Weekly Vulnerabilities Reports > March 19 to 25, 2007

Overview

183 new vulnerabilities reported during this period, including 40 critical vulnerabilities and 58 high severity vulnerabilities. This weekly summary report vulnerabilities in 151 products from 130 vendors including Microsoft, PHP, W Agora, Radscan, and Mandrakesoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "SQL Injection", "Improper Input Validation", and "Numeric Errors".

  • 176 reported vulnerabilities are remotely exploitables.
  • 52 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 174 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

40 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-24 CVE-2007-1666 Datarescue Improper Input Validation vulnerability in Datarescue IDA PRO 5.0/5.1

The processor_request function in the debugger server for DataRescue IDA Pro 5.0 and 5.1 does not verify that authentication has taken place before invoking the perform_request function, which allows remote attackers to perform unauthorized actions.

10.0
2007-03-24 CVE-2007-1465 Dproxy Buffer-Overflow vulnerability in DProxy Stack-Based

Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.

10.0
2007-03-24 CVE-2007-1655 Tinymux Buffer Overflow vulnerability in Tinymux 2.4

Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.

10.0
2007-03-24 CVE-2007-1645 Microsoft
Futuresoft
Remote Security vulnerability in TFTP Server 2000

Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69.

10.0
2007-03-24 CVE-2007-1644 Microsoft Denial-Of-Service vulnerability in Microsoft ALL Windows Abstractcpe

The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).

10.0
2007-03-24 CVE-2007-1643 LAN Management System Code Injection vulnerability in LAN Management System LAN Management System

Multiple PHP remote file inclusion vulnerabilities in LAN Management System (LMS) 1.8.9 Vala and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG[directories][userpanel_dir] parameter to userpanel.php or the (2) _LIB_DIR parameter to welcome.php.

10.0
2007-03-23 CVE-2007-1640 Classweb Remote File Include vulnerability in ClassWeb Language.PHP

Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.

10.0
2007-03-23 CVE-2007-1631 Clbox Unspecified vulnerability in Clbox 1.01

** DISPUTED ** PHP remote file inclusion vulnerability in signup.php in CLBOX 1.01 allows remote attackers to execute arbitrary PHP code via a URL in the header parameter.

10.0
2007-03-23 CVE-2007-1621 Lbstone Remote File Include vulnerability in Active PHP Bookmarks Head.PHP

PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter.

10.0
2007-03-23 CVE-2007-1620 PHP DB Designer Remote Security vulnerability in Php Db Designer

Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer 1.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SITE_PATH] parameter to (a) wind/help.php or (b) wind/about.php, or the (2) _SESSION[DRIVER] parameter to (c) db/session.php.

10.0
2007-03-21 CVE-2007-1587 TIM Soderstrom Remote Security vulnerability in TIM Soderstrom Statsdawg 0.92

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter.

10.0
2007-03-21 CVE-2007-1579 Atrium Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Atrium Software Mercur Imapd and Mercur Messaging 2005

Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.

10.0
2007-03-21 CVE-2007-1578 Atrium Software Buffer Overflow vulnerability in Atrium Software Mercur Imapd 5.00.14

Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.

10.0
2007-03-21 CVE-2007-1569 Newsbin PRO Buffer Overflow vulnerability in Newsbin PRO Newsbin PRO 4.3.2

Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file.

10.0
2007-03-21 CVE-2007-1568 Daansystems Remote Security vulnerability in Daansystems Newsreactor 20070221

Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.

10.0
2007-03-21 CVE-2007-1567 WAR FTP Daemon Buffer-Overflow vulnerability in WarFTP Username Stack-Based

Stack-based buffer overflow in War FTP Daemon 1.65, and possibly earlier, allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors, as demonstrated by warftp_165.tar by Immunity.

10.0
2007-03-21 CVE-2006-7174 Phpbb Remote Security vulnerability in Dimension

PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

10.0
2007-03-20 CVE-2007-1543 Mandrakesoft
Radscan
Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A

Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

10.0
2007-03-20 CVE-2006-7173 PHP Stats Remote Security vulnerability in PHP-Stats

Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.

10.0
2007-03-20 CVE-2007-1512 Microsoft Denial-Of-Service vulnerability in Visual Studio .NET Professional Edition

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.

