Weekly Vulnerabilities Reports > February 26 to March 4, 2007
Overview
202 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 61 high severity vulnerabilities. This weekly summary report vulnerabilities in 178 products from 136 vendors including WEB APP ORG, Mozilla, Microsoft, Canonical, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", and "SQL Injection".
- 186 reported vulnerabilities are remotely exploitables.
- 42 reported vulnerabilities have public exploit available.
- 31 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 190 reported vulnerabilities are exploitable by an anonymous user.
- WEB APP ORG has the most reported vulnerabilities, with 16 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-03 | CVE-2007-1257 | Cisco | Improper Input Validation vulnerability in Cisco products The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. | 10.0 |
2007-03-02 | CVE-2007-1225 | Grok Developments | Unspecified vulnerability in Grok Developments Netproxy 4.03 The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection. | 10.0 |
2007-03-02 | CVE-2007-1160 | Webspell | Improper Authentication vulnerability in Webspell 4.0 webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 10.0 |
2007-03-02 | CVE-2007-1139 | Cromosoft | Code Injection vulnerability in Cromosoft Simple Plantilla PHP Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension. | 10.0 |
2007-03-02 | CVE-2007-1134 | Watchtower | Authentication Bypass vulnerability in Watchtower 0.1 Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts." Watchtower is prone to an unspecified authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized access to the application. Versions prior to 0.12 are vulnerable. | 10.0 |
2007-03-02 | CVE-2006-7097 | Taskfreak | Remote Security vulnerability in Taskfreak 0.1/0.1.2 Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | 10.0 |
2007-03-02 | CVE-2006-7096 | Klink | Denial-Of-Service vulnerability in Dim3 Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | 10.0 |
2007-03-02 | CVE-2006-7095 | Klink | Denial-Of-Service vulnerability in Dim3 Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow. | 10.0 |
2007-03-02 | CVE-2006-3892 | EMC | Remote Authentication Bypass vulnerability in EMC Networker 7.3.2 The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. | 10.0 |
2007-02-27 | CVE-2007-1117 | Microsoft | Remote Code Execution vulnerability in Microsoft Publisher 2007 Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. | 10.0 |
2007-02-26 | CVE-2007-1097 | Wiclear | Improper Input Validation vulnerability in Wiclear Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename validation. | 10.0 |
2007-02-26 | CVE-2007-1093 | Hitachi Microsoft HP SUN | Code Injection vulnerability in Hitachi products Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. | 10.0 |
2007-03-02 | CVE-2006-7079 | Exv2 | Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable. | 9.8 |
2007-03-02 | CVE-2007-1140 | Barekoncept | Path Traversal vulnerability in Barekoncept Pheap Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. | 9.4 |
2007-03-03 | CVE-2007-1253 | Blender | Code Injection vulnerability in Blender 2.25/2.36/2.37A Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. | 9.3 |
2007-03-03 | CVE-2007-1252 | Symantec | Unspecified vulnerability in Symantec Mail Security 5.0 Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. | 9.3 |
2007-03-03 | CVE-2007-1251 | Netrek | USE of Externally-Controlled Format String vulnerability in Netrek Vanilla Server 2.12.0 Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling. | 9.3 |
2007-03-02 | CVE-2007-1197 | Epiware | Cross-Site Scripting vulnerability in Epiware 4.6.6/4.7 Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues. | 9.3 |
2007-03-02 | CVE-2007-1196 | Citrix | Remote Code Execution vulnerability in Citrix Presentation Server Client Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | 9.3 |
2007-03-02 | CVE-2007-1193 | Orangehrm | Multiple Unspecified vulnerability in Orangehrm 2.1 Multiple unspecified vulnerabilities in the Login page in OrangeHRM before 20070212 have unknown impact and attack vectors. | 9.3 |
2007-02-27 | CVE-2007-1120 | Steema Software | Insecure Methods vulnerability in Steema Software Teechart PRO 7.0.1.3 The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. | 9.3 |
2007-02-26 | CVE-2007-0777 | Mozilla Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. | 9.3 |
