Weekly Vulnerabilities Reports > March 19 to 25, 2007
Overview
172 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 144 products from 122 vendors including Microsoft, PHP, W Agora, Radscan, and Mandrakesoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "SQL Injection", "Improper Input Validation", and "Code Injection".
- 166 reported vulnerabilities are remotely exploitables.
- 52 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 163 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 14 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
37 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-24 | CVE-2007-1666 | Datarescue | Improper Input Validation vulnerability in Datarescue IDA PRO 5.0/5.1 The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions. | 10.0 |
2007-03-24 | CVE-2007-1465 | Dproxy | Buffer-Overflow vulnerability in DProxy Stack-Based Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53. | 10.0 |
2007-03-24 | CVE-2007-1655 | Tinymux | Buffer Overflow vulnerability in Tinymux 2.4 Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers. | 10.0 |
2007-03-24 | CVE-2007-1645 | Microsoft Futuresoft | Remote Security vulnerability in TFTP Server 2000 Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. | 10.0 |
2007-03-24 | CVE-2007-1644 | Microsoft | Denial-Of-Service vulnerability in Microsoft ALL Windows Abstractcpe The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution). | 10.0 |
2007-03-24 | CVE-2007-1643 | LAN Management System | Code Injection vulnerability in LAN Management System LAN Management System Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php. | 10.0 |
2007-03-23 | CVE-2007-1640 | Classweb | Remote File Include vulnerability in ClassWeb Language.PHP Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php. | 10.0 |
2007-03-23 | CVE-2007-1621 | Lbstone | Remote File Include vulnerability in Active PHP Bookmarks Head.PHP PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. | 10.0 |
2007-03-23 | CVE-2007-1620 | PHP DB Designer | Remote Security vulnerability in Php Db Designer Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php. | 10.0 |
2007-03-21 | CVE-2007-1587 | TIM Soderstrom | Remote Security vulnerability in TIM Soderstrom Statsdawg 0.92 templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter. | 10.0 |
2007-03-21 | CVE-2007-1579 | Atrium Software | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Atrium Software Mercur Imapd and Mercur Messaging 2005 Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command. | 10.0 |
2007-03-21 | CVE-2007-1578 | Atrium Software | Buffer Overflow vulnerability in Atrium Software Mercur Imapd 5.00.14 Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow. | 10.0 |
2007-03-21 | CVE-2007-1569 | Newsbin PRO | Buffer Overflow vulnerability in Newsbin PRO Newsbin PRO 4.3.2 Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. | 10.0 |
2007-03-21 | CVE-2007-1568 | Daansystems | Remote Security vulnerability in Daansystems Newsreactor 20070221 Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename. | 10.0 |
2007-03-21 | CVE-2007-1567 | WAR FTP Daemon | Buffer-Overflow vulnerability in WarFTP Username Stack-Based Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity. | 10.0 |
2007-03-21 | CVE-2006-7174 | Phpbb | Remote Security vulnerability in Dimension PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 10.0 |
2007-03-20 | CVE-2007-1543 | Mandrakesoft Radscan | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection. | 10.0 |
2007-03-20 | CVE-2006-7173 | PHP Stats | Remote Security vulnerability in PHP-Stats Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php. | 10.0 |
2007-03-20 | CVE-2007-1512 | Microsoft | Denial-Of-Service vulnerability in Visual Studio .NET Professional Edition Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025. | 10.0 |
2007-03-19 | CVE-2007-1319 | Takebishi Corporation | Unspecified vulnerability in Takebishi Corporation Devicexplorer OPC Server 3.12Build1 Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. | 10.0 |
2007-03-24 | CVE-2007-1658 | Microsoft | Local File Execution vulnerability in Microsoft Windows Vista Windows Mail Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe). | 9.3 |
2007-03-23 | CVE-2007-1637 | Ipswitch | Remote Security vulnerability in Imail Premium Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. | 9.3 |
2007-03-23 | CVE-2007-1628 | Studiewijzer | Remote File Include vulnerability in Studiewijzer 0.13/0.14/0.15 Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files. | 9.3 |
2007-03-23 | CVE-2007-1626 | PHP Nuke | Remote File Include vulnerability in PHP-Nuke IFrame Module IFrame.PHP PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | 9.3 |