10.0
2007-03-19 CVE-2007-1319 Takebishi Corporation Unspecified vulnerability in Takebishi Corporation Devicexplorer OPC Server 3.12Build1

Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory.

10.0
2007-03-24 CVE-2007-1667 Imagemagick
X ORG
Numeric Errors vulnerability in multiple products

Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive information via crafted images with large or negative values that trigger a buffer overflow.

9.3
2007-03-24 CVE-2007-1658 Microsoft Local File Execution vulnerability in Microsoft Windows Vista Windows Mail

Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).

9.3
2007-03-24 CVE-2007-1654 Netsieben Denial-Of-Service vulnerability in Netsieben Ssh Library

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7ssh_sftp.cpp in NetSieben SSH Library (ne7ssh) before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service (crash) or possibly execute arbitrary code via multiple file transfers, related to multiple open file handles in SFTP (1) put and (2) get operations.

9.3
2007-03-23 CVE-2007-1637 Ipswitch Remote Security vulnerability in Imail Premium

Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.

9.3
2007-03-23 CVE-2007-1628 Studiewijzer Remote File Include vulnerability in Studiewijzer 0.13/0.14/0.15

Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.inc.php or (2) settings.ses.php in inc/; (3) db/mysql/db.inc.php; (4) integration/shortstat/configuration.php; (5) ali.class.php or (6) cat.class.php in methodology/traditional/class/; (7) cat_browse.inc.php, (8) chr_browse.inc.php, (9) chr_display.inc.php, or (10) dash_browse.inc.php in methodology/traditional/ui/inc/; (11) spl.webservice.php or (12) konfabulator/gateway_admin.php in ws/; or other unspecified files.

9.3
2007-03-23 CVE-2007-1626 PHP Nuke Remote File Include vulnerability in PHP-Nuke IFrame Module IFrame.PHP

PHP remote file inclusion vulnerability in iframe.php in the iFrame Module for PHP-NUKE allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

9.3
2007-03-23 CVE-2007-1614 Zziplib Stack Buffer Overflow vulnerability in ZZipLib ZZip_Open_Shared_IO

Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.

9.3
2007-03-22 CVE-2007-1600 Digital EYE Gallery Remote File Include vulnerability in Digital Eye Gallery Module.PHP

PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.

9.3
2007-03-22 CVE-2007-1596 Joomla
Mambo
Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.

9.3
2007-03-21 CVE-2007-1581 PHP Code Injection vulnerability in PHP

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources.

9.3
2007-03-21 CVE-2007-0654 X Multimedia System Integer Overflow And Underflow vulnerability in X Multimedia System X Multimedia System 1.2.10

Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.

9.3
2007-03-21 CVE-2007-0653 Linux
X Multimedia System
Integer Overflow And Underflow vulnerability in X Multimedia System X Multimedia System 1.2.10

Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

9.3
2007-03-21 CVE-2007-0348 Interactual Technologies
Intervideo
Roxio
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

9.3
2007-03-21 CVE-2007-0239 Openoffice Remote Shell Command Execution vulnerability in OpenOffice Meta Character

OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

9.3
2007-03-21 CVE-2007-0238 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice

Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

9.3
2007-03-20 CVE-2007-1536 File Numeric Errors vulnerability in File

Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.

9.3
2007-03-20 CVE-2007-1534 Microsoft Remote Security vulnerability in Windows Vista

DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.

9.3
2007-03-19 CVE-2007-1501 Avant Force Stack Buffer Overflow vulnerability in Avant Force Avant Browser 11.0Build26

Stack-based buffer overflow in Avant Browser 11.0 build 26 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Content-Type HTTP header.

9.3
2007-03-23 CVE-2007-1635 NET Portal Dynamic System Remote Security vulnerability in Net Portal Dynamic System

Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.

9.0

58 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-24 CVE-2007-1653 Glowworm Denial-Of-Service vulnerability in Glowworm

GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses.

7.8
2007-03-24 CVE-2007-1650 Pcapsipdump Denial-Of-Service vulnerability in Pcapsipdump 0.1.1

pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to cause a denial of service (application crash) via a malformed SIP packet, which results in a NULL pointer dereference.

7.8
2007-03-24 CVE-2007-1649 PHP Unspecified vulnerability in PHP 5.2.1

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

7.8
2007-03-24 CVE-2007-1648 Dev0 DE Remote Denial of Service vulnerability in Dev0.De 0Irc 1345Build20060823

0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.

