Weekly Vulnerabilities Reports > February 19 to 25, 2007

Overview

133 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 155 products from 102 vendors including Microsoft, Cisco, IBM, Linux, and Meetinghouse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Path Traversal".

  • 115 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 129 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • Virtualsystem has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-24 CVE-2006-7052 Keith Reichley Remote File Include vulnerability in Keith Reichley Dotwidget for Articles 0.2

Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.

10.0
2007-02-23 CVE-2006-7036 Andys Chat Remote Security vulnerability in Andys Chat Andys Chat 4.5

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter.

10.0
2007-02-23 CVE-2006-7032 Tufat Remote File Include vulnerability in FlashBB

PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

10.0
2007-02-23 CVE-2006-7027 Microsoft Remote Security vulnerability in Microsoft ISA Server 2004

Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.

10.0
2007-02-22 CVE-2007-1073 Mcrefer Remote Security vulnerability in McRefer

Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.

10.0
2007-02-22 CVE-2006-6490 Supportsoft
Symantec
Remote Buffer Overflow vulnerability in SupportSoft ActiveX Controls

Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

10.0
2007-02-22 CVE-2007-1063 Cisco USE of Hard-Coded Credentials vulnerability in Cisco products

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

10.0
2007-02-22 CVE-2007-1062 Cisco Improper Authentication vulnerability in Cisco products

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

10.0
2007-02-21 CVE-2007-1053 Warped Systems Unspecified vulnerability in Warped Systems PHPxmms 1.0

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php.

10.0
2007-02-21 CVE-2007-1052 Pblang Unspecified vulnerability in Pblang

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062.

10.0
2007-02-21 CVE-2007-1045 Malbum Permissions, Privileges, and Access Controls vulnerability in Malbum 0.3

mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.

10.0
2007-02-21 CVE-2007-1039 Peanutkb Input Validation vulnerability in Peanutkb Peanut Knowledge Base 0.0.1/0.0.2/0.0.3

Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.

10.0
2007-02-21 CVE-2007-1070 Microsoft
Trend Micro
Stack Buffer Overflow vulnerability in Trend Micro Serverprotect 5.58/5.61/5.62

Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.

10.0
2007-02-21 CVE-2007-1024 Marcello Vitagliano Remote File Include vulnerability in Marcello Vitagliano Meganoides News 1.1.1

PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.

10.0
2007-02-21 CVE-2007-1021 Xfairguy SQL Injection vulnerability in Xfairguy Codeavalanche News 1.X

SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.

10.0
2007-02-21 CVE-2007-1015 Aktueldownload SQL-Injection vulnerability in Aktueldownload Haber Script

SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.

10.0
2007-02-21 CVE-2007-1014 Vicftps Remote Buffer Overflow vulnerability in Vicftps 3.9

Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.

10.0
2007-02-21 CVE-2007-1013 Virtualsystem Remote File Include vulnerability in Virtualsystem Htaccess Passwort Generator 1.1

PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.

10.0
2007-02-20 CVE-2007-1007 Ekiga
Redhat
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
10.0
2007-02-20 CVE-2007-1006 Ekiga USE of Externally-Controlled Format String vulnerability in Ekiga

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

10.0
2007-02-20 CVE-2006-5276 Snort
Sourcefire
Stack Buffer Overflow vulnerability in Snort/Sourcefire DCE/RPC Packet Reassembly

Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.

10.0
2007-02-24 CVE-2006-7064 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.

9.3
2007-02-24 CVE-2006-7061 Scriptsez NET Cross-Site Scripting vulnerability in E-Dating System

Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.

9.3
2007-02-24 CVE-2006-7046 Clan Manager PRO Code Injection vulnerability in Clan Manager PRO Clan Manager PRO 1.1.0

PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.

9.3
2007-02-23 CVE-2007-0321 Macrovision Unspecified vulnerability in Macrovision Flexnet Connect

Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.

