Weekly Vulnerabilities Reports > March 12 to 18, 2007
Overview
95 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 108 products from 67 vendors including Apple, PHP, Linux, Microsoft, and Grayscale. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Code Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Permissions, Privileges, and Access Controls".
- 81 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 88 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-16 | CVE-2007-1447 | Broadcom | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC procedure arguments, which result in memory corruption, a different vulnerability than CVE-2006-6076. | 10.0 |
2007-03-16 | CVE-2007-1486 | Carbonize | Remote Security vulnerability in Lazarus Guestbook PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to admin.php, probably due to a dynamic variable evaluation vulnerability. | 10.0 |
2007-03-14 | CVE-2007-1457 | Christian Scheurer | Buffer Overflow vulnerability in Unrarlib URarLib_Get Function Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument. | 10.0 |
2007-03-13 | CVE-2007-1435 | D Link | Remote Buffer Overflow vulnerability in D-Link Tftp Server 1.0 Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. | 10.0 |
2007-03-13 | CVE-2007-1421 | Premod Subdog | Remote File Include vulnerability in Premod Subdog Premod Subdog 2 Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions_kb.php, (2) themen_portal_mitte.php, or (3) logger_engine.php in includes/. | 10.0 |
2007-03-12 | CVE-2007-1416 | Jccorp | Remote File Include vulnerability in Jccorp Urlshrink 1.3.1 PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter. | 10.0 |
2007-03-12 | CVE-2007-1414 | Coppermine | Remote File Include vulnerability in Retired: Coppermine Photo Gallery Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php. | 10.0 |
2007-03-16 | CVE-2007-1498 | Mcafee | Remote Buffer Overflow vulnerability in Mcafee Epolicy Orchestrator and Protectionpilot Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ActiveX control (SiteManager.dll) in the ePO management console in McAfee ePolicy Orchestrator (ePO) before 3.6.1 Patch 1 and ProtectionPilot (PRP) before 1.5.0 HotFix allow remote attackers to execute arbitrary code via a long argument to the (1) ExportSiteList and (2) VerifyPackageCatalog functions, and (3) unspecified vectors involving a swprintf function call. | 9.3 |
2007-03-16 | CVE-2007-0002 | Libwpd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libwpd Library 0.8.2/0.8.6/0.8.7 Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. | 9.3 |
2007-03-13 | CVE-2007-1439 | Bitesser | Remote File Include vulnerability in MySQL Commander PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter. | 9.3 |
2007-03-13 | CVE-2007-0733 | Apple | Applications Multiple vulnerability in Apple Mac OS X Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption. | 9.3 |
2007-03-13 | CVE-2007-0731 | Apple | Applications Multiple vulnerability in Apple Mac OS X Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL. | 9.3 |
2007-03-13 | CVE-2007-1423 | Work System E Commerce | Remote File Include vulnerability in Work System ECommerce Include_Top.PHP Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to include/include_top.php and certain other PHP scripts. | 9.3 |
2007-03-14 | CVE-2007-1455 | Cpanel Host | File-Upload vulnerability in Fantastico De Luxe Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files. | 9.0 |
2007-03-13 | CVE-2007-1437 | Ledgersmb SQL Ledger | Remote Security vulnerability in LedgerSMB Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | 9.0 |
33 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-13 | CVE-2007-0723 | Apple | Applications Multiple vulnerability in Apple Mac OS X Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | 8.5 |
2007-03-14 | CVE-2007-1461 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | 7.8 |
2007-03-13 | CVE-2007-1431 | Pennmush | Command Denial Of Service vulnerability in Pennmush 1.8.2/1.8.3 Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 and 1.8.2 before 1.8.2p3 allow attackers to cause a denial of service (crash) related to the (1) speak and (2) buy functions. | 7.8 |
2007-03-13 | CVE-2007-1426 | Astrocam | Improper Input Validation vulnerability in Astrocam The web interface in AstroCam 2.0.0 through 2.6.5 allows remote attackers to cause a denial of service (daemon shutdown) via requests that contain a large amount of data in the "a" variable, which "fills up the message queue." | 7.8 |
2007-03-12 | CVE-2007-1412 | PHP | Local Information Disclosure vulnerability in PHP 4.4.6 The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument. | 7.8 |
2007-03-16 | CVE-2007-1493 | Nukescripts | SQL-Injection vulnerability in NukeSentinel nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive regular expression to validate an IP address, which allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, due to an incomplete patch for CVE-2007-1172. | 7.5 |