7.8
2007-03-24 CVE-2007-1647 Moodle Information Disclosure vulnerability in Moodle

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.

7.8
2007-03-22 CVE-2007-1594 Asterisk Remote Denial of Service vulnerability in Asterisk SIP Channel Driver Response Code Zero

The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.

7.8
2007-03-22 CVE-2007-1591 Trend Micro Denial-Of-Service vulnerability in Trend Micro Trend Micro Antivirus 14.10.1041

VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with a certain field that triggers a divide-by-zero error.

7.8
2007-03-21 CVE-2007-1590 Grandstream Remote Denial of Service vulnerability in Grandstream Budgetone 200 1.1.1.14/1.1.1.5

The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and bootloader 1.1.1.5, allows remote attackers to cause a denial of service (device crash) via SIP (1) INVITE, (2) CANCEL, or unspecified other messages with a WWW-Authenticate header containing a crafted Digest domain.

7.8
2007-03-21 CVE-2007-1586 Zyxel Denial of Service vulnerability in Zyxel Zynos 3.40

ZynOS 3.40 allows remote attackers to cause a denial of service (link restart) by sending a request for the name \M via the SMB Mail Slot Protocol.

7.8
2007-03-21 CVE-2007-1565 KDE Denial-Of-Service vulnerability in KDE Konqueror 3.5.5

Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.

7.8
2007-03-21 CVE-2007-1561 Asterisk Remote Denial of Service vulnerability in Asterisk SIP Invite Message

The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.

7.8
2007-03-20 CVE-2007-1547 Mandrakesoft
Radscan
Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A

The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

7.8
2007-03-24 CVE-2007-1657 Python Software Foundation Buffer Overflow vulnerability in Python Software Foundation Python 2.5

Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.

7.5
2007-03-24 CVE-2007-1656 Katalog Plyt Audio SQL-Injection vulnerability in Katalog Plyt Audio

Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, different vectors than CVE-2007-1612.

7.5
2007-03-24 CVE-2007-1652 Openid Remote Security vulnerability in OpenID

OpenID allows remote attackers to forcibly log a user into an OpenID enabled site, divulge the user's personal information to this site, and add it site to the trusted sites list via a crafted web page, related to cached tokens.

7.5
2007-03-23 CVE-2007-1641 Portailphp SQL Injection vulnerability in Portailphp 2.0

SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.

7.5
2007-03-23 CVE-2007-1636 Roseonlinecms Local File Include vulnerability in Roseonlinecms 3B1

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a ..

7.5
2007-03-23 CVE-2007-1634 NET Portal Dynamic System SQL-Injection vulnerability in Net Portal Dynamic System

Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.

7.5
2007-03-23 CVE-2007-1633 Giorgio Ciranni Local File Include vulnerability in Giorgio Ciranni Splatt Forum 4.0Rc1

Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-03-23 CVE-2007-1632 Typolight Remote Security vulnerability in Typolight Webcms

Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has unknown impact and attack vectors related to a "major security hole."

7.5
2007-03-23 CVE-2007-1630 Active WEB Softwares SQL Injection vulnerability in Active Link Engine Default.ASP

SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-23 CVE-2007-1629 Active WEB Softwares SQL Injection vulnerability in Active web Softwares Active Photo Gallery 6.2

SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-23 CVE-2007-1624 Realguestbook SQL Injection and Cross-Site Scripting vulnerability in Realguestbook 5.01

Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php, as reachable through add_entry.php; and possibly other unspecified parameters and files.

7.5
2007-03-23 CVE-2007-1619 Scriptmagix SQL Injection vulnerability in ScriptMagix Photo Rating ViewComments.PHP

SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.

7.5
2007-03-23 CVE-2007-1618 Scriptmagix SQL-Injection vulnerability in Scriptmagix Faq Builder

SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-23 CVE-2007-1617 Scriptmagix SQL-Injection vulnerability in Scriptmagix Recipes

SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-23 CVE-2007-1616 Scriptmagix SQL Injection vulnerability in ScriptMagix Lyrics

SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.