2007-03-23 | CVE-2007-1614 | Zziplib | Stack Buffer Overflow vulnerability in ZZipLib ZZip_Open_Shared_IO Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. | 9.3 |
2007-03-22 | CVE-2007-1600 | Digital EYE Gallery | Remote File Include vulnerability in Digital Eye Gallery Module.PHP PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | 9.3 |
2007-03-22 | CVE-2007-1596 | Joomla Mambo | Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | 9.3 |
2007-03-21 | CVE-2007-1581 | PHP | Code Injection vulnerability in PHP The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. | 9.3 |
2007-03-21 | CVE-2007-0654 | X Multimedia System | Integer Overflow And Underflow vulnerability in X Multimedia System X Multimedia System 1.2.10 Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow. | 9.3 |
2007-03-21 | CVE-2007-0653 | Linux X Multimedia System | Integer Overflow And Underflow vulnerability in X Multimedia System X Multimedia System 1.2.10 Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption. | 9.3 |
2007-03-21 | CVE-2007-0348 | Interactual Technologies Intervideo Roxio | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property. | 9.3 |
2007-03-21 | CVE-2007-0239 | Openoffice | Remote Shell Command Execution vulnerability in OpenOffice Meta Character OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | 9.3 |
2007-03-21 | CVE-2007-0238 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note. | 9.3 |
2007-03-20 | CVE-2007-1536 | File | Numeric Errors vulnerability in File Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. | 9.3 |
2007-03-20 | CVE-2007-1534 | Microsoft | Remote Security vulnerability in Windows Vista DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window. | 9.3 |
2007-03-19 | CVE-2007-1501 | Avant Force | Stack Buffer Overflow vulnerability in Avant Force Avant Browser 11.0Build26 Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header. | 9.3 |
2007-03-23 | CVE-2007-1635 | NET Portal Dynamic System | Remote Security vulnerability in Net Portal Dynamic System Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php. | 9.0 |
57 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-24 | CVE-2007-1653 | Glowworm | Denial-Of-Service vulnerability in Glowworm GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses. | 7.8 |
2007-03-24 | CVE-2007-1650 | Pcapsipdump | Denial-Of-Service vulnerability in Pcapsipdump 0.1.1 pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference. | 7.8 |
2007-03-24 | CVE-2007-1649 | PHP | Unspecified vulnerability in PHP 5.2.1 PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed. | 7.8 |
2007-03-24 | CVE-2007-1648 | Dev0 DE | Remote Denial of Service vulnerability in Dev0.De 0Irc 1345Build20060823 0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference. | 7.8 |
2007-03-24 | CVE-2007-1647 | Moodle | Information Disclosure vulnerability in Moodle Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/. | 7.8 |
2007-03-22 | CVE-2007-1594 | Asterisk | Remote Denial of Service vulnerability in Asterisk SIP Channel Driver Response Code Zero The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. | 7.8 |
2007-03-22 | CVE-2007-1591 | Trend Micro | Denial-Of-Service vulnerability in Trend Micro Trend Micro Antivirus 14.10.1041 VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error. | 7.8 |
2007-03-21 | CVE-2007-1590 | Grandstream | Remote Denial of Service vulnerability in Grandstream Budgetone 200 1.1.1.14/1.1.1.5 The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain. | 7.8 |
2007-03-21 | CVE-2007-1586 | Zyxel | Denial of Service vulnerability in Zyxel Zynos 3.40 ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol. | 7.8 |
2007-03-21 | CVE-2007-1565 | KDE | Denial-Of-Service vulnerability in KDE Konqueror 3.5.5 Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | 7.8 |
2007-03-21 | CVE-2007-1561 | Asterisk | Remote Denial of Service vulnerability in Asterisk SIP Invite Message The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address. | 7.8 |
2007-03-20 | CVE-2007-1547 | Mandrakesoft Radscan | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference. | 7.8 |
2007-03-24 | CVE-2007-1657 | Python Software Foundation | Buffer Overflow vulnerability in Python Software Foundation Python 2.5 Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument. | 7.5 |
2007-03-24 | CVE-2007-1656 | Katalog Plyt Audio | SQL-Injection vulnerability in Katalog Plyt Audio Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612. | 7.5 |
2007-03-24 | CVE-2007-1652 | Openid | Remote Security vulnerability in OpenID OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens. | 7.5 |