2007-02-26 | CVE-2007-0776 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. | 9.3 |
2007-02-26 | CVE-2007-1092 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | 9.3 |
61 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-02 | CVE-2006-7094 | Gentoo Ftpd Debian | Remote Security vulnerability in Ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors. | 8.5 |
2007-03-02 | CVE-2007-1162 | Common Controls Replacement Project | Buffer Overflow vulnerability in BrowseDialog ActiveX Control CCRPBDS6.DLL A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371. | 7.8 |
2007-03-02 | CVE-2007-1143 | Jeunes Webmasters | Path Traversal vulnerability in Jeunes-Webmasters J-Web Pics Navigator 1.0 Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. | 7.8 |
2007-03-02 | CVE-2007-1005 | Broadcom CA | Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp). | 7.8 |
2007-02-26 | CVE-2007-1100 | Pickle | Local File Include vulnerability in Pickle Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-02-26 | CVE-2007-1098 | Scrymud | Denial-Of-Service vulnerability in Scrymud Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence. | 7.8 |
2007-02-26 | CVE-2007-1094 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document. | 7.8 |
2007-03-03 | CVE-2007-1246 | Mplayer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mplayer The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. | 7.6 |
2007-03-02 | CVE-2007-1157 | Jboss | Cross-Site Request Forgery (CSRF) vulnerability in Jboss Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | 7.6 |
2007-03-03 | CVE-2007-1261 | Openbiblio | Permissions, Privileges, and Access Controls vulnerability in Openbiblio Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors. | 7.5 |
2007-03-03 | CVE-2007-1260 | Webmod | Stack Buffer Overflow vulnerability in Webmod 0.48 Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header. | 7.5 |
2007-03-03 | CVE-2006-7107 | Coalescent Systems | Remote File Include vulnerability in Coalescent Systems Freepbx 2.1.3 PHP remote file inclusion vulnerability in upgrade.php in Coalescent Systems freePBX 2.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the amp_conf[AMPWEBROOT] parameter. | 7.5 |
2007-03-03 | CVE-2006-7106 | Powerphlogger | Code Injection vulnerability in Powerphlogger PHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | 7.5 |
2007-03-03 | CVE-2006-7104 | Mambo | Code Injection vulnerability in Mambo Mostlyce 4.5.4 PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2007-03-03 | CVE-2006-7102 | Matthias Dietrich | Code Injection vulnerability in Matthias Dietrich PHPburningportal Quiz-Modul Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php. | 7.5 |
2007-03-03 | CVE-2006-7101 | Phpwind | SQL-Injection vulnerability in PHPWind SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie. | 7.5 |
2007-03-03 | CVE-2007-1259 | WEB APP ORG | Remote Security vulnerability in WebAPP Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors. | 7.5 |
2007-03-03 | CVE-2007-1250 | Angel Learning | SQL Injection vulnerability in Angel Learning Management Suite 7.1 SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-03-03 | CVE-2007-1243 | Audins Audiens | Input Validation vulnerability in Audins Audiens Audins Audiens 3.3 Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. | 7.5 |
2007-03-03 | CVE-2007-1242 | Audins Audiens | SQL-Injection vulnerability in Audins Audiens Audins Audiens 3.3 SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. | 7.5 |
2007-03-03 | CVE-2007-1235 | BJ Sintay | Improper Input Validation vulnerability in BJ Sintay Sitex 0.7.3 Unrestricted file upload vulnerability in sitex allows remote attackers to upload arbitrary PHP code via an avatar filename with a double extension such as .php.jpg, which fails verification and is saved as a .php file. | 7.5 |
2007-03-03 | CVE-2007-1233 | Stwc Counter | Code Injection vulnerability in Stwc-Counter PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | 7.5 |
2007-03-02 | CVE-2007-1219 | Admin Phorum | Remote File Include vulnerability in Admin Phorum Admin Phorum 3.3.1A PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 7.5 |