7.5
2007-03-23 CVE-2007-1615 Scriptmagix SQL Injection vulnerability in Multiple ScriptMagix Products

SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-23 CVE-2007-1613 MPM Chat Local File Include vulnerability in MPM Chat MPM Chat 2.5

Directory traversal vulnerability in view.php in MPM Chat 2.5 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-03-23 CVE-2007-1612 Katalog Plyt Audio SQL Injection vulnerability in Katalog Plyt Audio

SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter.

7.5
2007-03-22 CVE-2007-1608 IBM HTTP Response Splitting vulnerability in IBM WebSphere Application Server

CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

7.5
2007-03-22 CVE-2007-1604 W Agora Arbitrary File Upload vulnerability in W-Agora 4.2.1

Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.

7.5
2007-03-22 CVE-2007-1603 Weekly Drawing Contest Security Bypass vulnerability in Weekly Drawing Contest Weekly Drawing Contest 0.0.1

admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote attackers to bypass authentication, and insert new contest information into a database, via a direct POST request.

7.5
2007-03-22 CVE-2007-1602 Weekly Drawing Contest SQL-Injection vulnerability in Weekly Drawing Contest Weekly Drawing Contest 0.0.1

SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2007-03-22 CVE-2007-1595 Asterisk Unspecified vulnerability in Asterisk 1.2.13

The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.

7.5
2007-03-21 CVE-2007-1588 Myserver Remote Security vulnerability in Myserver 0.8.5

server.cpp in MyServer 0.8.5 calls Process::setuid before calling Process::setgid and thus does not properly drop privileges, which might allow remote attackers to execute CGI programs with unintended privileges.

7.5
2007-03-21 CVE-2007-1575 Phprojekt SQL Injection vulnerability in PHProjekt

Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a) calendar and (2) search modules, and an (2) unspecified cookie when the user logs out.

7.5
2007-03-21 CVE-2007-1566 Netvios SQL Injection vulnerability in NetVios Portal Page.ASP

SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

7.5
2007-03-21 CVE-2007-1313 Netxautomation Improper Input Validation vulnerability in Netxautomation Netxeib 3.0

NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control (OPC) server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the (1) IOPCSyncIO::Read, (2) IOPCSyncIO::Write, (3) IOPCServer::AddGroup, (4) IOPCServer::RemoveGroup, (5) IOPCCommon::SetClientName, and (6) IOPCGroupStateMgt::CloneGroup functions, which allow access to arbitrary memory.

7.5
2007-03-21 CVE-2007-1556 Thecreativeheads DE SQL injection vulnerability in Thecreativeheads.De Creative Files 1.2

SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.

7.5
2007-03-20 CVE-2007-1555 Minerva SQL Injection vulnerability in Minerva Forum.PHP

SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2007-03-20 CVE-2007-1552 Metaforum Unspecified vulnerability in Metaforum 0.513Beta

Unrestricted file upload vulnerability in usercp.php in MetaForum 0.513 Beta restricts file types based on the MIME type in the Content-type HTTP header, which allows remote attackers to upload and execute arbitrary scripts via an image MIME type with a filename containing an executable extension such as .php.

7.5
2007-03-20 CVE-2007-1550 Phpx SQL-Injection vulnerability in PHPX

Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php.

7.5
2007-03-20 CVE-2007-1548 Webwizguide SQL Injection vulnerability in Webwizguide web WIZ Forums

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

7.5
2007-03-20 CVE-2007-1541 SQL Ledger Local File Include And Authentication Bypass vulnerability in Sql-Ledger 2.6.27

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a ..

7.5
2007-03-20 CVE-2007-1538 Mcafee Unspecified vulnerability in Mcafee Virusscan Enterprise 8.5I

** DISPUTED ** McAfee VirusScan Enterprise 8.5.0.i uses insecure permissions for certain Windows Registry keys, which allows local users to bypass local password protection via the UIP value in (1) HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or (2) HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.

7.5
2007-03-20 CVE-2006-7172 PHP Stats SQL-Injection vulnerability in PHP-Stats

Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter.

7.5
2007-03-20 CVE-2007-1535 Microsoft Unspecified vulnerability in Microsoft Windows Vista

Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo.

7.5
2007-03-20 CVE-2007-1523 Netbsd Local Buffer Overflow vulnerability in Netbsd 3.0

Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact.

7.5
2007-03-20 CVE-2007-1518 Woltlab SQL Injection vulnerability in Woltlab Burning Board UserGroups.PHP

SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.

