02-24 | CVE-2006-7063 | Tinyphpforum | Local File Include vulnerability in TinyPHPForum Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter. | 7.5 |
2007-02-24 | CVE-2006-7057 | Sphider | SQL-Injection vulnerability in Sphider SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2007-02-24 | CVE-2006-7053 | Arkoon | Security Bypass vulnerability in Fast360 Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted." | 7.5 |
2007-02-24 | CVE-2006-7049 | Wikkawiki | Information Disclosure vulnerability in Wikkawiki Method Function The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files. | 7.5 |
2007-02-24 | CVE-2006-7048 | Claroline | Remote Security vulnerability in Claroline 1.7.5 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284. | 7.5 |
2007-02-24 | CVE-2006-7045 | Cmpro Team | Remote Security vulnerability in Clan Manager Pro PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. | 7.5 |
2007-02-24 | CVE-2006-7044 | Cmpro Team | Remote Security vulnerability in Clan Manager Pro PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | 7.5 |
2007-02-23 | CVE-2006-7034 | Apple HP IBM Linux Microsoft Santa Cruz Operation SUN Windriver Super Link Exchange Script | SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | 7.5 |
2007-02-23 | CVE-2006-7025 | Sangwan KIM | SQL Injection vulnerability in Sangwan KIM Bookmark4U 2.0/2.1 SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | 7.5 |
2007-02-22 | CVE-2007-1081 | Typo3 | Unspecified vulnerability in Typo3 The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. | 7.5 |
2007-02-22 | CVE-2007-1078 | Flashgamescript | Code Injection vulnerability in Flashgamescript 1.5.4 PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. | 7.5 |
2007-02-22 | CVE-2007-1077 | Design4Online | SQL Injection vulnerability in Design4Online Userpages2 2.0 SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | 7.5 |
2007-02-22 | CVE-2007-1076 | Phptraffica | Path Traversal vulnerability in PHPtraffica 1.4.1 Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. | 7.5 |
2007-02-21 | CVE-2007-1058 | Online WEB Building | SQL-Injection vulnerability in Online web Building Online web Building 2.0 SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. | 7.5 |
2007-02-21 | CVE-2007-1048 | Phpbb Wordsearch | Remote Security vulnerability in Phpbb Wordsearch PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-02-21 | CVE-2007-1047 | Distributed Checksum Clearinghouse | Data Manipulation vulnerability in Distributed Checksum Clearinghouse DCC Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps. | 7.5 |
2007-02-21 | CVE-2007-1043 | Apple HP IBM Linux Microsoft Santa Cruz Operation SUN Windriver Ezboo | Authentication Bypass vulnerability in Ezboo Webstats 3.0.3 Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | 7.5 |
2007-02-21 | CVE-2007-1040 | Xpression News | Directory Traversal vulnerability in Xpression News Xpression News 1.0.1 Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. | 7.5 |
2007-02-21 | CVE-2007-1036 | Jboss | Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | 7.5 |
2007-02-21 | CVE-2007-1035 | Drupal | Remote Command Execution vulnerability in Drupal Audio And MediaField Modules GetID3 Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors. | 7.5 |
2007-02-21 | CVE-2007-1034 | PHP Nuke | SQL Injection vulnerability in PHP-Nuke Emporium Module SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
2007-02-21 | CVE-2007-1033 | Drupal | Security Bypass vulnerability in Drupal Secure Site Module 4.7/5.0 Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL. | 7.5 |
2007-02-21 | CVE-2007-1026 | Scriptdungeon | SQL Injection vulnerability in Scriptdungeon Xlatunes SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. | 7.5 |
2007-02-21 | CVE-2007-1025 | Virtualsystem | Remote File Include vulnerability in VS-Link-Partner Functions.Inc.PHP PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. | 7.5 |
2007-02-21 | CVE-2007-1023 | Snitz Communications | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.1 SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-21 | CVE-2007-1022 | Turuncu Portal | SQL Injection vulnerability in Turuncu Portal Turuncu Portal 1.0 SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-02-21 | CVE-2007-1016 | Aktueldownload | SQL-Injection vulnerability in Aktueldownload Haber Script SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. | 7.5 |
