Weekly Vulnerabilities Reports > March 5 to 11, 2007
Overview
161 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 51 high severity vulnerabilities. This weekly summary report vulnerabilities in 148 products from 114 vendors including PHP, Apple, Microsoft, Joomla, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Code Injection", "Numeric Errors", and "SQL Injection".
- 142 reported vulnerabilities are remotely exploitables.
- 42 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 145 reported vulnerabilities are exploitable by an anonymous user.
- PHP has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
30 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-10 | CVE-2007-1408 | Vallheru | Remote Security vulnerability in Vallheru Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impact and remote attack vectors, probably related to large integer values containing more than 15 digits. | 10.0 |
2007-03-10 | CVE-2007-1406 | Edgewall Software | Remote Security vulnerability in Trac Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors. | 10.0 |
2007-03-10 | CVE-2007-1399 | Pecl ZIP PHP | Stack Buffer Overflow vulnerability in PHP Zip URL Wrapper Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. | 10.0 |
2007-03-10 | CVE-2007-1397 | Fish | Remote Buffer Overflow vulnerability in Fish Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) decrypt_topic_332 functions in FiSH allow remote attackers to execute arbitrary code via long strings. | 10.0 |
2007-03-10 | CVE-2007-1394 | Flat Chat | Remote PHP Code Execution vulnerability in Flat Chat Flat Chat 2.0 Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. | 10.0 |
2007-03-10 | CVE-2007-1393 | GEO Soft | Remote File Include vulnerability in GEO Soft Magic CMS 4.2.747 PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | 10.0 |
2007-03-10 | CVE-2007-1391 | Webo | Remote File Include vulnerability in Webo 1.0 PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter. | 10.0 |
2007-03-10 | CVE-2007-1365 | Openbsd | Remote Buffer Overflow vulnerability in Openbsd 3.9/4.0 Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service. | 10.0 |
2007-03-10 | CVE-2007-1383 | PHP | Numeric Errors vulnerability in PHP 4.0 Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286. | 10.0 |
2007-03-10 | CVE-2007-1373 | Pmail | Remote Security vulnerability in Mercury Mail Transport System Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. | 10.0 |
2007-03-10 | CVE-2007-1372 | Postguestbook | Remote File Include vulnerability in Postguestbook 0.6.1 PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter. | 10.0 |
2007-03-07 | CVE-2007-1329 | Ledgersmb SQL Ledger | Directory Traversal vulnerability in LedgerSMB Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . | 10.0 |
2007-03-07 | CVE-2006-7156 | Minibb | Remote File Include vulnerability in MiniBB Keyword Replacer Plugin PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. | 10.0 |
2007-03-07 | CVE-2006-7153 | Minibb | Remote Security vulnerability in Minibb Forum 2 PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter. | 10.0 |
2007-03-07 | CVE-2006-7148 | Phpbb | Remote File Include vulnerability in PHPbb Maluinfo 206.2.38 PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | 10.0 |
2007-03-07 | CVE-2007-1307 | Intel Lenovo | Unspecified vulnerability in IBM ThinkPad Intel PRO/1000 LAN Adapter Software Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. | 10.0 |
2007-03-07 | CVE-2007-1288 | Webmobo | Remote Security vulnerability in WBNews Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendmsg.php in admin/. | 10.0 |
2007-03-07 | CVE-2006-7136 | Phppc | Remote File Include vulnerability in PHP Poll Creator Relativer_PFAD Parameter Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755. | 10.0 |
2007-03-06 | CVE-2006-7134 | Noah Spurrier | Arbitrary File Upload and Directory Traversal vulnerability in Noah Spurrier Upload Tool for PHP 1.0 Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. | 10.0 |
2007-03-06 | CVE-2006-7132 | Cynux Softwares | Directory Traversal vulnerability in Cynux Softwares PHPmydesk 1.0Beta Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php. | 10.0 |
2007-03-06 | CVE-2006-7131 | Jinzora | Remote Security vulnerability in Jinzora 2.6 PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter. | 10.0 |
2007-03-10 | CVE-2007-0999 | Gnome | Remote Security vulnerability in Ekiga Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. | 9.3 |
2007-03-08 | CVE-2007-1344 | Xiph | Unspecified vulnerability in Xiph Icecast Ezstream Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. | 9.3 |
2007-03-07 | CVE-2007-1332 | TKS Banking Solutions | Unspecified vulnerability in TKS Banking Solutions Eportfolio 1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme. | 9.3 |
