Weekly Vulnerabilities Reports > March 12 to 18, 2007

Overview

101 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 74 vendors including Apple, PHP, Linux, Microsoft, and Grayscale. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".

  • 87 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 93 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-16 CVE-2007-1447 Broadcom Unspecified vulnerability in Broadcom Brightstor Arcserve Backup

The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076.

10.0
2007-03-16 CVE-2007-1486 Carbonize Remote Security vulnerability in Lazarus Guestbook

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability.

10.0
2007-03-16 CVE-2007-1485 Ftplib Buffer-Overflow vulnerability in Ftplib 3.11

** DISPUTED ** Buffer overflow in the set_umask function in QFTP in LIBFtp 3.1-1 allows local users to execute arbitrary code via a long -m argument.

10.0
2007-03-14 CVE-2007-1457 Christian Scheurer Buffer Overflow vulnerability in Unrarlib URarLib_Get Function

Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.

10.0
2007-03-13 CVE-2007-1435 D Link Remote Buffer Overflow vulnerability in D-Link Tftp Server 1.0

Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption.

10.0
2007-03-13 CVE-2007-1421 Premod Subdog Remote File Include vulnerability in Premod Subdog Premod Subdog 2

Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/.

10.0
2007-03-12 CVE-2007-1416 Jccorp Remote File Include vulnerability in Jccorp Urlshrink 1.3.1

PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.

10.0
2007-03-12 CVE-2007-1414 Coppermine Remote File Include vulnerability in Retired: Coppermine Photo Gallery

Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.

10.0
2007-03-16 CVE-2007-1498 Mcafee Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot

Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call.

9.3
2007-03-16 CVE-2007-0002 Libwpd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libwpd Library 0.8.2/0.8.6/0.8.7

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions.

9.3
2007-03-13 CVE-2007-1439 Bitesser Remote File Include vulnerability in MySQL Commander

PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.

9.3
2007-03-13 CVE-2007-0733 Apple Applications Multiple vulnerability in Apple Mac OS X

Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.

9.3
2007-03-13 CVE-2007-0731 Apple Applications Multiple vulnerability in Apple Mac OS X

Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

9.3
2007-03-13 CVE-2007-1423 Work System E Commerce Remote File Include vulnerability in Work System ECommerce Include_Top.PHP

Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts.

9.3
2007-03-14 CVE-2007-1455 Cpanel Host File-Upload vulnerability in Fantastico De Luxe

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.

9.0
2007-03-13 CVE-2007-1437 Ledgersmb
SQL Ledger
Remote Security vulnerability in LedgerSMB

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

9.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-13 CVE-2007-0723 Apple Applications Multiple vulnerability in Apple Mac OS X

Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.

8.5
2007-03-14 CVE-2007-1461 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.

7.8
2007-03-13 CVE-2007-1431 Pennmush Command Denial Of Service vulnerability in Pennmush 1.8.2/1.8.3

Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions.

7.8
2007-03-13 CVE-2007-1426 Astrocam Improper Input Validation vulnerability in Astrocam

The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue."

7.8
2007-03-12 CVE-2007-1412 PHP Local Information Disclosure vulnerability in PHP 4.4.6

The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.

7.8
2007-03-16 CVE-2007-1493 Nukescripts SQL-Injection vulnerability in NukeSentinel

nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172.

7.5
2007-03-16 CVE-2007-1488 SUN Unauthorized Access vulnerability in SUN Java System web Server 6.0/6.1

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application.

7.5
2007-03-16 CVE-2007-1483 K5N Code Injection vulnerability in K5N Webcalendar 0.9.45

Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.

7.5
2007-03-16 CVE-2007-1481 Wbblog Input Validation vulnerability in WBBlog

SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.

7.5
2007-03-16 CVE-2007-1480 Creative Guestbook Improper Authentication vulnerability in Creative Guestbook Creative Guestbook 1.0

Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set.

7.5
2007-03-16 CVE-2007-1477 Oscommerce Unspecified vulnerability in Oscommerce PHP Point of Sale 1.1

** DISPUTED ** Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-03-16 CVE-2007-1471 Orion Blog Security Bypass vulnerability in Orion-Blog 2.0

admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.

7.5
2007-03-16 CVE-2007-1469 Xigla SQL Injection vulnerability in Xigla Absolute Image Gallery XE 2.0

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

7.5
2007-03-14 CVE-2007-1456 Phpalbum NET Unspecified vulnerability in PHPalbum.Net PHPalbum

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter.

7.5
2007-03-14 CVE-2007-1453 PHP Remote Buffer Overflow vulnerability in PHP 5.2.0

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.

7.5
2007-03-14 CVE-2007-1450 Phpnuke SQL-Injection vulnerability in Php-Nuke

SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.