7.5
2007-03-20 CVE-2007-1517 Paul Knierim SQL injection vulnerability in Paul Knierim WSN Guest 1.21

SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-03-20 CVE-2007-1510 Particle Blogger SQL Injection vulnerability in Particle Blogger Particle Blogger 1.0.0/1.2.0

SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.

7.5
2007-03-20 CVE-2007-1507 Openafs Configuration vulnerability in Openafs

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.

7.5
2007-03-20 CVE-2006-7170 Koan Software SQL Injection vulnerability in Koan Software Mega Mall

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

7.5
2007-03-20 CVE-2006-7167 Prorat Remote Login Authentication Bypass vulnerability in Prorat Server 1.9

Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors.

7.5
2007-03-19 CVE-2007-1503 Rhapsody IRC Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B

Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via format string specifiers to the create_ctcp_message function using the message argument to the (1) me or (2) ctcp commands, and possibly related vectors involving the (3) whois, (4) mode, and (5) topic commands.

7.5
2007-03-21 CVE-2007-1557 F Secure Local Format String vulnerability in F-Secure Anti-Virus 6.02

Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.

7.2
2007-03-20 CVE-2007-1511 Frontbase Buffer Overflow vulnerability in FrontBase Relational Database Server Procedure

Buffer overflow in FrontBase Relational Database Server 4.2.7 and earlier allows remote authenticated users, with privileges for creating a stored procedure, to execute arbitrary code via a CREATE PROCEDURE request with a long procedure name.

7.1

82 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-24 CVE-2007-1651 Openid Cross-Site Request Forgery vulnerability in OpenID

Cross-site request forgery (CSRF) vulnerability in OpenID allows remote attackers to restore the login session of a user on an OpenID enabled site via unspecified vectors related to an arbitrary remote web site and cached tokens, after the user has signed into an OpenID server, logged into the OpenID enabled site, and then logged out of the OpenID enabled site.

6.8
2007-03-23 CVE-2007-1638 Phpprojekt Cross-Site Request Forgery vulnerability in PHPprojekt 5.2.0

Multiple cross-site request forgery (CSRF) vulnerabilities in the check_csrftoken function in lib/lib.inc.php in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote attackers to perform unauthorized actions as an arbitrary user via the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Notes, (5) Search, (6) Mail, or (7) Filemanager module; the (9) summary page; or unspecified other files.

6.8
2007-03-22 CVE-2007-1598 Intervations Remote Stack Buffer Overflow vulnerability in Intervations Filecopa 1.01

Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity.

6.8
2007-03-21 CVE-2007-1584 PHP Remote Security vulnerability in PHP 5.2.0

Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.

6.8
2007-03-21 CVE-2007-1583 PHP Unspecified vulnerability in PHP

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

6.8
2007-03-21 CVE-2007-1582 PHP Unspecified vulnerability in PHP

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.

6.8
2007-03-21 CVE-2007-1002 Evolution Unspecified vulnerability in Evolution Shared Memo 2.8.2.1

Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.

6.8
2007-03-21 CVE-2007-1572 Sourceforge SQL-Injection vulnerability in Jgbbs

SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440.

6.8
2007-03-21 CVE-2007-1571 Radical Designs Remote Security vulnerability in Activist Mobilization Platform

PHP remote file inclusion vulnerability in includes/base.php in Radical Designs Activist Mobilization Platform (AMP) 3.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

6.8
2007-03-21 CVE-2007-1564 KDE Information Exposure vulnerability in KDE Konqueror 3.5.5

The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8
2007-03-21 CVE-2007-1563 Opera Information Exposure vulnerability in Opera Browser 9.10

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8
2007-03-21 CVE-2007-1562 Mozilla
Canonical
Information Exposure vulnerability in multiple products

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

6.8
2007-03-21 CVE-2007-1464 Inkscape Unspecified vulnerability in Inkscape

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-03-21 CVE-2007-1463 Ubuntu
Inkscape
Unspecified vulnerability in Inkscape

Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

6.8
2007-03-20 CVE-2007-1554 Guestbara Remote Security vulnerability in Guestbara 1.2

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters.

6.8
2007-03-20 CVE-2007-1549 Phpx Input Validation vulnerability in PHPX

Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.