2007-03-02 | CVE-2007-1195 | Dxmsoft | Unspecified vulnerability in Dxmsoft XM Easy Personal FTP Server 5.0.1/5.2.1/5.3 Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-03-02 | CVE-2007-1188 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote attackers to submit Search form input that is not checked for (1) composition or (2) length, which has unknown impact, possibly related to "search form hijacking". | 7.5 |
2007-03-02 | CVE-2007-1183 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote authenticated users to spoof another user's Real Name via whitespace, which has unknown impact and attack vectors. | 7.5 |
2007-03-02 | CVE-2007-1178 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. | 7.5 |
2007-03-02 | CVE-2007-1171 | Nukescripts | SQL Injection vulnerability in Nukescripts Nukesentinel SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie. | 7.5 |
2007-03-02 | CVE-2007-1168 | Trend Micro | Authentication Bypass vulnerability in Trend Micro Serverprotect 1.2520070216/1.3/2.5 Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp). | 7.5 |
2007-03-02 | CVE-2007-1166 | Nabocorp | SQL Injection vulnerability in Nabocorp Nabopoll 1.2 SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter. | 7.5 |
2007-03-02 | CVE-2007-1165 | Dbscripts | Code Injection vulnerability in Dbscripts Dbguestbook 1.1 Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. | 7.5 |
2007-03-02 | CVE-2007-1164 | Dbscripts | Code Injection vulnerability in Dbscripts Dbimagegallery 1.2.2 Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/. | 7.5 |
2007-03-02 | CVE-2007-1163 | Webspell | SQL Injection vulnerability in Webspell 4.0/4.01.00/4.01.01 SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | 7.5 |
2007-03-02 | CVE-2007-1156 | MAN Machine Systems | Unspecified vulnerability in MAN Machine Systems Jbrowser JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/. | 7.5 |
2007-03-02 | CVE-2007-1153 | Cutephp | Code Injection vulnerability in Cutephp Cutenews 1.3.6 Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. | 7.5 |
2007-03-02 | CVE-2007-1148 | Lovecms | Code Injection vulnerability in Lovecms 1.4 PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | 7.5 |
2007-03-02 | CVE-2007-1147 | HBM | Code Injection vulnerability in HBM PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | 7.5 |
2007-03-02 | CVE-2007-1146 | Delmaa COM | Remote Security vulnerability in Arabhost PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter. | 7.5 |
2007-03-02 | CVE-2007-1141 | Reamday Enterprises | Code Injection vulnerability in Reamday Enterprises Magic News Plus 1.0.2 PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. | 7.5 |
2007-03-02 | CVE-2006-7091 | Hinton Design | Remote File Include vulnerability in Hinton Design PHPht Topsites Free 1.022B PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. | 7.5 |
2007-03-02 | CVE-2006-7089 | BAN | SQL Injection vulnerability in BAN 0.1 SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-03-02 | CVE-2006-7088 | Simple PHP Forum | SQL-Injection vulnerability in Simple PHP Forum Simple PHP Forum 0.1/0.2/0.3 Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | 7.5 |
2007-03-02 | CVE-2006-7082 | Rigter Portal System | File-Upload vulnerability in Rigter Portal System 1.0/2.0/3.0 Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php. | 7.5 |
2007-03-02 | CVE-2006-7081 | Phpnews | Remote File Include vulnerability in PHPnews 1.0 Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 allow remote attackers to execute arbitrary PHP code via the Include parameter to (1) Include/lib.inc.php3 and (2) Include/variables.php3. | 7.5 |
2007-03-02 | CVE-2006-7074 | Smartsitecms | USE of Hard-Coded Credentials vulnerability in Smartsitecms 1.0 admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. | 7.5 |
2007-03-02 | CVE-2006-7071 | Invision Power Services | SQL-Injection vulnerability in Invision Power Board SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter. | 7.5 |
2007-03-02 | CVE-2006-7070 | Etomite | Improper Input Validation vulnerability in Etomite 0.6 Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function. | 7.5 |
2007-03-02 | CVE-2006-7069 | Socketwiz | Remote File Include vulnerability in Socketwiz Bookmarks Smarty_Config.PHP PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter. | 7.5 |
2007-03-02 | CVE-2006-7068 | Cliserv | Remote File Include vulnerability in CliServ Web Community PHP remote file inclusion vulnerability in CliServ Web Community 0.65 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cl_headers parameter to (1) menu.php3 and (2) login.php3. | 7.5 |