2007-03-23 | CVE-2007-1641 | Portailphp | SQL Injection vulnerability in Portailphp 2.0 SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter. | 7.5 |
2007-03-23 | CVE-2007-1636 | Roseonlinecms | Local File Include vulnerability in Roseonlinecms 3B1 Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. | 7.5 |
2007-03-23 | CVE-2007-1634 | NET Portal Dynamic System | SQL-Injection vulnerability in Net Portal Dynamic System Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation. | 7.5 |
2007-03-23 | CVE-2007-1633 | Giorgio Ciranni | Local File Include vulnerability in Giorgio Ciranni Splatt Forum 4.0Rc1 Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-03-23 | CVE-2007-1632 | Typolight | Remote Security vulnerability in Typolight Webcms Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole." | 7.5 |
2007-03-23 | CVE-2007-1630 | Active WEB Softwares | SQL Injection vulnerability in Active Link Engine Default.ASP SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-23 | CVE-2007-1629 | Active WEB Softwares | SQL Injection vulnerability in Active web Softwares Active Photo Gallery 6.2 SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-23 | CVE-2007-1624 | Realguestbook | SQL Injection and Cross-Site Scripting vulnerability in Realguestbook 5.01 Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files. | 7.5 |
2007-03-23 | CVE-2007-1619 | Scriptmagix | SQL Injection vulnerability in ScriptMagix Photo Rating ViewComments.PHP SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter. | 7.5 |
2007-03-23 | CVE-2007-1618 | Scriptmagix | SQL-Injection vulnerability in Scriptmagix Faq Builder SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-23 | CVE-2007-1617 | Scriptmagix | SQL-Injection vulnerability in Scriptmagix Recipes SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-23 | CVE-2007-1616 | Scriptmagix | SQL Injection vulnerability in ScriptMagix Lyrics SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter. | 7.5 |
2007-03-23 | CVE-2007-1615 | Scriptmagix | SQL Injection vulnerability in Multiple ScriptMagix Products SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-23 | CVE-2007-1613 | MPM Chat | Local File Include vulnerability in MPM Chat MPM Chat 2.5 Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-03-23 | CVE-2007-1612 | Katalog Plyt Audio | SQL Injection vulnerability in Katalog Plyt Audio SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter. | 7.5 |
2007-03-22 | CVE-2007-1608 | IBM | HTTP Response Splitting vulnerability in IBM WebSphere Application Server CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. | 7.5 |
2007-03-22 | CVE-2007-1604 | W Agora | Arbitrary File Upload vulnerability in W-Agora 4.2.1 Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. | 7.5 |
2007-03-22 | CVE-2007-1603 | Weekly Drawing Contest | Security Bypass vulnerability in Weekly Drawing Contest Weekly Drawing Contest 0.0.1 admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request. | 7.5 |
2007-03-22 | CVE-2007-1602 | Weekly Drawing Contest | SQL-Injection vulnerability in Weekly Drawing Contest Weekly Drawing Contest 0.0.1 SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
2007-03-22 | CVE-2007-1595 | Asterisk | Unspecified vulnerability in Asterisk 1.2.13 The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form. | 7.5 |
2007-03-21 | CVE-2007-1588 | Myserver | Remote Security vulnerability in Myserver 0.8.5 server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges. | 7.5 |
2007-03-21 | CVE-2007-1575 | Phprojekt | SQL Injection vulnerability in PHProjekt Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out. | 7.5 |
2007-03-21 | CVE-2007-1566 | Netvios | SQL Injection vulnerability in NetVios Portal Page.ASP SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. | 7.5 |
2007-03-21 | CVE-2007-1313 | Netxautomation | Improper Input Validation vulnerability in Netxautomation Netxeib 3.0 NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory. | 7.5 |
2007-03-21 | CVE-2007-1556 | Thecreativeheads DE | SQL injection vulnerability in Thecreativeheads.De Creative Files 1.2 SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter. | 7.5 |
2007-03-20 | CVE-2007-1555 | Minerva | SQL Injection vulnerability in Minerva Forum.PHP SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
2007-03-20 | CVE-2007-1552 | Metaforum | Unspecified vulnerability in Metaforum 0.513Beta Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php. | 7.5 |
2007-03-20 | CVE-2007-1550 | Phpx | SQL-Injection vulnerability in PHPX Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php. | 7.5 |