2007-03-06 | CVE-2007-1282 | Redhat Mozilla | Integer Overflow vulnerability in Mozilla Seamonkey and Thunderbird Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. | 9.3 |
2007-03-05 | CVE-2007-0714 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value. | 9.3 |
2007-03-05 | CVE-2007-0712 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file. | 9.3 |
2007-03-05 | CVE-2007-0711 | Apple Microsoft | Numeric Errors vulnerability in Apple Quicktime Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file. | 9.3 |
2007-03-07 | CVE-2007-1309 | Novell | Permissions, Privileges, and Access Controls vulnerability in Novell Access Manager 3 Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt. | 9.0 |
2007-03-07 | CVE-2007-1301 | Mailenable | Remote Buffer Overflow vulnerability in MailEnable Append Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. | 9.0 |
51 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-07 | CVE-2006-7152 | ASP Nuke | Privilege Escalation vulnerability in Asp-Nuke Community Cookie default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values. | 8.5 |
2007-03-07 | CVE-2007-1327 | Silc | Null Pointer Dereference vulnerability in Silc Silc-Server 1.0.2 The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in silc-server 1.0.2 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a request without a cipher algorithm and an invalid HMAC algorithm. | 7.8 |
2007-03-07 | CVE-2006-7142 | Utimaco | Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30 The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive. | 7.8 |
2007-03-07 | CVE-2007-1306 | Digium | Remote Denial of Service vulnerability in Asterisk SIP Channel Driver Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. | 7.8 |
2007-03-07 | CVE-2007-1303 | Rrdbrowse | Directory Traversal vulnerability in RRDBrowse File Parameter Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-03-07 | CVE-2007-1300 | Douran Software Technologies | Information Disclosure vulnerability in Douran Software Technologies Isputil 3.32.84.1 DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. | 7.8 |
2007-03-07 | CVE-2007-1294 | Divx | Remote Denial of Service vulnerability in Divx web Player 1.3.0 A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. | 7.8 |
2007-03-06 | CVE-2007-1265 | KDE | Unspecified vulnerability in KDE K-Mail KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 7.8 |
2007-03-06 | CVE-2007-1281 | Microsoft Kaspersky LAB Linux | Remote Denial of Service vulnerability in Kaspersky LAB Kaspersky Antivirus Engine 5.5.10/6.0.1.411 Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux allows remote attackers to cause a denial of service (CPU consumption) via a crafted UPX compressed file with a negative offset, which triggers an infinite loop during decompression. | 7.8 |
2007-03-06 | CVE-2006-7121 | Linksys | Denial Of Service vulnerability in Linksys Spa921 1.0.0 The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote attackers to cause a denial of service (reboot) via (1) a long URL, or a long (2) username or (3) password during Basic Authentication. | 7.8 |
2007-03-10 | CVE-2007-1381 | PHP | Buffer Errors vulnerability in PHP 5.0.0 The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers to execute arbitrary code via a WDDX packet with a malformed overlap of a STRING element, which triggers a buffer overflow. | 7.6 |
2007-03-10 | CVE-2007-1410 | Gaziyapboz | SQL injection vulnerability in GaziYapBoz Game Portal Kategori.ASP SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter. | 7.5 |
2007-03-10 | CVE-2007-1407 | Open Solution | Remote Security vulnerability in Quick.Cart Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit." This vulnerability has been addressed through an updated version of the product: http://opensolution.org/download/ | 7.5 |
2007-03-10 | CVE-2007-1403 | Macromedia | ActiveX Control Remote Denial of Service vulnerability in Macromedia Shockwave 10.1.4.20 Multiple stack-based buffer overflows in an ActiveX control in SwDir.dll 10.1.4.20 in Macromedia Shockwave allow remote attackers to cause a denial of service (Internet Explorer 7 crash) and possibly execute arbitrary code via a long (1) BGCOLOR, (2) SRC, (3) AutoStart, (4) Sound, (5) DrawLogo, or (6) DrawProgress property value, different vectors than CVE-2006-6885. | 7.5 |
2007-03-10 | CVE-2007-1402 | Rediff | Remote Code Execution vulnerability in Rediff Toolbar 2.0 The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments. | 7.5 |
2007-03-10 | CVE-2007-1389 | Dynaliens | Remote Authentication Bypass vulnerability in Dynaliens Validlien.PHP3 dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/. | 7.5 |