2007-02-27 | CVE-2007-1133 | Scripter CH | Remote File Include vulnerability in Fcring 1.3/1.31 PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter. | 7.5 |
2007-02-27 | CVE-2007-1131 | Scripter CH | Remote File Include vulnerability in Scripter.Ch Sinapis Forum 2.2 PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | 7.5 |
2007-02-27 | CVE-2007-1130 | Scipter CH | Remote File Include vulnerability in Scipter.Ch Gastebuch 2.2 PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter. | 7.5 |
2007-02-27 | CVE-2007-1129 | Mtcms | Input Validation vulnerability in Mtcms 3.2 Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action. | 7.5 |
2007-02-27 | CVE-2007-1123 | Zpanel | Remote File Include vulnerability in Zpanel 2.0 Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. | 7.5 |
2007-02-26 | CVE-2007-1107 | Coppermine | SQL Injection vulnerability in Coppermine Photo Gallery ThumbNails.PHP SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. | 7.5 |
2007-02-26 | CVE-2007-1099 | Dropbear SSH Project | Unspecified vulnerability in Dropbear SSH Project Dropbear SSH dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks. | 7.5 |
2007-03-02 | CVE-2007-1222 | Apple Parallels | Local Security vulnerability in Parallels Desktop for Mac OS X Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | 7.2 |
2007-03-02 | CVE-2007-1221 | Microsoft | Privilege Escalation vulnerability in Microsoft Xbox 360 4532/4548 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection. | 7.2 |
2007-03-02 | CVE-2007-1189 | Bell Labs | Local Integer Overflow vulnerability in Plan 9 Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions. | 7.2 |
2007-03-02 | CVE-2006-7066 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. | 7.1 |
2007-02-26 | CVE-2007-1090 | Microsoft | Denial of Service vulnerability in Microsoft Windows Explorer WMF File Handling Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder. | 7.1 |
113 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-02 | CVE-2007-1217 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service (crash) and possibly gain privileges via a crafted CAPI packet. | 6.9 |
2007-03-03 | CVE-2006-7100 | Phpbb | Code Injection vulnerability in PHPbb Insert User PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
2007-03-03 | CVE-2007-1256 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox 2.0/2.0.0.1/2.0.0.2 Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | 6.8 |
2007-03-03 | CVE-2007-1249 | Contelligent | Race Condition vulnerability in Contelligent C1 Financial Services 9.1.4 MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | 6.8 |
2007-03-03 | CVE-2007-1247 | Aweb Labs | Code Injection vulnerability in Aweb Labs Awebnews 1.5 Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. | 6.8 |
2007-03-03 | CVE-2007-1244 | Wordpress | Cross-Site Scripting vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. | 6.8 |
2007-03-02 | CVE-2007-1218 | Tcpdump | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. | 6.8 |
2007-03-02 | CVE-2007-1190 | Bsalsa | Remote Code Execution vulnerability in EmbeddedWB Web Browser ActiveX Control Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-03-02 | CVE-2007-1154 | Webspell | SQL Injection vulnerability in Webspell SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782. | 6.8 |
2007-03-02 | CVE-2007-1136 | Webmplayer | Improper Input Validation vulnerability in Webmplayer index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. | 6.8 |
2007-03-02 | CVE-2007-1135 | Sourceforge | Input Validation vulnerability in WebMplayer Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. | 6.8 |
2007-03-02 | CVE-2006-7090 | Phpbb Security | Code Injection vulnerability in PHPbb Security PHPbb Security PHP remote file inclusion vulnerability in phpbb_security.php in phpBB Security 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the php_root_path parameter. | 6.8 |
2007-03-02 | CVE-2006-7077 | Phpbb Group | SQL-Injection vulnerability in PHPbb Group PHPbb Advanced Guestbook 2.4.0 SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. | 6.8 |
2007-03-02 | CVE-2006-7075 | Aqualung | Remote Security vulnerability in Aqualung 0.9Beta5 Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file. | 6.8 |
2007-02-27 | CVE-2007-1118 | Efiction | Remote File Include vulnerability in EFiction Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php. | 6.8 |