2007-03-20 | CVE-2007-1548 | Webwizguide | SQL Injection vulnerability in Webwizguide web WIZ Forums SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. | 7.5 |
2007-03-20 | CVE-2006-7172 | PHP Stats | SQL-Injection vulnerability in PHP-Stats Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter. | 7.5 |
2007-03-20 | CVE-2007-1535 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo. | 7.5 |
2007-03-20 | CVE-2007-1523 | Netbsd | Local Buffer Overflow vulnerability in Netbsd 3.0 Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. | 7.5 |
2007-03-20 | CVE-2007-1518 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board UserGroups.PHP SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array. | 7.5 |
2007-03-20 | CVE-2007-1517 | Paul Knierim | SQL injection vulnerability in Paul Knierim WSN Guest 1.21 SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-03-20 | CVE-2007-1510 | Particle Blogger | SQL Injection vulnerability in Particle Blogger Particle Blogger 1.0.0/1.2.0 SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
2007-03-20 | CVE-2007-1507 | Openafs | Configuration vulnerability in Openafs The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. | 7.5 |
2007-03-20 | CVE-2006-7170 | Koan Software | SQL Injection vulnerability in Koan Software Mega Mall Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | 7.5 |
2007-03-20 | CVE-2006-7168 | Phpbb | Unspecified vulnerability in PHPbb PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-03-20 | CVE-2006-7167 | Prorat | Remote Login Authentication Bypass vulnerability in Prorat Server 1.9 Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. | 7.5 |
2007-03-19 | CVE-2007-1503 | Rhapsody IRC | Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands. | 7.5 |
2007-03-21 | CVE-2007-1557 | F Secure | Local Format String vulnerability in F-Secure Anti-Virus 6.02 Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page. | 7.2 |
2007-03-20 | CVE-2007-1511 | Frontbase | Buffer Overflow vulnerability in FrontBase Relational Database Server Procedure Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name. | 7.1 |
75 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-24 | CVE-2007-1651 | Openid | Cross-Site Request Forgery vulnerability in OpenID Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site. | 6.8 |
2007-03-23 | CVE-2007-1638 | Phpprojekt | Cross-Site Request Forgery vulnerability in PHPprojekt 5.2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files. | 6.8 |
2007-03-22 | CVE-2007-1598 | Intervations | Remote Stack Buffer Overflow vulnerability in Intervations Filecopa 1.01 Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. | 6.8 |
2007-03-21 | CVE-2007-1584 | PHP | Remote Security vulnerability in PHP 5.2.0 Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string. | 6.8 |
2007-03-21 | CVE-2007-1583 | PHP | Unspecified vulnerability in PHP The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation. | 6.8 |
2007-03-21 | CVE-2007-1582 | PHP | Unspecified vulnerability in PHP The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources. | 6.8 |
2007-03-21 | CVE-2007-1002 | Evolution | Unspecified vulnerability in Evolution Shared Memo 2.8.2.1 Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | 6.8 |
2007-03-21 | CVE-2007-1572 | Sourceforge | SQL-Injection vulnerability in Jgbbs SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. | 6.8 |
2007-03-21 | CVE-2007-1571 | Radical Designs | Remote Security vulnerability in Activist Mobilization Platform PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | 6.8 |
2007-03-21 | CVE-2007-1564 | KDE | Information Exposure vulnerability in KDE Konqueror 3.5.5 The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
2007-03-21 | CVE-2007-1563 | Opera | Information Exposure vulnerability in Opera Browser 9.10 The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
2007-03-21 | CVE-2007-1562 | Mozilla Canonical | Information Exposure vulnerability in multiple products The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
2007-03-21 | CVE-2007-1464 | Inkscape | Unspecified vulnerability in Inkscape Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
2007-03-21 | CVE-2007-1463 | Ubuntu Inkscape | Unspecified vulnerability in Inkscape Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs. | 6.8 |
2007-03-20 | CVE-2007-1554 | Guestbara | Remote Security vulnerability in Guestbara 1.2 Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. | 6.8 |
2007-03-20 | CVE-2007-1549 | Phpx | Input Validation vulnerability in PHPX Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory. | 6.8 |
2007-03-20 | CVE-2007-1525 | Dayfox Designs | Remote PHP Code Execution vulnerability in Dayfox Designs Dayfox Blog 4 Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. | 6.8 |