9.3
2007-02-23 CVE-2007-0320 Macrovision Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Macrovision Installfromtheweb

Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.

9.3
2007-02-23 CVE-2007-1083 Verisign Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Verisign Mpki

Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

9.3
2007-02-22 CVE-2007-1074 DJI Remote Buffer Overflow vulnerability in NewsBin Pro NBI File

Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.

9.3
2007-02-21 CVE-2007-1041 Sandh Buffer Errors vulnerability in Sandh News Rover 12.1

Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.

9.3
2007-02-21 CVE-2007-1037 Rsbr Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rsbr-Software News File Grabber

Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field.

9.3
2007-02-21 CVE-2007-1018 Virtualsystem Remote Security vulnerability in VS-News-System

PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.

9.3
2007-02-21 CVE-2007-1017 Virtualsystem Remote File Include vulnerability in VS-News-System Show_News_Inc.PHP

PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.

9.3
2007-02-20 CVE-2007-0325 Trend Micro Buffer Errors vulnerability in Trend Micro products

Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.

9.3

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-24 CVE-2006-7062 Kmail Remote Security vulnerability in Kmail

calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.

7.8
2007-02-24 CVE-2006-7054 Arkoon Denial-Of-Service vulnerability in Fast360

The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite.

7.8
2007-02-23 CVE-2006-5877 Ubuntu
Enigmail
Denial Of Service vulnerability in Enigmail Memory Allocation

The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.

7.8
2007-02-23 CVE-2006-7041 Atrium Software Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3

The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.

7.8
2007-02-23 CVE-2006-7040 Atrium Software Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3

Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.

7.8
2007-02-23 CVE-2006-7038 Atrium Software Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3

Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.

7.8
2007-02-23 CVE-2006-7035 Super Link Exchange Script Denial-Of-Service vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0

Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter.

7.8
2007-02-23 CVE-2006-7028 SUN Denial-Of-Service vulnerability in Solaris

Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets.

7.8
2007-02-22 CVE-2007-1080 Turbosoft Denial Of Service And Buffer Overflow vulnerability in Turbosoft Turboftp 5.3.0

Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.

7.8
2007-02-22 CVE-2007-1079 Rhinosoft Stack Buffer Overflow vulnerability in FTP Voyager CWD Parameter

Stack-based buffer overflow in Rhino Software, Inc.

7.8
2007-02-22 CVE-2007-1075 Turbosoft Denial Of Service And Buffer Overflow vulnerability in Turbosoft Turboftp 5.3.0

TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.

7.8
2007-02-22 CVE-2007-1071 Apple Integer Overflow vulnerability in Apple Mac OS X ImageIO GIF Image

Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression.

7.8
2007-02-21 CVE-2007-1030 Niels Provos Denial Of Service vulnerability in Niels Provos Libevent 1.2/1.2A

Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.

7.8
2007-02-20 CVE-2007-0772 Linux Resource Management Errors vulnerability in Linux Kernel

The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.

7.8
2007-02-23 CVE-2007-1085 Google Unspecified vulnerability in Google Desktop

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

7.6
2007-02-21 CVE-2007-1029 Quicksoft Remote Stack Buffer Overflow vulnerability in EasyMail Objects Connect Method

Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name.

7.6
2007-02-24 CVE-2006-7063 Tinyphpforum Local File Include vulnerability in TinyPHPForum

Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.

7.5
2007-02-24 CVE-2006-7057 Sphider SQL-Injection vulnerability in Sphider

SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2007-02-24 CVE-2006-7053 Arkoon Security Bypass vulnerability in Fast360

Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted."

7.5
2007-02-24 CVE-2006-7049 Wikkawiki Information Disclosure vulnerability in Wikkawiki Method Function

The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files.

7.5
2007-02-24 CVE-2006-7048 Claroline Remote Security vulnerability in Claroline 1.7.5

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284.