2007-02-26 | CVE-2007-0780 | Mozilla Canonical | Cross-Site Scripting vulnerability in multiple products browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | 6.8 |
2007-02-26 | CVE-2007-0009 | Mozilla Debian Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | 6.8 |
2007-02-26 | CVE-2007-0008 | Mozilla | Numeric Errors vulnerability in Mozilla products Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. | 6.8 |
2007-02-26 | CVE-2007-1111 | Activecalendar | Cross-Site Scripting vulnerability in Activecalendar 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/. | 6.8 |
2007-02-26 | CVE-2007-1108 | CS Gallery | Remote File Include vulnerability in CS-Gallery PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. | 6.8 |
2007-02-26 | CVE-2007-1106 | Nomoketos Rules | Remote File Include vulnerability in Nomoketos Rules Nomoketos Rules 0.0.1 PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
2007-02-26 | CVE-2007-1095 | Mozilla | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | 6.8 |
2007-02-26 | CVE-2007-1091 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers. | 6.8 |
2007-03-03 | CVE-2006-7098 | Debian | Permissions, Privileges, and Access Controls vulnerability in Debian Apache 1.3.34.4 The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl. | 6.6 |
2007-03-02 | CVE-2007-1227 | Mcafee | Permissions, Privileges, and Access Controls vulnerability in Mcafee Virex 6.2 VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands. | 6.6 |
2007-03-03 | CVE-2007-1254 | Connectix | SQL-Injection vulnerability in Connectix Boards SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php. | 6.5 |
2007-03-03 | CVE-2007-1236 | Sitex | Information Disclosure vulnerability in SiteX sitex allows remote attackers to obtain sensitive information via a request with a numerical value for the (1) sxMonth[] or (2) sxYear[] parameter to calendar.php, or the (3) page[] parameter to calendar_events.php, which reveals the path in various error messages. | 6.4 |
2007-03-02 | CVE-2007-1182 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest profile, which has unknown impact. | 6.4 |
2007-03-02 | CVE-2007-1172 | Nukescripts | SQL-Injection vulnerability in Nukescripts Nukesentinel 2.5.05 SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit." | 6.4 |
2007-02-27 | CVE-2007-1127 | Watersweb Shops | Local File Include vulnerability in Watersweb Shops Shop KIT Plus Initial Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. | 6.4 |
2007-02-27 | CVE-2007-1122 | Zephyrsoft Toolbox | SQL-Injection vulnerability in Address Book Continued 1.00/1.01 Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. | 6.4 |
2007-02-27 | CVE-2007-1121 | Zephyrsoft Toolbox | SQL Injection vulnerability in ZephyrSoft Toolbox Address Book Continued 1.00/1.01 Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. | 6.4 |
2007-02-27 | CVE-2007-1119 | Novell | Unspecified vulnerability in Novell Zenworks 7 Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors. | 6.4 |
2007-02-26 | CVE-2007-0779 | Mozilla | Remote vulnerability in Mozilla Thunderbird/SeaMonkey/Firefox GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | 6.4 |
2007-03-02 | CVE-2007-1220 | Microsoft | Privilege Escalation vulnerability in Microsoft Xbox 360 4532/4548 The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not properly verify the parameters passed to the syscall dispatcher, which allows attackers with physical access to bypass code-signing requirements and execute arbitrary code. | 6.2 |
2007-03-03 | CVE-2007-1258 | Cisco | Denial-Of-Service vulnerability in IOS Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. | 6.1 |
2007-03-03 | CVE-2007-1255 | Connectix | SQL-Injection vulnerability in Connectix Boards Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. | 6.0 |
2007-03-02 | CVE-2006-7067 | Oracle | Local Security vulnerability in Oracle Database Server 10.2.1 Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. | 6.0 |
2007-03-03 | CVE-2007-1241 | Audins Audiens | Input Validation vulnerability in Audins Audiens Audins Audiens 3.3 Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 5.8 |
2007-03-02 | CVE-2007-1230 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.1 Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049. | 5.8 |