2007-03-20 | CVE-2007-1522 | PHP | Unspecified vulnerability in PHP 5.2.0/5.2.1 Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors. | 6.8 |
2007-03-20 | CVE-2007-1521 | PHP | Unspecified vulnerability in PHP Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation. | 6.8 |
2007-03-20 | CVE-2007-1516 | Cicoandcico | Remote File Include vulnerability in Cicoandcico Ccmail 1.0.1 PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. | 6.8 |
2007-03-20 | CVE-2007-1514 | Viperweb | Remote File Include vulnerability in Viperweb Portal 0.1Alpha PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. | 6.8 |
2007-03-20 | CVE-2007-1513 | Grafx | Remote File Include vulnerability in Grafx Company Website Builder PRO 1.9.8 PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter. | 6.8 |
2007-03-20 | CVE-2006-7169 | Ultimate PHP Board | Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter. | 6.8 |
2007-03-19 | CVE-2007-1502 | Rhapsody IRC | Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands. | 6.8 |
2007-03-22 | CVE-2007-1599 | Wordpress | Information Disclosure vulnerability in Wordpress 2.1.2 wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. | 6.5 |
2007-03-20 | CVE-2007-1532 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements. | 6.4 |
2007-03-21 | CVE-2007-1580 | Ftpdmin | Buffer Errors vulnerability in Ftpdmin 0.96 FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:". | 6.3 |
2007-03-21 | CVE-2007-1573 | Jelsoft | SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4 SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | 6.0 |
2007-03-20 | CVE-2007-1526 | SUN | Remote Security vulnerability in SUN Java System web Server 6.1 Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | 6.0 |
2007-03-22 | CVE-2007-1607 | W Agora | Input Validation vulnerability in W-Agora 4.2.1 search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. | 5.0 |
2007-03-22 | CVE-2007-1605 | W Agora | Input Validation vulnerability in W-Agora 4.2.1 w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. | 5.0 |
2007-03-22 | CVE-2007-1597 | Unclassified Newsboard | Information Disclosure vulnerability in Unclassified Newsboard Unclassified Newsboard 1.6.3 Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log. | 5.0 |
2007-03-21 | CVE-2007-1585 | Linksys | Information Disclosure vulnerability in Linksys Wag200G and Wrt54Gc The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916. | 5.0 |
2007-03-21 | CVE-2007-1577 | Geblog | Local File Include vulnerability in Geblog 0.1 Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. | 5.0 |
2007-03-21 | CVE-2007-1574 | Care2X | Remote Security vulnerability in CARE2X CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | 5.0 |
2007-03-21 | CVE-2007-0606 | W Agora | Information Disclosure vulnerability in W-Agora 4.2.1 w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. | 5.0 |
2007-03-21 | CVE-2007-1560 | Squid | Remote Denial of Service vulnerability in Squid Proxy TRACE Request The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. | 5.0 |
2007-03-20 | CVE-2007-1553 | Guestbara | Remote Security vulnerability in Guestbara admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters. | 5.0 |
2007-03-20 | CVE-2007-1546 | Mandrakesoft Radscan | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c. | 5.0 |
2007-03-20 | CVE-2007-1545 | Mandrakesoft Radscan | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID. | 5.0 |
2007-03-20 | CVE-2007-1544 | Mandrakesoft Radscan | Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value. | 5.0 |
2007-03-20 | CVE-2007-1542 | Cisco | Remote Denial of Service vulnerability in Cisco 7940/7960 Phone SIP Invite Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request. | 5.0 |
2007-03-20 | CVE-2007-1533 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks. | 5.0 |
2007-03-20 | CVE-2007-1531 | Microsoft | Resource Management Errors vulnerability in Microsoft Windows Vista and Windows XP Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host. | 5.0 |
2007-03-20 | CVE-2007-1530 | Microsoft | Remote Denial Of Service vulnerability in Microsoft Windows Vista LLTD Mapper EMIT Packet The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error. | 5.0 |
2007-03-20 | CVE-2007-1528 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack. | 5.0 |
2007-03-20 | CVE-2007-1527 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack. | 5.0 |
2007-03-20 | CVE-2007-1524 | Zomplog | Local File Include vulnerability in Zomplog 3.7.6 Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. | 5.0 |