7.5
2007-02-24 CVE-2006-7045 Cmpro Team Remote Security vulnerability in Clan Manager Pro

PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php.

7.5
2007-02-24 CVE-2006-7044 Cmpro Team Remote Security vulnerability in Clan Manager Pro

PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

7.5
2007-02-23 CVE-2006-7034 Apple
HP
IBM
Linux
Microsoft
Santa Cruz Operation
SUN
Windriver
Super Link Exchange Script
SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.

7.5
2007-02-23 CVE-2006-7025 Sangwan KIM SQL Injection vulnerability in Sangwan KIM Bookmark4U 2.0/2.1

SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.

7.5
2007-02-22 CVE-2007-1081 Typo3 Unspecified vulnerability in Typo3

The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors.

7.5
2007-02-22 CVE-2007-1078 Flashgamescript Code Injection vulnerability in Flashgamescript 1.5.4

PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.

7.5
2007-02-22 CVE-2007-1077 Design4Online SQL Injection vulnerability in Design4Online Userpages2 2.0

SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.

7.5
2007-02-22 CVE-2007-1076 Phptraffica Path Traversal vulnerability in PHPtraffica 1.4.1

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a ..

7.5
2007-02-21 CVE-2007-1058 Online WEB Building SQL-Injection vulnerability in Online web Building Online web Building 2.0

SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.

7.5
2007-02-21 CVE-2007-1048 Phpbb Wordsearch Remote Security vulnerability in Phpbb Wordsearch

PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-02-21 CVE-2007-1047 Distributed Checksum Clearinghouse Data Manipulation vulnerability in Distributed Checksum Clearinghouse DCC

Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.

7.5
2007-02-21 CVE-2007-1043 Apple
HP
IBM
Linux
Microsoft
Santa Cruz Operation
SUN
Windriver
Ezboo
Authentication Bypass vulnerability in Ezboo Webstats 3.0.3

Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

7.5
2007-02-21 CVE-2007-1040 Xpression News Directory Traversal vulnerability in Xpression News Xpression News 1.0.1

Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a ..

7.5
2007-02-21 CVE-2007-1036 Jboss Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server

The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

7.5
2007-02-21 CVE-2007-1035 Drupal Remote Command Execution vulnerability in Drupal Audio And MediaField Modules GetID3

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

7.5
2007-02-21 CVE-2007-1034 PHP Nuke SQL Injection vulnerability in PHP-Nuke Emporium Module

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2007-02-21 CVE-2007-1033 Drupal Security Bypass vulnerability in Drupal Secure Site Module 4.7/5.0

Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.

7.5
2007-02-21 CVE-2007-1026 Scriptdungeon SQL Injection vulnerability in Scriptdungeon Xlatunes

SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode.

7.5
2007-02-21 CVE-2007-1025 Virtualsystem Remote File Include vulnerability in VS-Link-Partner Functions.Inc.PHP

PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.

7.5
2007-02-21 CVE-2007-1023 Snitz Communications SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 3.1

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-02-21 CVE-2007-1022 Turuncu Portal SQL Injection vulnerability in Turuncu Portal Turuncu Portal 1.0

SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-02-21 CVE-2007-1016 Aktueldownload SQL-Injection vulnerability in Aktueldownload Haber Script

SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters.

7.5
2007-02-21 CVE-2007-1011 VS Gastebuch Remote File Include vulnerability in VS-Gastebuch Gb_Pfad

PHP remote file inclusion vulnerability in functions_inc.php in VS-Gastebuch 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad parameter.

7.5
2007-02-23 CVE-2007-1089 Linux
Microsoft
IBM
Local Security vulnerability in IBM DB2 Universal Database 8.0/9.1

IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

7.2
2007-02-23 CVE-2007-1088 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

7.2
2007-02-23 CVE-2007-1087 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

7.2
2007-02-23 CVE-2007-1086 HP
IBM
Linux
Microsoft
SUN
Local Privilege Escalation vulnerability in IBM DB2 Universal Database

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

7.2
2007-02-22 CVE-2007-1072 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors.