2007-03-02 | CVE-2007-1177 | WEB APP ORG | Cross-Site Scripting vulnerability in WebAPP WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery, which has unknown impact and remote attack vectors, possibly related to cross-site scripting (XSS). | 5.8 |
2007-02-27 | CVE-2007-0996 | Mozilla | Remote vulnerability in Mozilla Thunderbird/SeaMonkey/Firefox The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 5.8 |
2007-03-02 | CVE-2007-1187 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 allows remote authenticated users, without admin privileges, to obtain sensitive information via (1) the Forum Archive feature and (2) Recent Searches. | 5.5 |
2007-02-26 | CVE-2007-0778 | Mozilla Canonical Debian | Information Exposure vulnerability in multiple products The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. | 5.4 |
2007-03-03 | CVE-2007-1232 | Sqlite Manager | Local File Include vulnerability in Sqlite Manager Sqlite Manager 1.2 Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. | 5.1 |
2007-03-03 | CVE-2007-1237 | BJ Sintay | Information Exposure vulnerability in BJ Sintay Sitex 0.7.3 sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error. | 5.0 |
2007-03-03 | CVE-2006-7099 | Solarpay | Local File Include vulnerability in Solarpay . Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. | 5.0 |
2007-03-02 | CVE-2007-1224 | Grok Developments | Unspecified vulnerability in Grok Developments Netproxy 4.03 Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80). | 5.0 |
2007-03-02 | CVE-2007-1223 | Hitachi IBM SUN | Denial-Of-Service vulnerability in OSAS/FT/W Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port". | 5.0 |
2007-03-02 | CVE-2007-1192 | Hyperbook | Information Disclosure vulnerability in Hyperbook Guestbook 1.30 Thomas R. | 5.0 |
2007-03-02 | CVE-2007-1186 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not "censor" the Latest Member real name, which has unknown impact. | 5.0 |
2007-03-02 | CVE-2007-1185 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors. | 5.0 |
2007-03-02 | CVE-2007-1184 | WEB APP ORG | Configuration vulnerability in Web-App.Org Webapp The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. | 5.0 |
2007-03-02 | CVE-2007-1181 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the username through Edit Profile forms, which has unknown impact and attack vectors. | 5.0 |
2007-03-02 | CVE-2007-1179 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not properly manage e-mail addresses in certain contexts related to (1) the Recommend feature, Email Article (2) senders and (3) recipients, (4) New User Approval, (5) Edit Profiles, (6) the Newsletter Subscription form, (7) the Recommend form, and (8) sending of articles, which has unknown impact, and remote attack vectors related to spam attacks and possibly other attacks. | 5.0 |
2007-03-02 | CVE-2007-1170 | Simbin | Games Denial Of Service vulnerability in SimBin Development Team SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port. | 5.0 |
2007-03-02 | CVE-2007-1169 | Trend Micro | Remote Security vulnerability in Trend Micro Serverprotect 1.2520070216 The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network. | 5.0 |
2007-03-02 | CVE-2007-1167 | Dzcp | Information Exposure vulnerability in Dzcp Dev!L'Z Clanportal inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter. | 5.0 |
2007-03-02 | CVE-2007-1158 | Postnuke Software Foundation | Local File Include vulnerability in Pagesetter 6.2/6.3.0 Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-02 | CVE-2007-1152 | Pyrophobia | Path Traversal vulnerability in Pyrophobia 2.1.3.1 Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-02 | CVE-2007-1149 | Lovecms | Path Traversal vulnerability in Lovecms 1.4 Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-02 | CVE-2007-1144 | Comscripts | Path Traversal vulnerability in Comscripts J-Web Pics Navigator 1.0/2.0 Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. | 5.0 |
2007-03-02 | CVE-2007-1138 | Cromosoft | Path Traversal vulnerability in Cromosoft Simple Plantilla PHP Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter. | 5.0 |
2007-03-02 | CVE-2007-1137 | Sourceforge | Unspecified vulnerability in Sourceforge Putmail putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. | 5.0 |
2007-03-02 | CVE-2006-7087 | Dotdeb | Unspecified vulnerability in Dotdeb PHP CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable. | 5.0 |