6.8
2007-03-20 CVE-2007-1525 Dayfox Designs Remote PHP Code Execution vulnerability in Dayfox Designs Dayfox Blog 4

Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.

6.8
2007-03-20 CVE-2007-1522 PHP Unspecified vulnerability in PHP 5.2.0/5.2.1

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which calls the session identifier generator with an improper environment, leading to code execution when the generator is interrupted, as demonstrated by triggering a memory limit violation or certain PHP errors.

6.8
2007-03-20 CVE-2007-1521 PHP Unspecified vulnerability in PHP

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a memory limit violation.

6.8
2007-03-20 CVE-2007-1520 Phpnuke Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.

6.8
2007-03-20 CVE-2007-1516 Cicoandcico Remote File Include vulnerability in Cicoandcico Ccmail 1.0.1

PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.

6.8
2007-03-20 CVE-2007-1514 Viperweb Remote File Include vulnerability in Viperweb Portal 0.1Alpha

PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter.

6.8
2007-03-20 CVE-2007-1513 Grafx Remote File Include vulnerability in Grafx Company Website Builder PRO 1.9.8

PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter.

6.8
2007-03-20 CVE-2006-7169 Ultimate PHP Board Remote File Include vulnerability in Ultimate PHP Board Header_simple.PHP

PHP remote file inclusion vulnerability in includes/header_simple.php in Ultimate PHP Board (UPB) 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[skin_dir] parameter.

6.8
2007-03-20 CVE-2006-7168 PHP Remote File Include vulnerability in PHPBB Add Name Module Not_Mem.PHP

PHP remote file inclusion vulnerability in includes/not_mem.php in the Add Name module for PHP allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

6.8
2007-03-19 CVE-2007-1502 Rhapsody IRC Remote vulnerability in Rhapsody IRC Rhapsody IRC 0.28B

Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers to execute arbitrary code via a (1) long command, (2) long server argument to the (a) connect or (b) server commands, (3) long nick argument to the (c) nick command, or a long (4) nick or (5) message argument to the (d) ctcp, (e) chat, (f) notice, (g) message (msg), or (h) query commands.

6.8
2007-03-22 CVE-2007-1599 Wordpress Information Disclosure vulnerability in Wordpress 2.1.2

wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.

6.5
2007-03-20 CVE-2007-1532 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The neighbor discovery implementation in Microsoft Windows Vista allows remote attackers to conduct a redirect attack by (1) responding to queries by sending spoofed Neighbor Advertisements or (2) blindly sending Neighbor Advertisements.

6.4
2007-03-21 CVE-2007-1580 Ftpdmin Buffer Errors vulnerability in Ftpdmin 0.96

FTPDMIN 0.96 allows remote attackers to cause a denial of service (daemon crash) via a LIST command for a Windows drive letter, as demonstrated using "//A:".

6.3
2007-03-21 CVE-2007-1573 Jelsoft SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

6.0
2007-03-20 CVE-2007-1526 SUN Remote Security vulnerability in SUN Java System web Server 6.1

Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors.

6.0
2007-03-22 CVE-2007-1607 W Agora Input Validation vulnerability in W-Agora 4.2.1

search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.

5.0
2007-03-22 CVE-2007-1605 W Agora Input Validation vulnerability in W-Agora 4.2.1

w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies.

5.0
2007-03-22 CVE-2007-1601 Weekly Drawing Contest Unspecified vulnerability in Weekly Drawing Contest Weekly Drawing Contest 0.0.1

** DISPUTED ** Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a ..

5.0
2007-03-22 CVE-2007-1597 Unclassified Newsboard Information Disclosure vulnerability in Unclassified Newsboard Unclassified Newsboard 1.6.3

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.

5.0
2007-03-21 CVE-2007-1585 Linksys Information Disclosure vulnerability in Linksys Wag200G and Wrt54Gc

The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware 1.00.7, and WRT54GC 1 with firmware 1.03.0 and earlier allow remote attackers to obtain sensitive information (passwords and configuration data) via a packet to UDP port 916.

5.0
2007-03-21 CVE-2007-1577 Geblog Local File Include vulnerability in Geblog 0.1

Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a ..

5.0
2007-03-21 CVE-2007-1574 Care2X Remote Security vulnerability in CARE2X

CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.