7.2
2007-02-22 CVE-2007-1068 Cisco
Meetinghouse
Credentials Management vulnerability in multiple products

The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

7.2
2007-02-22 CVE-2007-1067 Cisco
Meetinghouse
Multiple vulnerability in Cisco 802.1X Authentication Deployment Products

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.

7.2
2007-02-21 CVE-2007-1056 Vmware Permissions, Privileges, and Access Controls vulnerability in VMWare Workstation 5.5.3Build34685

VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service.

7.2
2007-02-22 CVE-2007-1082 Ftpx Resource Management Errors vulnerability in Ftpx FTP Explorer 1.0.1/1.0.1.47

FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.

7.1

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-21 CVE-2007-1057 Nortel Local Privilege Escalation vulnerability in Nortel SSL VPN Net Direct Client

The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.

6.9
2007-02-24 CVE-2006-7056 Dreamcost Remote File Include vulnerability in DreamCost Hostadmin 3.0/3.1

Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and (2) members.php.

6.8
2007-02-24 CVE-2006-7055 Sweetphp Remote File Include vulnerability in TotalCalendar

PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922.

6.8
2007-02-24 CVE-2006-7050 Wikkawiki Cross-Site Scripting vulnerability in WikkaWiki

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php.

6.8
2007-02-24 CVE-2006-7042 Chipmunk Scripts Cross-Site Scripting vulnerability in Chipmunk Directory

Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.

6.8
2007-02-23 CVE-2006-7033 Super Link Exchange Script Cross-Site Scripting vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0

Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box.

6.8
2007-02-23 CVE-2006-7026 Avatic Remote Security vulnerability in Aardvark Topsites Php

PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.

6.8
2007-02-23 CVE-2007-1084 Mozilla Configuration vulnerability in Mozilla Firefox

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

6.8
2007-02-22 CVE-2007-1066 Cisco
Meetinghouse
Multiple vulnerability in Cisco 802.1X Authentication Deployment Products

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

6.8
2007-02-22 CVE-2007-1065 Cisco
Meetinghouse
Multiple vulnerability in Cisco 802.1X Authentication Deployment Products

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

6.8
2007-02-22 CVE-2007-1064 Cisco
Meetinghouse
Multiple vulnerability in Cisco 802.1X Authentication Deployment Products

Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

6.8
2007-02-22 CVE-2007-1061 Francisco Burzi SQL Injection vulnerability in PHP-Nuke

SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).

6.8
2007-02-22 CVE-2007-1060 Interspire Remote File Include vulnerability in Interspire SendStudio

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

6.8
2007-02-22 CVE-2007-1059 Ultimate FUN Book Remote File Include vulnerability in Ultimate FUN Book Ultimate FUN Book 1.02

PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter.

6.8
2007-02-21 CVE-2007-1055 Mediawiki Code Injection vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter.

6.8
2007-02-21 CVE-2007-1054 Mediawiki Cross-Site Scripting vulnerability in Mediawiki

Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

6.8
2007-02-21 CVE-2007-1032 Phpmyfaq Remote Security vulnerability in phpMyFAQ

Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when register_globals is enabled, allows remote attackers to "gain the privilege for uploading files on the server." Successful exploitation requires that "register_globals" is enabled.

6.8
2007-02-21 CVE-2007-1031 Spoonlabs Path Traversal vulnerability in Spoonlabs Vivvo Article Management CMS 3.4

Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.

6.8
2007-02-21 CVE-2007-1028 Barry Jaspan HTML Injection vulnerability in Barry Jaspan Image Pager 4.7/5.0

Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image Pager 4.7.x-1.x-dev and 5.x-1.x-dev before 2007-02-08 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTML entities and the IMG element.