7.5
2007-03-14 CVE-2007-1446 Danny HO Code Injection vulnerability in Danny HO OES 0.1

Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/.

7.5
2007-03-14 CVE-2007-1445 Betaparticle SQL-Injection vulnerability in Betaparticle Blog 7.0

SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.

7.5
2007-03-13 CVE-2007-1440 Jgbbs SQL injection vulnerability in Jgbbs 3.0

SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.

7.5
2007-03-13 CVE-2007-1438 X ICE SQL Injection vulnerability in X-Ice News System 1.0

SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-03-13 CVE-2007-1436 Ledgersmb
SQL Ledger
Password Check vulnerability in LedgerSMB

Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.

7.5
2007-03-13 CVE-2007-1434 Grayscale SQL-Injection vulnerability in Grayscale Blog

SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php.

7.5
2007-03-13 CVE-2007-1432 Grayscale Input Validation vulnerability in Grayscale Blog

Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.

7.5
2007-03-13 CVE-2007-1430 Clip Share Remote File Include vulnerability in Clip-Share Clipshare 1.5.3

PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter.

7.5
2007-03-13 CVE-2007-1429 Moodle Remote Security vulnerability in Moodle 1.7.1

Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.

7.5
2007-03-13 CVE-2007-1428 PHP Labs SQL injection vulnerability in PHP Labs Jobsitepro 1.0

SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.

7.5
2007-03-13 CVE-2007-1425 Triexa SQL injection vulnerability in Triexa SonicMailer Pro

SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.

7.5
2007-03-13 CVE-2007-1424 Softnews Media Group Remote File Include vulnerability in Softnews Media Group Datalife Engine 4.1/5.5

Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php.

7.5
2007-03-13 CVE-2007-1422 Duyuru Scripti SQL injection vulnerability in Duyuru Scripti Goster.ASP

SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.

7.5
2007-03-12 CVE-2007-1417 HC Design SQL Injection vulnerability in HC Design NewsSystem

SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.

7.5
2007-03-12 CVE-2007-1415 PMB Services Code Injection vulnerability in PMB Services PMB Services

Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php.

7.5
2007-03-12 CVE-2007-1413 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

7.5
2007-03-14 CVE-2007-1442 Oracle Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

7.2
2007-03-12 CVE-2007-1000 Linux Information Disclosure vulnerability in Linux Kernel IPV6_Getsockopt_Sticky Memory Leak

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.

7.2
2007-03-16 CVE-2007-1492 Microsoft Remote Denial of Service vulnerability in Microsoft Windows WinMM.DLL WAV Files

winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.

7.1

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-13 CVE-2007-0724 Apple Applications Multiple vulnerability in Apple Mac OS X

The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.

6.9
2007-03-16 CVE-2007-1494 Nukescripts Cross-Site Scripting vulnerability in NukeSentinel

Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://".

6.8
2007-03-16 CVE-2007-1489 WEB APP ORG Cross-Site Request Forgery (CSRF) vulnerability in Web-App.Org Webapp 0.9.9.4/0.9.9.5/0.9.9.6

Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability.

6.8
2007-03-16 CVE-2007-1474 Horde Unspecified vulnerability in Horde Application Framework and IMP

Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames.

6.8
2007-03-16 CVE-2007-1472 T Systems Solutions FOR Research Gmbh Code Injection vulnerability in T-Systems Solutions for Research Gmbh Groupit 2.00B5

Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.

6.8
2007-03-16 CVE-2007-1470 Netsw Buffer Errors vulnerability in Netsw Libftp 5.0

Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function.

6.8
2007-03-16 CVE-2007-1466 Sourceforge Numeric Errors vulnerability in Sourceforge Wordperfect Document Importer-Exporter

Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.

6.8
2007-03-14 CVE-2007-1459 Webcreator Remote File Include vulnerability in WebCreator

Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.

6.8
2007-03-14 CVE-2007-1458 Care2X Remote File Include vulnerability in Care2X 1.1

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.

6.8
2007-03-13 CVE-2007-0730 Apple Applications Multiple vulnerability in Apple Mac OS X

Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.

6.8
2007-03-13 CVE-2007-0722 Apple Applications Multiple vulnerability in Apple Mac OS X

Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

6.8
2007-03-13 CVE-2007-0721 Apple Applications Multiple vulnerability in Apple Mac OS X

Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

6.8
2007-03-13 CVE-2007-0719 Apple Applications Multiple vulnerability in Apple Mac OS X

Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

6.8
2007-03-13 CVE-2007-1387 Mplayer Remote Buffer Overflow vulnerability in Xine DirectShow Loader

The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.

6.8
2007-03-14 CVE-2007-1451 Guppy Remote Security vulnerability in Guppy 4.0

GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php).

6.4
2007-03-16 CVE-2007-1490 Avaya Remote Security vulnerability in Communication Manager

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection").