2007-03-02 | CVE-2006-7065 | Microsoft Canon | Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. | 5.0 |
2007-02-27 | CVE-2007-1128 | Watersweb Shops | Denial-Of-Service vulnerability in Watersweb Shops Shop KIT Plus Initial shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages. | 5.0 |
2007-02-27 | CVE-2007-1124 | Xeroxer | Input Validation vulnerability in Simple One-File Gallery Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-26 | CVE-2007-1116 | Mozilla | Information Exposure vulnerability in Mozilla Firefox 1.8 The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. | 5.0 |
2007-02-26 | CVE-2007-1110 | Activecalendar | Local File Include vulnerability in Activecalendar 1.2.0 Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-02-26 | CVE-2007-1105 | Extreme Phpbb | Remote File Include vulnerability in Extreme PHPbb Extreme PHPbb 3.0.1 PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 5.0 |
2007-02-26 | CVE-2007-1102 | Photostand | Information Disclosure vulnerability in Photostand 1.2.0 Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages. | 5.0 |
2007-03-02 | CVE-2007-0001 | Redhat | Local Denial of Service vulnerability in Redhat Enterprise Linux 4.0 The file watch implementation in the audit subsystem (auditctl -w) in the Red Hat Enterprise Linux (RHEL) 4 kernel 2.6.9 allows local users to cause a denial of service (kernel panic) by replacing a watched file, which does not cause the watch on the old inode to be dropped. | 4.7 |
2007-03-02 | CVE-2007-1155 | Webspell | Improper Input Validation vulnerability in Webspell Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. | 4.6 |
2007-03-02 | CVE-2007-1228 | IBM Unix | Improper Authentication vulnerability in IBM DB2 8.2/9.0 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | 4.4 |
2007-03-03 | CVE-2007-1248 | Built2Go | Cross-Site Scripting vulnerability in Built2Go News Manager Blog 1.0 Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php. | 4.3 |
2007-03-03 | CVE-2007-1245 | Irfanview | Buffer Errors vulnerability in Irfanview 3.99 IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file. | 4.3 |
2007-03-03 | CVE-2007-1240 | Docebo | Cross-Site Scripting vulnerability in Docebo 3.0.3/3.0.4/3.0.5 Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. | 4.3 |
2007-03-03 | CVE-2007-1239 | Microsoft | Denial Of Service vulnerability in Microsoft Excel 2003 Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference. | 4.3 |
2007-03-03 | CVE-2007-1238 | Microsoft | Resource Management Errors vulnerability in Microsoft Office 2003 Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file. | 4.3 |
2007-03-03 | CVE-2007-1234 | BJ Sintay | Cross-Site Scripting vulnerability in BJ Sintay Sitex 0.7.3 Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (4) the page parameter to calendar_events.php. | 4.3 |
2007-03-03 | CVE-2007-1231 | Sqlitemanager | Cross-Site Scripting vulnerability in Sqlitemanager 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. | 4.3 |
2007-03-02 | CVE-2007-1229 | Nullsoft | Cross-Site Scripting vulnerability in Nullsoft Shoutcast Server 1.9.7 Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | 4.3 |
2007-03-02 | CVE-2007-1199 | Adobe | Information Disclosure vulnerability in Adobe Acrobat/Adobe Reader Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045. | 4.3 |
2007-03-02 | CVE-2007-1198 | Taskfreak | Cross-Site Scripting vulnerability in Taskfreak Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982. | 4.3 |
2007-03-02 | CVE-2007-1180 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact. | 4.3 |
2007-03-02 | CVE-2007-1176 | WEB APP ORG | Cross-Site Scripting vulnerability in WebAPP Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer. | 4.3 |
2007-03-02 | CVE-2007-1175 | WEB APP ORG | Cross-Site Scripting vulnerability in WebAPP Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-03-02 | CVE-2007-1174 | WEB APP ORG | Remote vulnerability in Webapp.Org Webapp Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. | 4.3 |
2007-03-02 | CVE-2007-1161 | Call Center Software | Cross-Site Scripting vulnerability in Call Center Software Call Center Software 0.93 Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. | 4.3 |
2007-03-02 | CVE-2007-1159 | Pyrophobia | Cross-Site Scripting vulnerability in Pyrophobia 2.1.3.1 Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2007-03-02 | CVE-2007-1151 | Lovecms | Cross-Site Scripting vulnerability in Lovecms 1.4 Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | 4.3 |
