Weekly Vulnerabilities Reports > March 5 to 11, 2007

Overview

161 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 148 products from 114 vendors including PHP, Apple, Microsoft, Joomla, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Code Injection", "Numeric Errors", and "SQL Injection".

  • 142 reported vulnerabilities are remotely exploitables.
  • 42 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 145 reported vulnerabilities are exploitable by an anonymous user.
  • PHP has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-10 CVE-2007-1408 Vallheru Remote Security vulnerability in Vallheru

Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits.

10.0
2007-03-10 CVE-2007-1406 Edgewall Software Remote Security vulnerability in Trac

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

10.0
2007-03-10 CVE-2007-1399 Pecl ZIP
PHP
Stack Buffer Overflow vulnerability in PHP Zip URL Wrapper

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

10.0
2007-03-10 CVE-2007-1397 Fish Remote Buffer Overflow vulnerability in Fish

Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings.

10.0
2007-03-10 CVE-2007-1394 Flat Chat Remote PHP Code Execution vulnerability in Flat Chat Flat Chat 2.0

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php.

10.0
2007-03-10 CVE-2007-1393 GEO Soft Remote File Include vulnerability in GEO Soft Magic CMS 4.2.747

PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

10.0
2007-03-10 CVE-2007-1391 Webo Remote File Include vulnerability in Webo 1.0

PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.

10.0
2007-03-10 CVE-2007-1365 Openbsd Remote Buffer Overflow vulnerability in Openbsd 3.9/4.0

Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.

10.0
2007-03-10 CVE-2007-1383 PHP Numeric Errors vulnerability in PHP 4.0

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.

10.0
2007-03-10 CVE-2007-1373 Pmail Remote Security vulnerability in Mercury Mail Transport System

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command.

10.0
2007-03-10 CVE-2007-1372 Postguestbook Remote File Include vulnerability in Postguestbook 0.6.1

PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.

10.0
2007-03-07 CVE-2007-1329 Ledgersmb
SQL Ledger
Directory Traversal vulnerability in LedgerSMB

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via .

10.0
2007-03-07 CVE-2006-7156 Minibb Remote File Include vulnerability in MiniBB Keyword Replacer Plugin

PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.

10.0
2007-03-07 CVE-2006-7153 Minibb Remote Security vulnerability in Minibb Forum 2

PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.

10.0
2007-03-07 CVE-2006-7148 Phpbb Remote File Include vulnerability in PHPbb Maluinfo 206.2.38

PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

10.0
2007-03-07 CVE-2007-1307 Intel
Lenovo
Unspecified vulnerability in IBM ThinkPad Intel PRO/1000 LAN Adapter Software

Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.

10.0
2007-03-07 CVE-2007-1288 Webmobo Remote Security vulnerability in WBNews

Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/.

10.0
2007-03-07 CVE-2006-7136 Phppc Remote File Include vulnerability in PHP Poll Creator Relativer_PFAD Parameter

Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.

10.0
2007-03-06 CVE-2006-7134 Noah Spurrier Arbitrary File Upload and Directory Traversal vulnerability in Noah Spurrier Upload Tool for PHP 1.0

Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php.

10.0
2007-03-06 CVE-2006-7132 Cynux Softwares Directory Traversal vulnerability in Cynux Softwares PHPmydesk 1.0Beta

Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.

10.0
2007-03-06 CVE-2006-7131 Jinzora Remote Security vulnerability in Jinzora 2.6

PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.

10.0
2007-03-10 CVE-2007-0999 Gnome Remote Security vulnerability in Ekiga

Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.

9.3
2007-03-08 CVE-2007-1344 Xiph Unspecified vulnerability in Xiph Icecast Ezstream

Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow.

9.3
2007-03-07 CVE-2007-1332 TKS Banking Solutions Unspecified vulnerability in TKS Banking Solutions Eportfolio 1.0

Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.

9.3
2007-03-06 CVE-2007-1282 Redhat
Mozilla
Integer Overflow vulnerability in Mozilla Seamonkey and Thunderbird

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.

9.3
2007-03-05 CVE-2007-0714 Apple
Microsoft
Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

9.3
2007-03-05 CVE-2007-0712 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.

9.3
2007-03-05 CVE-2007-0711 Apple
Microsoft
Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

9.3
2007-03-07 CVE-2007-1309 Novell Permissions, Privileges, and Access Controls vulnerability in Novell Access Manager 3

Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.