2007-03-10 | CVE-2007-1385 | Joris Guisson | Remote vulnerability in KTorrent chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value. | 7.5 |
2007-03-10 | CVE-2007-1376 | PHP | Unspecified vulnerability in PHP The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource. | 7.5 |
2007-03-08 | CVE-2007-1343 | Webcalendar | Unspecified vulnerability in Webcalendar includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues. | 7.5 |
2007-03-08 | CVE-2007-1340 | Weltennetz | Remote File Include vulnerability in Weltennetz News-Letterman 1.1 PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter. | 7.5 |
2007-03-08 | CVE-2007-1339 | Monitor Line | SQL Injection vulnerability in Monitor-Line Links Management SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter. | 7.5 |
2007-03-08 | CVE-2007-1338 | Apple | Security Bypass vulnerability in Apple Airport Extreme 7.1 The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | 7.5 |
2007-03-07 | CVE-2007-1326 | Serendipity | SQL-Injection vulnerability in Serendipity 1.1.1 SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter. | 7.5 |
2007-03-07 | CVE-2006-7161 | Aspindir | SQL-Injection vulnerability in Aspindir Hazirsite 2.0 SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter. | 7.5 |
2007-03-07 | CVE-2006-7155 | Novell | Unspecified vulnerability in Novell Bordermanager 3.8 Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. | 7.5 |
2007-03-07 | CVE-2006-7150 | Mambo | SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1 Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | 7.5 |
2007-03-07 | CVE-2006-7144 | Call Center Software | SQL-Injection vulnerability in Call-Center-Software SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page. | 7.5 |
2007-03-07 | CVE-2007-1299 | Mani Stats Reader | Remote File Include vulnerability in Mani Stats Reader Mani Stats Reader 1.2 PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter. | 7.5 |
2007-03-07 | CVE-2007-1298 | AJ Square | SQL-Injection vulnerability in AJ Square Ajauction 1.0 SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | 7.5 |
2007-03-07 | CVE-2007-1297 | AJ Square | SQL Injection vulnerability in AJ Square Ajdating 1.0 SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | 7.5 |
2007-03-07 | CVE-2007-1296 | AJ Square | SQL-Injection vulnerability in AJ Square AJ Classifieds 1.0 SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter. | 7.5 |
2007-03-07 | CVE-2007-1295 | AJ Forum | SQL Injection vulnerability in AJ Forum AJ Forum 1.0 SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter. | 7.5 |
2007-03-07 | CVE-2007-1292 | Jelsoft | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. | 7.5 |
2007-03-07 | CVE-2007-1290 | Tyger | SQL-Injection vulnerability in Tyger BUG Tracking System 1.1.3 SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. | 7.5 |
2007-03-07 | CVE-2006-7135 | PHP Poll Creator | Remote Security vulnerability in PHP Poll Creator PHP Poll Creator 1.04 PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. | 7.5 |
2007-03-06 | CVE-2007-1285 | PHP Canonical Novell Suse Redhat | Uncontrolled Recursion vulnerability in multiple products The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. | 7.5 |
2007-03-06 | CVE-2006-7130 | Jinzora | Code Injection vulnerability in Jinzora PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770. | 7.5 |
2007-03-06 | CVE-2006-7128 | Salims Softhouse | Remote File Include vulnerability in Salims Softhouse JAF CMS 4.0 PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the website parameter. | 7.5 |
2007-03-06 | CVE-2006-7124 | Joomla | Input Validation vulnerability in Joomla BSQ Sitestats 1.8.0 PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | 7.5 |
2007-03-06 | CVE-2006-7123 | Joomla | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0 Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | 7.5 |
2007-03-06 | CVE-2006-7119 | Phpgiggle | Remote Security vulnerability in Phpgiggle PHP remote file inclusion vulnerability in kernel/system/startup.php in J. | 7.5 |
2007-03-06 | CVE-2006-7118 | Dmxready | SQL Injection vulnerability in Dmxready Site Engine Manager 1.0 SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |
2007-03-06 | CVE-2006-7116 | Kubix | SQL Injection vulnerability in Kubix SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. | 7.5 |
2007-03-06 | CVE-2006-7113 | Planerd NET | Improper Input Validation vulnerability in Planerd.Net P-News Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. | 7.5 |
2007-03-05 | CVE-2007-1277 | Wordpress | Improper Input Validation vulnerability in Wordpress 2.1.1 WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php. | 7.5 |
2007-03-05 | CVE-2006-7111 | Futomis CGI Cafe | Remote Authentication Bypass vulnerability in Kmail CGI 1.0.1/1.0.2/1.0.3 Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors. | 7.5 |