2007-02-21 | CVE-2007-1011 | VS Gastebuch | Remote File Include vulnerability in VS-Gastebuch Gb_Pfad PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter. | 7.5 |
2007-02-23 | CVE-2007-1089 | Linux Microsoft IBM | Local Security vulnerability in IBM DB2 Universal Database 8.0/9.1 IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. | 7.2 |
2007-02-23 | CVE-2007-1088 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | 7.2 |
2007-02-23 | CVE-2007-1087 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | 7.2 |
2007-02-23 | CVE-2007-1086 | HP IBM Linux Microsoft SUN | Local Privilege Escalation vulnerability in IBM DB2 Universal Database Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | 7.2 |
2007-02-22 | CVE-2007-1072 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco products The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. | 7.2 |
2007-02-22 | CVE-2007-1068 | Cisco Meetinghouse | Credentials Management vulnerability in multiple products The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | 7.2 |
2007-02-22 | CVE-2007-1067 | Cisco Meetinghouse | Multiple vulnerability in Cisco 802.1X Authentication Deployment Products Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. | 7.2 |
2007-02-21 | CVE-2007-1056 | Vmware | Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation 5.5.3Build34685 VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. | 7.2 |
2007-02-22 | CVE-2007-1082 | Ftpx | Resource Management Errors vulnerability in Ftpx FTP Explorer 1.0.1/1.0.1.47 FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command. | 7.1 |
43 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-21 | CVE-2007-1057 | Nortel | Local Privilege Escalation vulnerability in Nortel SSL VPN Net Direct Client The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client. | 6.9 |
2007-02-24 | CVE-2006-7056 | Dreamcost | Remote File Include vulnerability in DreamCost Hostadmin 3.0/3.1 Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php. | 6.8 |
2007-02-24 | CVE-2006-7055 | Sweetphp | Remote File Include vulnerability in TotalCalendar PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922. | 6.8 |
2007-02-24 | CVE-2006-7050 | Wikkawiki | Cross-Site Scripting vulnerability in WikkaWiki Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php. | 6.8 |
2007-02-24 | CVE-2006-7042 | Chipmunk Scripts | Cross-Site Scripting vulnerability in Chipmunk Directory Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. | 6.8 |
2007-02-23 | CVE-2006-7033 | Super Link Exchange Script | Cross-Site Scripting vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box. | 6.8 |
2007-02-23 | CVE-2006-7026 | Avatic | Remote Security vulnerability in Aardvark Topsites Php PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149. | 6.8 |
2007-02-23 | CVE-2007-1084 | Mozilla | Configuration vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. | 6.8 |
2007-02-22 | CVE-2007-1066 | Cisco Meetinghouse | Multiple vulnerability in Cisco 802.1X Authentication Deployment Products Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. | 6.8 |
2007-02-22 | CVE-2007-1065 | Cisco Meetinghouse | Multiple vulnerability in Cisco 802.1X Authentication Deployment Products Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836. | 6.8 |
2007-02-22 | CVE-2007-1064 | Cisco Meetinghouse | Multiple vulnerability in Cisco 802.1X Authentication Deployment Products Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120. | 6.8 |
2007-02-22 | CVE-2007-1061 | Francisco Burzi | SQL Injection vulnerability in PHP-Nuke SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable). | 6.8 |
2007-02-22 | CVE-2007-1060 | Interspire | Remote File Include vulnerability in Interspire SendStudio Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/. | 6.8 |
2007-02-22 | CVE-2007-1059 | Ultimate FUN Book | Remote File Include vulnerability in Ultimate FUN Book Ultimate FUN Book 1.02 PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. | 6.8 |
2007-02-21 | CVE-2007-1055 | Mediawiki | Code Injection vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. | 6.8 |
2007-02-21 | CVE-2007-1054 | Mediawiki | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer. | 6.8 |
2007-02-21 | CVE-2007-1032 | Phpmyfaq | Remote Security vulnerability in phpMyFAQ Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Successful exploitation requires that "register_globals" is enabled. | 6.8 |