2007-03-16 | CVE-2007-1488 | SUN | Unauthorized Access vulnerability in SUN Java System web Server 6.0/6.1 Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application. | 7.5 |
2007-03-16 | CVE-2007-1483 | K5N | Code Injection vulnerability in K5N Webcalendar 0.9.45 Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php. | 7.5 |
2007-03-16 | CVE-2007-1481 | Wbblog | Input Validation vulnerability in WBBlog SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd. | 7.5 |
2007-03-16 | CVE-2007-1480 | Creative Guestbook | Improper Authentication vulnerability in Creative Guestbook Creative Guestbook 1.0 Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. | 7.5 |
2007-03-16 | CVE-2007-1471 | Orion Blog | Security Bypass vulnerability in Orion-Blog 2.0 admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp. | 7.5 |
2007-03-16 | CVE-2007-1469 | Xigla | SQL Injection vulnerability in Xigla Absolute Image Gallery XE 2.0 SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | 7.5 |
2007-03-14 | CVE-2007-1453 | PHP | Remote Buffer Overflow vulnerability in PHP 5.2.0 Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer. | 7.5 |
2007-03-14 | CVE-2007-1450 | Phpnuke | SQL-Injection vulnerability in Php-Nuke SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter. | 7.5 |
2007-03-14 | CVE-2007-1446 | Danny HO | Code Injection vulnerability in Danny HO OES 0.1 Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/. | 7.5 |
2007-03-14 | CVE-2007-1445 | Betaparticle | SQL-Injection vulnerability in Betaparticle Blog 7.0 SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter. | 7.5 |
2007-03-13 | CVE-2007-1440 | Jgbbs | SQL injection vulnerability in Jgbbs 3.0 SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter. | 7.5 |
2007-03-13 | CVE-2007-1438 | X ICE | SQL Injection vulnerability in X-Ice News System 1.0 SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-03-13 | CVE-2007-1436 | Ledgersmb SQL Ledger | Password Check vulnerability in LedgerSMB Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | 7.5 |
2007-03-13 | CVE-2007-1434 | Grayscale | SQL-Injection vulnerability in Grayscale Blog SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id and (2) url parameter to (b) jump.php, and id variable to (c) detail.php. | 7.5 |
2007-03-13 | CVE-2007-1432 | Grayscale | Input Validation vulnerability in Grayscale Blog Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php. | 7.5 |
2007-03-13 | CVE-2007-1430 | Clip Share | Remote File Include vulnerability in Clip-Share Clipshare 1.5.3 PHP remote file inclusion vulnerability in include/adodb-connection.inc.php in ClipShare 1.5.3 allows remote attackers to execute arbitrary PHP code via a URL in the cmd parameter. | 7.5 |
2007-03-13 | CVE-2007-1429 | Moodle | Remote Security vulnerability in Moodle 1.7.1 Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php. | 7.5 |
2007-03-13 | CVE-2007-1428 | PHP Labs | SQL injection vulnerability in PHP Labs Jobsitepro 1.0 SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter. | 7.5 |
2007-03-13 | CVE-2007-1425 | Triexa | SQL injection vulnerability in Triexa SonicMailer Pro SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action. | 7.5 |
2007-03-13 | CVE-2007-1424 | Softnews Media Group | Remote File Include vulnerability in Softnews Media Group Datalife Engine 4.1/5.5 Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. | 7.5 |
2007-03-13 | CVE-2007-1422 | Duyuru Scripti | SQL injection vulnerability in Duyuru Scripti Goster.ASP SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688. | 7.5 |
2007-03-12 | CVE-2007-1417 | HC Design | SQL Injection vulnerability in HC Design NewsSystem SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion. | 7.5 |
2007-03-12 | CVE-2007-1415 | PMB Services | Code Injection vulnerability in PMB Services PMB Services Multiple PHP remote file inclusion vulnerabilities in PMB Services 3.0.13 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path parameter to (a) includes/resa_func.inc.php (b) admin/notices/perso.inc.php, or (c) admin/quotas/main.inc.php; the (2) base_path parameter to (d) opac_css/rec_panier.php or (e) opac_css/includes/author_see.inc.php; or the (3) include_path parameter to (f) bull_info.inc.php or (g) misc.inc.php in includes/; (h) options_date_box.php, (i) options_file_box.php, (j) options_list.php, (k) options_query_list.php, or (l) options_text.php in includes/options/; (m) options.php, (n) options_comment.php, (o) options_date_box.php, (p) options_list.php, (q) options_query_list.php, or (r) options_text.php in includes/options_empr/; or (s) admin/import/iimport_expl.php, (t) admin/netbase/clean.php, (u) admin/param/param_func.inc.php, (v) admin/sauvegarde/lieux.inc.php, (w) autorites.php, (x) account.php, (y) cart.php, or (z) edit.php. | 7.5 |
2007-03-12 | CVE-2007-1413 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id). | 7.5 |
2007-03-14 | CVE-2007-1442 | Oracle | Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3 Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges. | 7.2 |