5.0
2007-03-21 CVE-2007-0606 W Agora Information Disclosure vulnerability in W-Agora 4.2.1

w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.

5.0
2007-03-21 CVE-2007-1560 Squid Remote Denial of Service vulnerability in Squid Proxy TRACE Request

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

5.0
2007-03-20 CVE-2007-1553 Guestbara Remote Security vulnerability in Guestbara

admin/configuration.php in Guestbara 1.2 and earlier allows remote attackers to modify the e-mail, name, and password of the admin account by setting the zapis parameter to "ok" and providing modified admin_mail, login, and pass parameters.

5.0
2007-03-20 CVE-2007-1546 Mandrakesoft
Radscan
Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A

Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.

5.0
2007-03-20 CVE-2007-1545 Mandrakesoft
Radscan
Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A

The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.

5.0
2007-03-20 CVE-2007-1544 Mandrakesoft
Radscan
Local Privilege Escalation and Denial of Service vulnerability in Radscan Network Audio System 1.8A

Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.

5.0
2007-03-20 CVE-2007-1542 Cisco Remote Denial of Service vulnerability in Cisco 7940/7960 Phone SIP Invite

Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running firmware before POS8-6-0 allows remote attackers to cause a denial of service via the Remote-Party-ID sipURI field in a SIP INVITE request.

5.0
2007-03-20 CVE-2007-1533 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The Teredo implementation in Microsoft Windows Vista uses the same nonce for communication with different UDP ports within a solicitation session, which makes it easier for remote attackers to spoof the nonce through brute force attacks.

5.0
2007-03-20 CVE-2007-1531 Microsoft Resource Management Errors vulnerability in Microsoft Windows Vista and Windows XP

Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.

5.0
2007-03-20 CVE-2007-1530 Microsoft Remote Denial Of Service vulnerability in Microsoft Windows Vista LLTD Mapper EMIT Packet

The LLTD Mapper in Microsoft Windows Vista does not properly gather responses to EMIT packets, which allows remote attackers to cause a denial of service (mapping failure) by omitting an ACK response, which triggers an XML syntax error.

5.0
2007-03-20 CVE-2007-1528 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The LLTD Mapper in Microsoft Windows Vista allows remote attackers to spoof hosts, and nonexistent bridge relationships, into the network topology map by using a MAC address that differs from the MAC address provided in the Real Source field of the LLTD BASE header of a HELLO packet, aka the "Spoof on Bridge" attack.

5.0
2007-03-20 CVE-2007-1527 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The LLTD Mapper in Microsoft Windows Vista does not verify that an IP address in a TLV type 0x07 field in a HELLO packet corresponds to a valid IP address for the local network, which allows remote attackers to trick users into communicating with an external host by sending a HELLO packet with the MW characteristic and a spoofed TLV type 0x07 field, aka the "Spoof and Management URL IP Redirect" attack.

5.0
2007-03-20 CVE-2007-1524 Zomplog Local File Include vulnerability in Zomplog 3.7.6

Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a ..

5.0
2007-03-20 CVE-2006-7171 Koan Software Improper Input Validation vulnerability in Koan Software Mega Mall

product_review.php in Koan Software Mega Mall allows remote attackers to obtain the installation path via a request with an empty value of the x[] parameter.

5.0
2007-03-20 CVE-2006-7166 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."

5.0
2007-03-22 CVE-2007-1592 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free by opening a listening IPv6 socket, attaching a flow label, and connecting to that socket.

4.9
2007-03-23 CVE-2007-1639 Phpprojekt Unspecified vulnerability in PHPprojekt 5.2.0

Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files.

4.6
2007-03-19 CVE-2007-0237 Lookup Unspecified vulnerability in Lookup

The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2007-03-24 CVE-2007-1646 Subhub Cross-Site Scripting vulnerability in Subhub 2.3.0

Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message parameter to (b) /calendar or (c) /subscribe.

4.3
2007-03-23 CVE-2007-1625 Realguestbook Cross-Site Scripting vulnerability in Realguestbook 5.01

Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_entry.php.

4.3
2007-03-23 CVE-2007-1623 Realguestbook Cross-Site Scripting vulnerability in Realguestbook 5.01

Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2) fs_menu, (3) fc_menu, (4) ff_menu, (5) bg_color_2, (6) fs_normal, (7) fc_normal, and (8) ff_normal parameters to welcome_admin.php; and possibly unspecified other parameters and files.