2007-03-10 | CVE-2007-1404 | Prosysinfo | Denial-Of-Service vulnerability in Prosysinfo Tftp Server Tftpdwin 0.4.2 tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. | 7.3 |
2007-03-10 | CVE-2007-1398 | Linux Snort | Denial of Service vulnerability in Snort 2.6.1.1/2.6.1.2/2.7Beta1 The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet. | 7.1 |
2007-03-08 | CVE-2007-1347 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows Explorer Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll. | 7.1 |
2007-03-07 | CVE-2007-1325 | Phpmyadmin | Remote Denial of Service vulnerability in phpMyAdmin PMA_ArrayWalkRecursive Function The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. | 7.1 |
2007-03-07 | CVE-2006-7157 | Buffer Errors vulnerability in Google Earth 4.0.2091 Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element. | 7.1 |
76 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-10 | CVE-2007-1401 | PHP | Local Security vulnerability in PHP 4.4.6 Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function. | 6.9 |
2007-03-10 | CVE-2007-1400 | Plesh | Unspecified vulnerability in Plesh Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl. | 6.9 |
2007-03-10 | CVE-2007-1273 | Netbsd Navision | Integer Overflow vulnerability in Navision Financials Server 3.0 Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPAT_FREEBSD or COMPAT_DARWIN option, allows local users to cause a denial of service and possibly gain privileges. | 6.9 |
2007-03-10 | CVE-2007-1371 | Radscan | Remote vulnerability in Radscan Conquest Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933. | 6.9 |
2007-03-10 | CVE-2007-0005 | Linux Omnikey Aaitg | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Omnikey.Aaitg Omnikey Cardman 4040 Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges. | 6.9 |
2007-03-10 | CVE-2006-7163 | Dreameesoft | Local Authentication Bypass vulnerability in Dreameesoft Password Master 1.0 DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. | 6.9 |
2007-03-10 | CVE-2007-1411 | PHP | Local Buffer Overflow vulnerability in PHP MSSQL_Connect Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions. | 6.8 |
2007-03-10 | CVE-2007-1396 | PHP | Unspecified vulnerability in PHP The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. | 6.8 |
2007-03-10 | CVE-2007-1382 | Microsoft PHP | Local Security vulnerability in PHP The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode. | 6.8 |
2007-03-08 | CVE-2007-1359 | MOD Security | Unspecified vulnerability in MOD Security MOD Security Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python. | 6.8 |
2007-03-08 | CVE-2007-1350 | Novell | Buffer Overflow vulnerability in Novell Netmail 3.5.2 Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication. | 6.8 |
2007-03-07 | CVE-2006-7147 | Phpbb | Code Injection vulnerability in PHPbb Import Tools 0.1.3/0.1.4 PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
2007-03-06 | CVE-2007-1286 | PHP | Integer Overflow vulnerability in PHP ZVAL Reference Counter Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter. | 6.8 |
2007-03-06 | CVE-2006-7127 | Salims Softhouse | Code Injection vulnerability in Salims Softhouse JAF CMS 4.0 Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the main_dir parameter to (1) forum/main.php and (2) forum/headlines.php. | 6.8 |
2007-03-06 | CVE-2006-7126 | Joomla | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. | 6.8 |
2007-03-06 | CVE-2006-7125 | Joomla | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. | 6.8 |
2007-03-06 | CVE-2006-7122 | Joomla | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0 Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | 6.8 |
2007-03-06 | CVE-2006-7117 | Kubix | Path Traversal vulnerability in Kubix Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php. | 6.8 |
2007-03-06 | CVE-2007-0994 | Mozilla Debian | Code Injection vulnerability in multiple products A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. | 6.8 |
2007-03-08 | CVE-2007-1346 | SUN | Remote Unauthorized Access vulnerability in Sun Ipmitool Interface Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server. | 6.6 |
2007-03-07 | CVE-2006-7151 | Redhat GNU | Unspecified vulnerability in GNU Libtool-Ltdl 1.5.222.3 Untrusted search path vulnerability in the libtool-ltdl library (libltdl.so) 1.5.22-2.3 in Fedora Core 5 might allow local users to execute arbitrary code via a malicious library in the (1) hwcap, (2) 0, and (3) nosegneg subdirectories. | 6.6 |
2007-03-05 | CVE-2006-7109 | Drupal | File-Upload vulnerability in Imce Module Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif. | 6.5 |
2007-03-10 | CVE-2007-1384 | Joris Guisson | Remote vulnerability in KTorrent Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename. | 6.4 |