2007-03-12 | CVE-2007-1000 | Linux | Information Disclosure vulnerability in Linux Kernel IPV6_Getsockopt_Sticky Memory Leak The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference. | 7.2 |
2007-03-16 | CVE-2007-1492 | Microsoft | Remote Denial of Service vulnerability in Microsoft Windows WinMM.DLL WAV Files winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file. | 7.1 |
43 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-13 | CVE-2007-0724 | Apple | Applications Multiple vulnerability in Apple Mac OS X The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console. | 6.9 |
2007-03-16 | CVE-2007-1494 | Nukescripts | Cross-Site Scripting vulnerability in NukeSentinel Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and http://". | 6.8 |
2007-03-16 | CVE-2007-1489 | WEB APP ORG | Cross-Site Request Forgery (CSRF) vulnerability in Web-App.Org Webapp 0.9.9.4/0.9.9.5/0.9.9.6 Unspecified vulnerability in web-app.org Web Automated Perl Portal (WebAPP) 0.9.9.4 to 0.9.9.6 allows remote attackers to obtain admin access by modifying cookies and performing "certain consecutive actions," possibly due to a cross-site request forgery (CSRF) vulnerability. | 6.8 |
2007-03-16 | CVE-2007-1474 | Horde | Unspecified vulnerability in Horde Application Framework and IMP Argument injection vulnerability in the cleanup cron script in Horde Project Horde and IMP before Horde Application Framework 3.1.4 allows local users to delete arbitrary files and possibly gain privileges via multiple space-delimited pathnames. | 6.8 |
2007-03-16 | CVE-2007-1472 | T Systems Solutions FOR Research Gmbh | Code Injection vulnerability in T-Systems Solutions for Research Gmbh Groupit 2.00B5 Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files. | 6.8 |
2007-03-16 | CVE-2007-1470 | Netsw | Buffer Errors vulnerability in Netsw Libftp 5.0 Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote attackers to execute arbitrary code via certain long arguments to the (1) FtpArchie, (2) FtpDebugDebug, (3) FtpOpenDir, (4) FtpSize, or (5) FtpChmod function. | 6.8 |
2007-03-16 | CVE-2007-1466 | Sourceforge | Numeric Errors vulnerability in Sourceforge Wordperfect Document Importer-Exporter Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002. | 6.8 |
2007-03-14 | CVE-2007-1459 | Webcreator | Remote File Include vulnerability in WebCreator Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files. | 6.8 |
2007-03-14 | CVE-2007-1458 | Care2X | Remote File Include vulnerability in Care2X 1.1 Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files. | 6.8 |
2007-03-13 | CVE-2007-0730 | Apple | Applications Multiple vulnerability in Apple Mac OS X Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. | 6.8 |
2007-03-13 | CVE-2007-0722 | Apple | Applications Multiple vulnerability in Apple Mac OS X Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image. | 6.8 |
2007-03-13 | CVE-2007-0721 | Apple | Applications Multiple vulnerability in Apple Mac OS X Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption. | 6.8 |
2007-03-13 | CVE-2007-0719 | Apple | Applications Multiple vulnerability in Apple Mac OS X Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | 6.8 |
2007-03-14 | CVE-2007-1451 | Guppy | Remote Security vulnerability in Guppy 4.0 GuppY 4.0 allows remote attackers to delete arbitrary files via a direct request to install/install.php, then selecting "Installation propre" (cleanup.php) and then "Suppression des fichiers d'installation" (delete.php). | 6.4 |
2007-03-16 | CVE-2007-1490 | Avaya | Remote Security vulnerability in Communication Manager Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors (aka "shell command injection"). | 6.0 |
2007-03-16 | CVE-2007-1475 | PHP | Remote Buffer Overflow vulnerability in PHP Interbase Extension Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. | 5.4 |
2007-03-16 | CVE-2007-1491 | Avaya | Remote Security vulnerability in S8500 Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties. | 5.2 |
2007-03-16 | CVE-2007-1497 | Linux | Unspecified vulnerability in Linux Kernel nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments. | 5.0 |
2007-03-16 | CVE-2007-1487 | Cyber Inside Cyberteddy Sascha Schroeder | Local File Include vulnerability in Cyber-Inside WebLog Directory traversal vulnerability in index.php in Sascha Schroeder (aka CyberTeddy or Cyber-inside) WebLog allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-16 | CVE-2007-1478 | Mcgallery | Improper Input Validation vulnerability in Mcgallery 0.5B download.php in McGallery 0.5b allows remote attackers to read arbitrary files and obtain script source code via the filename parameter. | 5.0 |
2007-03-14 | CVE-2007-1460 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories. | 5.0 |
2007-03-14 | CVE-2007-1452 | PHP | Unspecified vulnerability in PHP The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST. | 5.0 |