6.8
2007-02-21 CVE-2007-1020 Cedstat Remote File Include vulnerability in Cedstat 1.31

Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.

6.8
2007-02-21 CVE-2007-1019 Webspell SQL Injection vulnerability in Webspell 4.01.02

SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.

6.8
2007-02-21 CVE-2007-1010 Zebrafeeds Remote File Include vulnerability in Zebrafeeds 1.0

Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.

6.8
2007-02-21 CVE-2007-1042 Xpression News Path Traversal vulnerability in Xpression News Xpression News 1.0.1

Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a ..

5.8
2007-02-24 CVE-2006-7060 Scriptsez NET Remote Security vulnerability in E-Dating System

cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message.

5.0
2007-02-24 CVE-2006-7047 Shoutpro Permissions, Privileges, and Access Controls vulnerability in Shoutpro 1.0

include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file.

5.0
2007-02-23 CVE-2006-7039 Microsoft
Atrium Software
Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3

The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.

5.0
2007-02-23 CVE-2006-7031 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.

5.0
2007-02-23 CVE-2006-7030 Microsoft Denial of Service vulnerability in Microsoft IE 6.0

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll.

5.0
2007-02-23 CVE-2006-7029 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a frameset with only one frame that calls resizeTo with certain arguments.

5.0
2007-02-21 CVE-2007-1046 DEM Trac Remote Security vulnerability in Dem Trac

Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.

5.0
2007-02-21 CVE-2007-1044 Pearson Education Information Exposure vulnerability in Pearson Education Powerschool 4.3.6

Pearson Education PowerSchool 4.3.6 allows remote attackers to list the contents of the admin folder via a URI composed of the admin/ directory name and an arbitrary filename ending in ".js." NOTE: it was later reported that this issue had been addressed by 5.1.2.

5.0
2007-02-21 CVE-2007-1038 Shemes COM Denial of Service vulnerability in Grabit Field Handling

Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters.

5.0
2007-02-24 CVE-2006-7051 Linux Denial-Of-Service vulnerability in kernel

The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory.

4.9
2007-02-23 CVE-2007-0843 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

4.6
2007-02-21 CVE-2007-1051 Comodo Local Security vulnerability in Comodo Firewall Pro

Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.

4.6
2007-02-23 CVE-2006-7037 Microsoft
Mathsoft
Local Security vulnerability in Mathsoft Mathcad 12/13/13.1

Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.

4.4
2007-02-21 CVE-2007-1027 IBM Link Following vulnerability in IBM DB2 9.0

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

4.4
2007-02-24 CVE-2006-7059 Scriptsez NET Cross-Site Scripting vulnerability in Scriptsez.Net E-Dating System

Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (&#0000039) in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php.

4.3
2007-02-24 CVE-2006-7058 Sphider Cross-Site Scripting vulnerability in Sphider

Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html.

4.3
2007-02-21 CVE-2007-1050 Abledesign Cross-Site Scripting vulnerability in Abledesign Mycalendar

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.

4.3
2007-02-21 CVE-2007-1049 Wordpress
Gentoo
Cross-Site Scripting vulnerability in Wordpress

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

4.3
2007-02-21 CVE-2007-1012 Deskpro Cross-Site Scripting vulnerability in Deskpro 1.1.0

Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.

4.3
2007-02-20 CVE-2007-0988 PHP
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.

4.3
2007-02-20 CVE-2007-1004 Mozilla Unspecified vulnerability in Mozilla Firefox 2.0

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-02-20 CVE-2007-0007 Gnucash Unspecified vulnerability in Gnucash

gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

3.6
2007-02-24 CVE-2006-7043 Chipmunk Scripts Cross-Site Scripting vulnerability in Chipmunk Blogger

Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.

3.5
2007-02-20 CVE-2007-1008 Apple Remote Denial of Service vulnerability in Apple Itunes 7.0.2

Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption.

2.6