2007-03-07 | CVE-2006-7159 | BTI Tracker Btitracker | Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action. | 6.4 |
2007-03-07 | CVE-2007-1289 | Tyger | Input Validation vulnerability in Tyger BUG Tracking System 1.1.3 SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter. | 6.4 |
2007-03-09 | CVE-2007-1370 | Zend | Unspecified vulnerability in Zend Platform 2.2.1A Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. | 6.2 |
2007-03-08 | CVE-2007-1360 | Drupal | Unspecified vulnerability in Drupal Nodefamily 5.11.0 Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users' profiles via unspecified URL parameters. | 6.0 |
2007-03-07 | CVE-2006-7138 | Oracle | SQL Injection vulnerability in Oracle Apex 2.0/2.1 SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. | 6.0 |
2007-03-06 | CVE-2006-7112 | Maxdev | Path Traversal vulnerability in Maxdev Mdpro Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it. | 6.0 |
2007-03-07 | CVE-2006-7143 | Call Center Software | Cross-Site Scripting vulnerability in Call-Center-Software Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field. | 5.8 |
2007-03-07 | CVE-2006-7140 | SUN | Remote Security vulnerability in Solaris The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. | 5.8 |
2007-03-07 | CVE-2007-1293 | Rigter Portal System | SQL injection vulnerability in Rigter Portal System Rigter Portal System 6.2 SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php. | 5.8 |
2007-03-07 | CVE-2007-1291 | Tyger | Cross-Site Scripting vulnerability in Tyger BUG Tracking System 1.1.3 Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php. | 5.8 |
2007-03-05 | CVE-2007-0718 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists. | 5.8 |
2007-03-05 | CVE-2007-0717 | Apple | Code Execution vulnerability in Apple QuickTime Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | 5.8 |
2007-03-05 | CVE-2007-0716 | Apple | Code Execution vulnerability in Apple QuickTime Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file. | 5.8 |
2007-03-05 | CVE-2007-0715 | Apple | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file. | 5.8 |
2007-03-05 | CVE-2007-0713 | Apple | Code Execution vulnerability in Apple QuickTime Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file. | 5.8 |
2007-03-07 | CVE-2006-7145 | Call Center Software | Input Validation and Information Disclosure vulnerability in Call-Center-Software edit_user.php in Call Center Software 0.93 and earlier allows remote attackers to obtain sensitive information such as account passwords via a modified user_id parameter. | 5.5 |
2007-03-05 | CVE-2006-7110 | Drupal | Unspecified vulnerability in Drupal Imce Module Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences. | 5.5 |
2007-03-10 | CVE-2007-1379 | PHP | Unspecified vulnerability in PHP The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code. | 5.1 |
2007-03-10 | CVE-2007-1378 | PHP | Unspecified vulnerability in PHP The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments. | 5.1 |
2007-03-10 | CVE-2007-1409 | Wordpress | Information Disclosure vulnerability in WordPress WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. | 5.0 |
2007-03-10 | CVE-2007-1392 | Netforo | Local File Include vulnerability in Netforo 0.1 Directory traversal vulnerability in down.php in netForo! 0.1g allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-10 | CVE-2007-1380 | PHP | Unspecified vulnerability in PHP The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. | 5.0 |
2007-03-10 | CVE-2007-1377 | Adobe Mozilla Netscape Opera | Resource Exhaustion vulnerability in multiple products AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. | 5.0 |
2007-03-10 | CVE-2007-1375 | PHP | Integer Overflow vulnerability in PHP 5 Substr_Compare Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991. | 5.0 |
2007-03-08 | CVE-2007-1341 | Simple Invoices | Unspecified vulnerability in Simple Invoices Simple Invoices 20061211/20070125/20070202 include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information. | 5.0 |
2007-03-07 | CVE-2006-7154 | Iono | Remote Security vulnerability in Iono Iono allows remote attackers to obtain the full server path via certain requests to (1) templates/iono/admin/denied.tpl.php, (2) templates/iono/admin/index.tpl.php, and (a) other unspecified files in templates/. | 5.0 |
2007-03-06 | CVE-2007-1269 | GNU | Unspecified vulnerability in GNU Gnumail 1.1.2 GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1268 | Mutt | Unspecified vulnerability in Mutt Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1267 | Sylpheed | Unspecified vulnerability in Sylpheed Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1266 | Gnome | Unspecified vulnerability in Gnome Evolution Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1264 | Enigmail | Unspecified vulnerability in Enigmail Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2007-1263 | GNU Gnupg | GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. | 5.0 |