6.0
2007-03-16 CVE-2007-1475 PHP Remote Buffer Overflow vulnerability in PHP Interbase Extension

Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument.

5.4
2007-03-16 CVE-2007-1491 Avaya Remote Security vulnerability in S8500

Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.

5.2
2007-03-16 CVE-2007-1497 Linux Unspecified vulnerability in Linux Kernel

nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

5.0
2007-03-16 CVE-2007-0450 Apache Path Traversal vulnerability in Apache Http Server and Tomcat

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a ..

5.0
2007-03-16 CVE-2007-1487 Cyber Inside
Cyberteddy
Sascha Schroeder
Local File Include vulnerability in Cyber-Inside WebLog

Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a ..

5.0
2007-03-16 CVE-2007-1478 Mcgallery Improper Input Validation vulnerability in Mcgallery 0.5B

download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter.

5.0
2007-03-14 CVE-2007-1460 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

5.0
2007-03-14 CVE-2007-1452 PHP Unspecified vulnerability in PHP

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

5.0
2007-03-13 CVE-2007-0726 Apple Applications Multiple vulnerability in Apple Mac OS X

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

5.0
2007-03-13 CVE-2007-0720 Cups
Apple
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.
5.0
2007-03-13 CVE-2007-1427 Assetman Directory Traversal vulnerability in AssetMan PDF_File Parameter

Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a ..

5.0
2007-03-16 CVE-2007-1496 Linux NULL Pointer Dereference vulnerability in Linux Kernel Netfilter NFNetLink_Log

nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference.

4.9
2007-03-16 CVE-2007-1495 Symantec Local Denial of Service vulnerability in Symantec Norton Personal Firewall 20069.1.1.7

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.

4.9
2007-03-16 CVE-2007-1484 PHP Unspecified vulnerability in PHP

The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.

4.6
2007-03-14 CVE-2007-1444 Netperf Unspecified vulnerability in Netperf 2.4.3

netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.

4.4
2007-03-13 CVE-2007-0728 Apple Applications Multiple vulnerability in Apple Mac OS X

Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

4.4
2007-03-17 CVE-2007-1499 Microsoft Cross-Site Scripting vulnerability in Microsoft IE 7.0

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

4.3
2007-03-16 CVE-2007-1482 Liqua Cross-Site Scripting vulnerability in Liqua Wbblog

Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.

4.3
2007-03-16 CVE-2007-1479 Creative Guestbook Cross-Site Scripting vulnerability in Creative Guestbook Creative Guestbook 1.0

Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

4.3
2007-03-16 CVE-2007-1473 Horde Cross-Site Scripting vulnerability in Horde Framework Login.PHP

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.

4.3
2007-03-16 CVE-2007-1468 IBM Cross-Site Scripting vulnerability in IBM Rational Clearquest 7.0.0.0

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.

4.3
2007-03-16 CVE-2007-1278 Microsoft
Adobe
Denial Of Service vulnerability in Adobe Coldfusion and Jrun

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

4.3
2007-03-15 CVE-2007-1462 Redhat
Conga
Remote Security vulnerability in Conga

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the web page.

4.3
2007-03-14 CVE-2007-1454 PHP Unspecified vulnerability in PHP 5.2.0

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b.

4.3
2007-03-14 CVE-2007-1449 Phpnuke Local File Include and SQL Injection vulnerability in PHP-Nuke Lang Parameter

Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a ..

4.3
2007-03-14 CVE-2007-1443 Woltlab Cross-Site Scripting vulnerability in Woltlab Burning Board and Burning Board Lite

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters.

4.3
2007-03-14 CVE-2007-1441 RIM Improper Input Validation vulnerability in RIM Blackberry, Blackberry 8100 and Blackberry Browser

The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page.

4.3
2007-03-13 CVE-2007-1433 Grayscale Cross-Site Scripting vulnerability in Grayscale Blog

Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.

4.3
2007-03-12 CVE-2007-1419 SUN Local Unauthorized Access vulnerability in SUN Java Dynamic Management KIT 5.1

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user.

4.3
2007-03-12 CVE-2007-1418 Mindtouch Cross-Site Scripting vulnerability in Mindtouch Dekiwiki Gooseberry

Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-16 CVE-2007-1467 Cisco Cross-Site Scripting vulnerability in Multiple Cisco Products Online Help

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form.

3.5
2007-03-16 CVE-2007-1448 Broadcom Unspecified vulnerability in Broadcom Brightstor Arcserve Backup

The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.

2.1
2007-03-12 CVE-2007-1420 Mysql
Oracle
Remote Denial Of Service vulnerability in MySQL Single Row SubSelect

MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.

2.1
2007-03-16 CVE-2007-1476 Symantec Improper Input Validation vulnerability in Symantec products

The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.

1.9