2007-03-13 | CVE-2007-0726 | Apple | Applications Multiple vulnerability in Apple Mac OS X The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys. | 5.0 |
2007-03-13 | CVE-2007-0720 | Cups Apple | The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. | 5.0 |
2007-03-13 | CVE-2007-1427 | Assetman | Directory Traversal vulnerability in AssetMan PDF_File Parameter Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-03-16 | CVE-2007-1496 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel Netfilter NFNetLink_Log nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using "multiple packets per netlink message", and (3) bridged packets, which trigger a NULL pointer dereference. | 4.9 |
2007-03-16 | CVE-2007-1495 | Symantec | Local Denial of Service vulnerability in Symantec Norton Personal Firewall 20069.1.1.7 The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855. | 4.9 |
2007-03-16 | CVE-2007-1484 | PHP | Unspecified vulnerability in PHP The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called. | 4.6 |
2007-03-14 | CVE-2007-1444 | Netperf | Unspecified vulnerability in Netperf 2.4.3 netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug. | 4.4 |
2007-03-13 | CVE-2007-0728 | Apple | Applications Multiple vulnerability in Apple Mac OS X Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files. | 4.4 |
2007-03-17 | CVE-2007-1499 | Microsoft | Cross-Site Scripting vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | 4.3 |
2007-03-16 | CVE-2007-1482 | Liqua | Cross-Site Scripting vulnerability in Liqua Wbblog Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd. | 4.3 |
2007-03-16 | CVE-2007-1479 | Creative Guestbook | Cross-Site Scripting vulnerability in Creative Guestbook Creative Guestbook 1.0 Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | 4.3 |
2007-03-16 | CVE-2007-1473 | Horde | Cross-Site Scripting vulnerability in Horde Framework Login.PHP Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php. | 4.3 |
2007-03-16 | CVE-2007-1468 | IBM | Cross-Site Scripting vulnerability in IBM Rational Clearquest 7.0.0.0 Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. | 4.3 |
2007-03-16 | CVE-2007-1278 | Microsoft Adobe | Denial Of Service vulnerability in Adobe Coldfusion and Jrun Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. | 4.3 |
2007-03-14 | CVE-2007-1454 | PHP | Unspecified vulnerability in PHP 5.2.0 ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by certain whitespace characters, which passes one filter but is collapsed into a valid tag, as demonstrated using %0b. | 4.3 |
2007-03-14 | CVE-2007-1449 | Phpnuke | Local File Include and SQL Injection vulnerability in PHP-Nuke Lang Parameter Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to read arbitrary files via a .. | 4.3 |
2007-03-14 | CVE-2007-1443 | Woltlab | Cross-Site Scripting vulnerability in Woltlab Burning Board and Burning Board Lite Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters. | 4.3 |
2007-03-14 | CVE-2007-1441 | RIM | Improper Input Validation vulnerability in RIM Blackberry, Blackberry 8100 and Blackberry Browser The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 (Pearl) before 4.2.1 allows remote attackers to cause a denial of service (temporary functionality loss) via a long href attribute in a link in a WML page. | 4.3 |
2007-03-13 | CVE-2007-1433 | Grayscale | Cross-Site Scripting vulnerability in Grayscale Blog Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php. | 4.3 |
2007-03-12 | CVE-2007-1419 | SUN | Local Unauthorized Access vulnerability in SUN Java Dynamic Management KIT 5.1 The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol (JMX RMI-IIOP) API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server application accessed by a privileged remote authenticated user. | 4.3 |
2007-03-12 | CVE-2007-1418 | Mindtouch | Cross-Site Scripting vulnerability in Mindtouch Dekiwiki Gooseberry Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-16 | CVE-2007-1467 | Cisco | Cross-Site Scripting vulnerability in Multiple Cisco Products Online Help Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage, Unified Videoconferencing 35xx products, Unified Videoconferencing Manager, WAN Manager, Security Device Manager, Network Analysis Module (NAM), CiscoWorks and related products, Wireless LAN Solution Engine (WLSE), 2006 Wireless LAN Controllers (WLC), and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via the text field of the search form. | 3.5 |
2007-03-16 | CVE-2007-1448 | Broadcom | Unspecified vulnerability in Broadcom Brightstor Arcserve Backup The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function. | 2.1 |
2007-03-12 | CVE-2007-1420 | Mysql Oracle | Remote Denial Of Service vulnerability in MySQL Single Row SubSelect MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. | 2.1 |
2007-03-16 | CVE-2007-1476 | Symantec | Improper Input Validation vulnerability in Symantec products The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. | 1.9 |