2007-03-06 | CVE-2006-7114 | Planerd NET | Permissions, Privileges, and Access Controls vulnerability in Planerd.Net P-News P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. | 5.0 |
2007-03-07 | CVE-2006-7160 | Agnitum | Improper Input Validation vulnerability in Agnitum Outpost Firewall The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. | 4.9 |
2007-03-10 | CVE-2007-1388 | Linux | Resource Management Errors vulnerability in Linux Kernel The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux kernel before 2.6.20, and possibly other versions, allows local users to cause a denial of service (oops) by calling setsockopt with the IPV6_RTHDR option name and possibly a zero option length or invalid option value, which triggers a NULL pointer dereference. | 4.4 |
2007-03-09 | CVE-2007-1369 | Zend | Unspecified vulnerability in Zend Platform ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc. | 4.4 |
2007-03-07 | CVE-2007-1330 | Comodo | Local Protection Mechanism Bypass vulnerability in Comodo Firewall PRO 2.4.16.174/2.4.17.183/2.4.18.184 Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\SYSTEM\Software\Comodo\Personal Firewall registry key by guessing the name of a named pipe under \Device\NamedPipe\OLE and attempting to open it multiple times. | 4.4 |
2007-03-10 | CVE-2007-1405 | Edgewall Software | Cross-Site Scripting vulnerability in Trac Download Function Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2007-03-10 | CVE-2007-1395 | Phpmyadmin | Cross-Site Scripting vulnerability in phpMyAdmin Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. | 4.3 |
2007-03-10 | CVE-2007-1390 | Dynaliens | Cross-Site Scripting vulnerability in Dynaliens 2.0/2.1 Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3. | 4.3 |
2007-03-10 | CVE-2007-1374 | Snitz Communications | HTML Injection vulnerability in Snitz Communications Snitz Forums 2000 3.4.06 Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. | 4.3 |
2007-03-09 | CVE-2007-1367 | Avaya | Remote Code Execution vulnerability in Avaya Communications Manager Javascript Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field. | 4.3 |
2007-03-08 | CVE-2007-1361 | Virtuemart | Cross-Site Scripting vulnerability in VirtueMart Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-03-08 | CVE-2007-1342 | Jelsoft | HTML Injection vulnerability in RETIRED: VBulletin Event Admincp/Index.PHP RSS Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form. | 4.3 |
2007-03-07 | CVE-2007-1331 | TKS Banking Solutions | Unspecified vulnerability in TKS Banking Solutions Eportfolio 1.0 Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program. | 4.3 |
2007-03-07 | CVE-2007-1328 | Bernard Joly | Cross-Site Scripting vulnerability in Bj Webring Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu. | 4.3 |
2007-03-07 | CVE-2006-7158 | Oracle | Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. | 4.3 |
2007-03-07 | CVE-2006-7149 | Mambo | Cross-Site Scripting vulnerability in Mambo 4.6/4.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. | 4.3 |
2007-03-07 | CVE-2007-1308 | KDE | Resource Management Errors vulnerability in KDE Konqueror 3.5.5 ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | 4.3 |
2007-03-07 | CVE-2006-7137 | Tiny Portal | Cross-Site Scripting vulnerability in Tiny Portal Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. | 4.3 |
2007-03-06 | CVE-2007-1287 | PHP | Cross-Site Scripting vulnerability in PHP A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. | 4.3 |
2007-03-05 | CVE-2007-1276 | Usermin Webmin | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | 4.3 |
2007-03-10 | CVE-2007-1345 | Broadcom | Unspecified vulnerability in Broadcom Etrust Admin 8.1/8.1.1/8.1.2 Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface. | 4.1 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-09 | CVE-2007-1368 | Drupal | Unspecified vulnerability in Drupal Project Issue Tracking The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier. | 3.5 |
2007-03-07 | CVE-2006-7139 | KDE | Improper Input Validation vulnerability in KDE K-Mail 1.9.1 Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | 2.6 |
2007-03-06 | CVE-2006-7129 | ISS | Unspecified vulnerability in ISS Blackice PC Protection 3.6Cpj/3.6Cpu ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files. | 2.1 |
2007-03-07 | CVE-2006-7162 | Putty | Information Disclosure vulnerability in PUTTY PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. | 1.9 |