2007-02-21 | CVE-2007-1031 | Spoonlabs | Path Traversal vulnerability in Spoonlabs Vivvo Article Management CMS 3.4 Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter. | 6.8 |
2007-02-21 | CVE-2007-1028 | Barry Jaspan | HTML Injection vulnerability in Barry Jaspan Image Pager 4.7/5.0 Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element. | 6.8 |
2007-02-21 | CVE-2007-1020 | Cedstat | Remote File Include vulnerability in Cedstat 1.31 Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. | 6.8 |
2007-02-21 | CVE-2007-1019 | Webspell | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. | 6.8 |
2007-02-21 | CVE-2007-1010 | Zebrafeeds | Remote File Include vulnerability in Zebrafeeds 1.0 Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. | 6.8 |
2007-02-21 | CVE-2007-1042 | Xpression News | Path Traversal vulnerability in Xpression News Xpression News 1.0.1 Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. | 5.8 |
2007-02-24 | CVE-2006-7060 | Scriptsez NET | Remote Security vulnerability in E-Dating System cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message. | 5.0 |
2007-02-24 | CVE-2006-7047 | Shoutpro | Permissions, Privileges, and Access Controls vulnerability in Shoutpro 1.0 include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. | 5.0 |
2007-02-23 | CVE-2006-7039 | Microsoft Atrium Software | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | 5.0 |
2007-02-23 | CVE-2006-7030 | Microsoft | Denial of Service vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. | 5.0 |
2007-02-23 | CVE-2006-7029 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments. | 5.0 |
2007-02-21 | CVE-2007-1046 | DEM Trac | Remote Security vulnerability in Dem Trac Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt. | 5.0 |
2007-02-21 | CVE-2007-1044 | Pearson Education | Information Exposure vulnerability in Pearson Education Powerschool 4.3.6 Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2. | 5.0 |
2007-02-21 | CVE-2007-1038 | Shemes COM | Denial of Service vulnerability in Grabit Field Handling Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. | 5.0 |
2007-02-24 | CVE-2006-7051 | Linux | Denial-Of-Service vulnerability in kernel The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory. | 4.9 |
2007-02-23 | CVE-2007-0843 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information. | 4.6 |
2007-02-21 | CVE-2007-1051 | Comodo | Local Security vulnerability in Comodo Firewall Pro Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value. | 4.6 |
2007-02-23 | CVE-2006-7037 | Microsoft Mathsoft | Local Security vulnerability in Mathsoft Mathcad 12/13/13.1 Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext. | 4.4 |
2007-02-21 | CVE-2007-1027 | IBM | Link Following vulnerability in IBM DB2 9.0 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | 4.4 |
2007-02-24 | CVE-2006-7059 | Scriptsez NET | Cross-Site Scripting vulnerability in Scriptsez.Net E-Dating System Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | 4.3 |
2007-02-24 | CVE-2006-7058 | Sphider | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. | 4.3 |
2007-02-21 | CVE-2007-1050 | Abledesign | Cross-Site Scripting vulnerability in Abledesign Mycalendar Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. | 4.3 |
2007-02-21 | CVE-2007-1049 | Wordpress Gentoo | Cross-Site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. | 4.3 |
2007-02-21 | CVE-2007-1012 | Deskpro | Cross-Site Scripting vulnerability in Deskpro 1.1.0 Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter. | 4.3 |
2007-02-20 | CVE-2007-0988 | PHP Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. | 4.3 |
2007-02-20 | CVE-2007-1004 | Mozilla | Unspecified vulnerability in Mozilla Firefox 2.0 Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-20 | CVE-2007-0007 | Gnucash | Unspecified vulnerability in Gnucash gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files. | 3.6 |
2007-02-24 | CVE-2006-7043 | Chipmunk Scripts | Cross-Site Scripting vulnerability in Chipmunk Blogger Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery. | 3.5 |
2007-02-20 | CVE-2007-1008 | Apple | Remote Denial of Service vulnerability in Apple Itunes 7.0.2 Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. | 2.6 |