2007-03-20 | CVE-2006-7171 | Koan Software | Improper Input Validation vulnerability in Koan Software Mega Mall product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter. | 5.0 |
2007-03-20 | CVE-2006-7166 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | 5.0 |
2007-03-23 | CVE-2007-1639 | Phpprojekt | Unspecified vulnerability in PHPprojekt 5.2.0 Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files. | 4.6 |
2007-03-19 | CVE-2007-0237 | Lookup | Unspecified vulnerability in Lookup The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2007-03-24 | CVE-2007-1646 | Subhub | Cross-Site Scripting vulnerability in Subhub 2.3.0 Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe. | 4.3 |
2007-03-23 | CVE-2007-1625 | Realguestbook | Cross-Site Scripting vulnerability in Realguestbook 5.01 Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php. | 4.3 |
2007-03-23 | CVE-2007-1623 | Realguestbook | Cross-Site Scripting vulnerability in Realguestbook 5.01 Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files. | 4.3 |
2007-03-22 | CVE-2007-1611 | Sourcenext | Cross-Site Scripting vulnerability in Sourcenext Ikanari Jijyou 1.0.0/1.0.1 Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed. | 4.3 |
2007-03-22 | CVE-2007-1610 | Glue Software | HTML Injection vulnerability in NewsGlue RSS Feed Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed. | 4.3 |
2007-03-22 | CVE-2007-1609 | Oracle | Cross-Site Scripting vulnerability in Oracle Application Server 10.1.2.0.0 Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | 4.3 |
2007-03-22 | CVE-2007-1606 | W Agora | Cross-Site Scripting vulnerability in W-Agora 4.2.1 Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. | 4.3 |
2007-03-22 | CVE-2007-0240 | Zope | HTML Injection vulnerability in Zope HTTP Get Request Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. | 4.3 |
2007-03-21 | CVE-2007-1576 | Phprojekt | Cross-Site Scripting vulnerability in PHProjekt 5.2 Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files. | 4.3 |
2007-03-20 | CVE-2007-1551 | Phpx | Cross-Site Scripting vulnerability in PHPx 3.5.15 Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php. | 4.3 |
2007-03-20 | CVE-2007-1539 | Pragmamx | Local File Include vulnerability in Pragmamx Landkarten 2.1 Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. | 4.3 |
2007-03-20 | CVE-2007-1529 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack. | 4.3 |
2007-03-20 | CVE-2007-0607 | W Agora | Remote Security vulnerability in W-Agora 4.2.1 W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. | 4.3 |
2007-03-20 | CVE-2007-1515 | Horde | Input Validation vulnerability in Horde IMP Webmail Client Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php. | 4.3 |
2007-03-20 | CVE-2007-1509 | Holtstraeter | Directory Traversal vulnerability in Holtstraeter Rot 13 Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. | 4.3 |
2007-03-20 | CVE-2007-1508 | Jbmc Software | Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.293 Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. | 4.3 |
2007-03-20 | CVE-2007-0998 | Redhat XEN | Permissions, Privileges, and Access Controls vulnerability in XEN Qemu The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. | 4.3 |
2007-03-20 | CVE-2006-7165 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." | 4.3 |
2007-03-20 | CVE-2006-7164 | Linux Unix IBM | Information Disclosure vulnerability in Websphere Application Server SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | 4.3 |
2007-03-19 | CVE-2007-1506 | Oracle | Cross-Site Scripting vulnerability in Oracle Portal P_OldURL Parameter Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | 4.3 |
2007-03-19 | CVE-2007-1504 | Fujitsu | Cross-Site Scripting vulnerability in iNTERSTAGE Application Server Standard Edition Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes. | 4.3 |
2007-03-19 | CVE-2007-1500 | Gentoo | Unspecified vulnerability in Gentoo Linux The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat. | 4.3 |
2007-03-24 | CVE-2007-1642 | Manageengine | Information Disclosure vulnerability in Manageengine Firewall Analyzer 4.0 Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-20 | CVE-2007-1537 | Microsoft | Local Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function. | 3.6 |
2007-03-21 | CVE-2007-1589 | Linux Truecrypt Foundation | Local Denial of Service vulnerability in TrueCrypt Dismount Set-EUID TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user. | 2.1 |
2007-03-19 | CVE-2007-1505 | Fujitsu | Information Disclosure vulnerability in Fujitsu Fence and Systemwalker Desktop Encryption Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types. | 2.1 |