2007-03-02 | CVE-2007-1145 | Kayako | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.13/3.04.10 Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. | 4.3 |
2007-03-02 | CVE-2007-1142 | Reamday Enterprises | Cross-Site Scripting vulnerability in Reamday Enterprises Magic News Plus 1.0.2 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | 4.3 |
2007-03-02 | CVE-2006-7086 | Mrcgiguy | Information Exposure vulnerability in Mrcgiguy HOT Links The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter. | 4.3 |
2007-03-02 | CVE-2006-7085 | Rigter Portal System | Cross-Site Scripting vulnerability in Rigter Portal System 1.0/2.0/3.0 Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. | 4.3 |
2007-03-02 | CVE-2006-7083 | Rigter Portal System | Directory Traversal vulnerability in Rigter Portal System 1.0/2.0/3.0 Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | 4.3 |
2007-03-02 | CVE-2006-7080 | Exv2 | Input Validation vulnerability in EXV2 Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter. | 4.3 |
2007-03-02 | CVE-2006-7078 | Professional Home Page Tools Login Script | Cross-Site Scripting vulnerability in Professional Home Page Tools Login Script Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) vorname, and (3) nachname parameters in the register script. | 4.3 |
2007-03-02 | CVE-2006-7076 | Phpbb Group | Cross-Site Scripting vulnerability in PHPbb Group PHPbb Advanced Guestbook 2.4.0 Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. | 4.3 |
2007-03-02 | CVE-2006-7073 | Opentools | Cross-Site Scripting vulnerability in Attachment Mod Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. | 4.3 |
2007-03-02 | CVE-2006-7072 | Geodesicsolutions | Cross-Site Scripting vulnerability in Geodesicsolutions Geoclassifieds Enterprise 2.0.5.0/2.0.5.1/2.0.5.2 Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin/index.php, and (3) c[phone] parameter to register.php. | 4.3 |
2007-02-27 | CVE-2007-1132 | Mtcms | Cross-Site Scripting vulnerability in Mtcms 2.2 Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | 4.3 |
2007-02-27 | CVE-2007-1125 | Xeroxer | Cross-Site Scripting vulnerability in Simple One-File Gallery Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter. | 4.3 |
2007-02-26 | CVE-2007-1115 | Opera | Cross-Site Scripting vulnerability in Opera Browser The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
2007-02-26 | CVE-2007-1114 | Microsoft | Cross-Site Scripting vulnerability in Microsoft IE 7.0 The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
2007-02-26 | CVE-2007-0995 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. | 4.3 |
2007-02-26 | CVE-2007-1109 | Phpwebgallery | Cross-Site Scripting vulnerability in PHPwebgallery Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. | 4.3 |
2007-02-26 | CVE-2007-1104 | PHP MIP | Remote File Include vulnerability in PHP MIP PHP MIP 0.1 PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter. | 4.3 |
2007-02-26 | CVE-2007-1103 | TOR | Remote Security vulnerability in Tor Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations. | 4.3 |
2007-02-26 | CVE-2007-1101 | Photostand | Cross-Site Scripting vulnerability in Photostand 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php. | 4.3 |
2007-03-04 | CVE-2006-7108 | Andries Brouwer | Permissions, Privileges, and Access Controls vulnerability in Andries Brouwer Util-Linux 2.12A login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. | 4.1 |
2007-03-02 | CVE-2007-1226 | Mcafee | Unspecified vulnerability in Mcafee Virex McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files. | 4.1 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-02-26 | CVE-2007-0775 | Mozilla | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. | 3.7 |
2007-03-02 | CVE-2007-1150 | Lovecms | Permissions, Privileges, and Access Controls vulnerability in Lovecms 1.4 Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/. | 3.6 |
2007-03-02 | CVE-2007-1194 | Norman | Information Exposure vulnerability in Norman Sandbox Analyzer Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze. | 2.1 |
2007-03-02 | CVE-2007-1191 | Quicksilver | Information Disclosure vulnerability in Quicksilver Del.Icio.Us Module 8F The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file. | 2.1 |