9.0
2007-03-07 CVE-2007-1301 Mailenable Remote Buffer Overflow vulnerability in MailEnable Append

Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command.

9.0

51 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-07 CVE-2006-7152 ASP Nuke Privilege Escalation vulnerability in Asp-Nuke Community Cookie

default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.

8.5
2007-03-07 CVE-2007-1327 Silc Null Pointer Dereference vulnerability in Silc Silc-Server 1.0.2

The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm.

7.8
2007-03-07 CVE-2006-7142 Utimaco Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30

The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.

7.8
2007-03-07 CVE-2007-1306 Digium Remote Denial of Service vulnerability in Asterisk SIP Channel Driver

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

7.8
2007-03-07 CVE-2007-1303 Rrdbrowse Directory Traversal vulnerability in RRDBrowse File Parameter

Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a ..

7.8
2007-03-07 CVE-2007-1300 Douran Software Technologies Information Disclosure vulnerability in Douran Software Technologies Isputil 3.32.84.1

DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini.

7.8
2007-03-07 CVE-2007-1294 Divx Remote Denial of Service vulnerability in Divx web Player 1.3.0

A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

7.8
2007-03-06 CVE-2007-1265 KDE Unspecified vulnerability in KDE K-Mail

KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

7.8
2007-03-06 CVE-2007-1281 Microsoft
Kaspersky LAB
Linux
Remote Denial of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0.1.411

Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression.

7.8
2007-03-06 CVE-2006-7121 Linksys Denial Of Service vulnerability in Linksys Spa921 1.0.0

The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication.

7.8
2007-03-10 CVE-2007-1381 PHP Buffer Errors vulnerability in PHP 5.0.0

The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow.

7.6
2007-03-10 CVE-2007-1410 Gaziyapboz SQL injection vulnerability in GaziYapBoz Game Portal Kategori.ASP

SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.

7.5
2007-03-10 CVE-2007-1407 Open Solution Remote Security vulnerability in Quick.Cart

Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." This vulnerability has been addressed through an updated version of the product: http://opensolution.org/download/

7.5
2007-03-10 CVE-2007-1403 Macromedia ActiveX Control Remote Denial of Service vulnerability in Macromedia Shockwave 10.1.4.20

Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885.

7.5
2007-03-10 CVE-2007-1402 Rediff Remote Code Execution vulnerability in Rediff Toolbar 2.0

The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.

7.5
2007-03-10 CVE-2007-1389 Dynaliens Remote Authentication Bypass vulnerability in Dynaliens Validlien.PHP3

dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.

7.5
2007-03-10 CVE-2007-1385 Joris Guisson Remote vulnerability in KTorrent

chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.

7.5
2007-03-10 CVE-2007-1376 PHP Unspecified vulnerability in PHP

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

7.5
2007-03-08 CVE-2007-1343 Webcalendar Unspecified vulnerability in Webcalendar

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

7.5
2007-03-08 CVE-2007-1340 Weltennetz Remote File Include vulnerability in Weltennetz News-Letterman 1.1

PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.

7.5
2007-03-08 CVE-2007-1339 Monitor Line SQL Injection vulnerability in Monitor-Line Links Management

SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.

7.5
2007-03-08 CVE-2007-1338 Apple Security Bypass vulnerability in Apple Airport Extreme 7.1

The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.

7.5
2007-03-07 CVE-2007-1326 Serendipity SQL-Injection vulnerability in Serendipity 1.1.1

SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.

7.5
2007-03-07 CVE-2006-7161 Aspindir SQL-Injection vulnerability in Aspindir Hazirsite 2.0

SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.

7.5
2007-03-07 CVE-2006-7155 Novell Unspecified vulnerability in Novell Bordermanager 3.8

Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks.

7.5
2007-03-07 CVE-2006-7150 Mambo SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1

Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.

7.5
2007-03-07 CVE-2006-7144 Call Center Software SQL-Injection vulnerability in Call-Center-Software

SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.

7.5
2007-03-07 CVE-2007-1299 Mani Stats Reader Remote File Include vulnerability in Mani Stats Reader Mani Stats Reader 1.2

PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.

7.5
2007-03-07 CVE-2007-1298 AJ Square SQL-Injection vulnerability in AJ Square Ajauction 1.0

SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

7.5
2007-03-07 CVE-2007-1297 AJ Square SQL Injection vulnerability in AJ Square Ajdating 1.0

SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

7.5
2007-03-07 CVE-2007-1296 AJ Square SQL-Injection vulnerability in AJ Square AJ Classifieds 1.0

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

7.5
2007-03-07 CVE-2007-1295 AJ Forum SQL Injection vulnerability in AJ Forum AJ Forum 1.0

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

7.5
2007-03-07 CVE-2007-1292 Jelsoft SQL-Injection vulnerability in vBulletin

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter.

7.5
2007-03-07 CVE-2007-1290 Tyger SQL-Injection vulnerability in Tyger BUG Tracking System 1.1.3

SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter.

7.5
2007-03-07 CVE-2006-7135 PHP Poll Creator Remote Security vulnerability in PHP Poll Creator PHP Poll Creator 1.04

PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755.

7.5
2007-03-06 CVE-2007-1285 PHP
Canonical
Novell
Suse
Redhat
Uncontrolled Recursion vulnerability in multiple products

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

7.5
2007-03-06 CVE-2006-7130 Jinzora Code Injection vulnerability in Jinzora

PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770.

7.5
2007-03-06 CVE-2006-7128 Salims Softhouse Remote File Include vulnerability in Salims Softhouse JAF CMS 4.0

PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter.

7.5
2007-03-06 CVE-2006-7124 Joomla Input Validation vulnerability in Joomla BSQ Sitestats 1.8.0

PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.

7.5
2007-03-06 CVE-2006-7123 Joomla SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

7.5
2007-03-06 CVE-2006-7119 Phpgiggle Remote Security vulnerability in Phpgiggle

PHP remote file inclusion vulnerability in kernel/system/startup.php in J.

7.5
2007-03-06 CVE-2006-7118 Dmxready SQL Injection vulnerability in Dmxready Site Engine Manager 1.0

SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

7.5
2007-03-06 CVE-2006-7116 Kubix SQL Injection vulnerability in Kubix

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.

7.5
2007-03-06 CVE-2006-7113 Planerd NET Improper Input Validation vulnerability in Planerd.Net P-News

Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file.

7.5
2007-03-05 CVE-2007-1277 Wordpress Improper Input Validation vulnerability in Wordpress 2.1.1

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

7.5
2007-03-05 CVE-2006-7111 Futomis CGI Cafe Remote Authentication Bypass vulnerability in Kmail CGI 1.0.1/1.0.2/1.0.3

Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.

7.5
2007-03-10 CVE-2007-1404 Prosysinfo Denial-Of-Service vulnerability in Prosysinfo Tftp Server Tftpdwin 0.4.2

tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call.

7.3
2007-03-10 CVE-2007-1398 Linux
Snort
Denial of Service vulnerability in Snort 2.6.1.1/2.6.1.2/2.7Beta1

The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.

7.1
2007-03-08 CVE-2007-1347 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Explorer

Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.

7.1
2007-03-07 CVE-2007-1325 Phpmyadmin Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

7.1
2007-03-07 CVE-2006-7157 Google Buffer Errors vulnerability in Google Earth 4.0.2091

Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.

7.1

76 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-10 CVE-2007-1401 PHP Local Security vulnerability in PHP 4.4.6

Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

6.9
2007-03-10 CVE-2007-1400 Plesh Unspecified vulnerability in Plesh

Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.

6.9
2007-03-10 CVE-2007-1273 Netbsd
Navision
Integer Overflow vulnerability in Navision Financials Server 3.0

Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges.

6.9
2007-03-10 CVE-2007-1371 Radscan Remote vulnerability in Radscan Conquest

Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.

6.9
2007-03-10 CVE-2007-0005 Linux
Omnikey Aaitg
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Omnikey.Aaitg Omnikey Cardman 4040

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

6.9
2007-03-10 CVE-2006-7163 Dreameesoft Local Authentication Bypass vulnerability in Dreameesoft Password Master 1.0

DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass.

6.9
2007-03-10 CVE-2007-1411 PHP Local Buffer Overflow vulnerability in PHP MSSQL_Connect

Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.

6.8
2007-03-10 CVE-2007-1396 PHP Unspecified vulnerability in PHP

The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact.

6.8
2007-03-10 CVE-2007-1382 Microsoft
PHP
Local Security vulnerability in PHP

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

6.8
2007-03-08 CVE-2007-1359 MOD Security Unspecified vulnerability in MOD Security MOD Security

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

6.8
2007-03-08 CVE-2007-1350 Novell Buffer Overflow vulnerability in Novell Netmail 3.5.2

Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.

6.8
2007-03-07 CVE-2006-7147 Phpbb Code Injection vulnerability in PHPbb Import Tools 0.1.3/0.1.4

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

6.8
2007-03-06 CVE-2007-1286 PHP Integer Overflow vulnerability in PHP ZVAL Reference Counter

Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.

6.8
2007-03-06 CVE-2006-7127 Salims Softhouse Code Injection vulnerability in Salims Softhouse JAF CMS 4.0

Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php.

6.8
2007-03-06 CVE-2006-7126 Joomla SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1

SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.

6.8
2007-03-06 CVE-2006-7125 Joomla Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.

6.8
2007-03-06 CVE-2006-7122 Joomla Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0

Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.

6.8
2007-03-06 CVE-2006-7117 Kubix Path Traversal vulnerability in Kubix

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

6.8
2007-03-06 CVE-2007-0994 Mozilla
Debian
Code Injection vulnerability in multiple products

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

6.8
2007-03-08 CVE-2007-1346 SUN Remote Unauthorized Access vulnerability in Sun Ipmitool Interface

Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.

6.6
2007-03-07 CVE-2006-7151 Redhat
GNU
Unspecified vulnerability in GNU Libtool-Ltdl 1.5.222.3

Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories.

6.6
2007-03-05 CVE-2006-7109 Drupal File-Upload vulnerability in Imce Module

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

6.5
2007-03-10 CVE-2007-1384 Joris Guisson Remote vulnerability in KTorrent

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.

6.4
2007-03-07 CVE-2006-7159 BTI Tracker
Btitracker
Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
6.4
2007-03-07 CVE-2007-1289 Tyger Input Validation vulnerability in Tyger BUG Tracking System 1.1.3

SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.

6.4
2007-03-09 CVE-2007-1370 Zend Unspecified vulnerability in Zend Platform 2.2.1A

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files.

6.2
2007-03-08 CVE-2007-1360 Drupal Unspecified vulnerability in Drupal Nodefamily 5.11.0

Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters.

6.0
2007-03-07 CVE-2006-7138 Oracle SQL Injection vulnerability in Oracle Apex 2.0/2.1

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter.

6.0
2007-03-06 CVE-2006-7112 Maxdev Path Traversal vulnerability in Maxdev Mdpro

Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.

6.0
2007-03-07 CVE-2006-7143 Call Center Software Cross-Site Scripting vulnerability in Call-Center-Software

Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.

5.8
2007-03-07 CVE-2006-7140 SUN Remote Security vulnerability in Solaris

The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.

5.8
2007-03-07 CVE-2007-1293 Rigter Portal System SQL injection vulnerability in Rigter Portal System Rigter Portal System 6.2

SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

5.8
2007-03-07 CVE-2007-1291 Tyger Cross-Site Scripting vulnerability in Tyger BUG Tracking System 1.1.3

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

5.8
2007-03-05 CVE-2007-0718 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

5.8
2007-03-05 CVE-2007-0717 Apple Code Execution vulnerability in Apple QuickTime

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

5.8
2007-03-05 CVE-2007-0716 Apple Code Execution vulnerability in Apple QuickTime

Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

5.8
2007-03-05 CVE-2007-0715 Apple Code Execution vulnerability in Apple QuickTime

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

5.8
2007-03-05 CVE-2007-0713 Apple Code Execution vulnerability in Apple QuickTime

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

5.8
2007-03-07 CVE-2006-7145 Call Center Software Input Validation and Information Disclosure vulnerability in Call-Center-Software

edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter.

5.5
2007-03-05 CVE-2006-7110 Drupal Unspecified vulnerability in Drupal Imce Module

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.

5.5
2007-03-10 CVE-2007-1379 PHP Unspecified vulnerability in PHP

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

5.1
2007-03-10 CVE-2007-1378 PHP Unspecified vulnerability in PHP

The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.

5.1
2007-03-10 CVE-2007-1409 Wordpress Information Disclosure vulnerability in WordPress

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

5.0
2007-03-10 CVE-2007-1392 Netforo Local File Include vulnerability in Netforo 0.1

Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a ..

5.0
2007-03-10 CVE-2007-1380 PHP Unspecified vulnerability in PHP

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

5.0
2007-03-10 CVE-2007-1377 Adobe
Mozilla
Netscape
Opera
Resource Exhaustion vulnerability in multiple products

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.

5.0
2007-03-10 CVE-2007-1375 PHP Integer Overflow vulnerability in PHP 5 Substr_Compare

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

5.0
2007-03-08 CVE-2007-1341 Simple Invoices Unspecified vulnerability in Simple Invoices Simple Invoices 20061211/20070125/20070202

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

5.0
2007-03-07 CVE-2006-7154 Iono Remote Security vulnerability in Iono

Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/.

5.0
2007-03-06 CVE-2007-1269 GNU Unspecified vulnerability in GNU Gnumail 1.1.2

GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

5.0
2007-03-06 CVE-2007-1268 Mutt Unspecified vulnerability in Mutt

Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

5.0
2007-03-06 CVE-2007-1267 Sylpheed Unspecified vulnerability in Sylpheed

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

5.0
2007-03-06 CVE-2007-1266 Gnome Unspecified vulnerability in Gnome Evolution

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

5.0
2007-03-06 CVE-2007-1264 Enigmail Unspecified vulnerability in Enigmail

Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

5.0
2007-03-06 CVE-2007-1263 GNU
Gnupg
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
5.0
2007-03-06 CVE-2006-7114 Planerd NET Permissions, Privileges, and Access Controls vulnerability in Planerd.Net P-News

P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request.

5.0
2007-03-07 CVE-2006-7160 Agnitum Improper Input Validation vulnerability in Agnitum Outpost Firewall

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions.

4.9
2007-03-10 CVE-2007-1388 Linux Resource Management Errors vulnerability in Linux Kernel

The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference.

4.4
2007-03-09 CVE-2007-1369 Zend Unspecified vulnerability in Zend Platform

ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.

4.4
2007-03-07 CVE-2007-1330 Comodo Local Protection Mechanism Bypass vulnerability in Comodo Firewall PRO 2.4.16.174/2.4.17.183/2.4.18.184

Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times.

4.4
2007-03-10 CVE-2007-1405 Edgewall Software Cross-Site Scripting vulnerability in Trac Download Function

Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2007-03-10 CVE-2007-1395 Phpmyadmin Cross-Site Scripting vulnerability in phpMyAdmin

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

4.3
2007-03-10 CVE-2007-1390 Dynaliens Cross-Site Scripting vulnerability in Dynaliens 2.0/2.1

Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.

4.3
2007-03-10 CVE-2007-1374 Snitz Communications HTML Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06

Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter.

4.3
2007-03-09 CVE-2007-1367 Avaya Remote Code Execution vulnerability in Avaya Communications Manager Javascript

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

4.3
2007-03-08 CVE-2007-1361 Virtuemart Cross-Site Scripting vulnerability in VirtueMart

Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-03-08 CVE-2007-1342 Jelsoft HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS

Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.

4.3
2007-03-07 CVE-2007-1331 TKS Banking Solutions Unspecified vulnerability in TKS Banking Solutions Eportfolio 1.0

Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program.

4.3
2007-03-07 CVE-2007-1328 Bernard Joly Cross-Site Scripting vulnerability in Bj Webring

Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu.

4.3
2007-03-07 CVE-2006-7158 Oracle Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter.

4.3
2007-03-07 CVE-2006-7149 Mambo Cross-Site Scripting vulnerability in Mambo 4.6/4.6.1

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.

4.3
2007-03-07 CVE-2007-1308 KDE Resource Management Errors vulnerability in KDE Konqueror 3.5.5

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

4.3
2007-03-07 CVE-2006-7137 Tiny Portal Cross-Site Scripting vulnerability in Tiny Portal

Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.

4.3
2007-03-06 CVE-2007-1287 PHP Cross-Site Scripting vulnerability in PHP

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

4.3
2007-03-05 CVE-2007-1276 Usermin
Webmin
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

4.3
2007-03-10 CVE-2007-1345 Broadcom Unspecified vulnerability in Broadcom Etrust Admin 8.1/8.1.1/8.1.2

Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.

4.1

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-09 CVE-2007-1368 Drupal Unspecified vulnerability in Drupal Project Issue Tracking

The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.

3.5
2007-03-07 CVE-2006-7139 KDE Improper Input Validation vulnerability in KDE K-Mail 1.9.1

Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.

2.6
2007-03-06 CVE-2006-7129 ISS Unspecified vulnerability in ISS Blackice PC Protection 3.6Cpj/3.6Cpu

ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.

2.1
2007-03-07 CVE-2006-7162 Putty Information Disclosure vulnerability in PUTTY

PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.

1.9