4.3
2007-03-23 CVE-2007-1622 Wordpress Cross-Site Scripting vulnerability in WordPress PHP_Self

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

4.3
2007-03-22 CVE-2007-1611 Sourcenext Cross-Site Scripting vulnerability in Sourcenext Ikanari Jijyou 1.0.0/1.0.1

Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.

4.3
2007-03-22 CVE-2007-1610 Glue Software HTML Injection vulnerability in NewsGlue RSS Feed

Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.

4.3
2007-03-22 CVE-2007-1609 Oracle Cross-Site Scripting vulnerability in Oracle Application Server 10.1.2.0.0

Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

4.3
2007-03-22 CVE-2007-1606 W Agora Cross-Site Scripting vulnerability in W-Agora 4.2.1

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.

4.3
2007-03-22 CVE-2007-0240 Zope HTML Injection vulnerability in Zope HTTP Get Request

Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

4.3
2007-03-21 CVE-2007-1576 Phprojekt Cross-Site Scripting vulnerability in PHProjekt 5.2

Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) Projects, (2) Contacts, (3) Helpdesk, (4) Search (only Gecko engine driven Browsers), and (5) Notes modules; the (6) Mail summary page; and unspecified other files.

4.3
2007-03-20 CVE-2007-1551 Phpx Cross-Site Scripting vulnerability in PHPx 3.5.15

Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php.

4.3
2007-03-20 CVE-2007-1540 Ledgersmb
SQL Ledger
Local File Include And Authentication Bypass vulnerability in LedgerSMB/SQL-Ledger Login Parameter

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a ..

4.3
2007-03-20 CVE-2007-1539 Pragmamx Local File Include vulnerability in Pragmamx Landkarten 2.1

Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a ..

4.3
2007-03-20 CVE-2007-1529 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The LLTD Responder in Microsoft Windows Vista does not send the Mapper a response to a DISCOVERY packet if another host has sent a spoofed response first, which allows remote attackers to spoof arbitrary hosts via a network-based race condition, aka the "Total Spoof" attack.

4.3
2007-03-20 CVE-2007-1519 Phpnuke Cross-Site Scripting vulnerability in PHPnuke PHP-Nuke

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.

4.3
2007-03-20 CVE-2007-0607 W Agora Remote Security vulnerability in W-Agora 4.2.1

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.

4.3
2007-03-20 CVE-2007-1515 Horde Input Validation vulnerability in Horde IMP Webmail Client

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query parameter in search.php, or other unspecified parameters in search.php.

4.3
2007-03-20 CVE-2007-1509 Holtstraeter Directory Traversal vulnerability in Holtstraeter Rot 13

Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a ..

4.3
2007-03-20 CVE-2007-1508 Jbmc Software Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.293

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.

4.3
2007-03-20 CVE-2007-0998 Redhat
XEN
Permissions, Privileges, and Access Controls vulnerability in XEN Qemu

The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device.

4.3
2007-03-20 CVE-2006-7165 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."

4.3
2007-03-20 CVE-2006-7164 Linux
Unix
IBM
Information Disclosure vulnerability in Websphere Application Server

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

4.3
2007-03-19 CVE-2007-1506 Oracle Cross-Site Scripting vulnerability in Oracle Portal P_OldURL Parameter

Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.

4.3
2007-03-19 CVE-2007-1504 Fujitsu Cross-Site Scripting vulnerability in iNTERSTAGE Application Server Standard Edition

Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes.

4.3
2007-03-19 CVE-2007-1500 Gentoo Unspecified vulnerability in Gentoo Linux

The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

4.3
2007-03-24 CVE-2007-1642 Manageengine Information Disclosure vulnerability in Manageengine Firewall Analyzer 4.0

Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-20 CVE-2007-1537 Microsoft Local Privilege Escalation vulnerability in Microsoft Windows 2003 Server and Windows XP

\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.

3.6
2007-03-21 CVE-2007-1589 Linux
Truecrypt Foundation
Local Denial of Service vulnerability in TrueCrypt Dismount Set-EUID

TrueCrypt before 4.3, when set-euid mode is used on Linux, allows local users to cause a denial of service (filesystem unavailability) by dismounting a volume mounted by a different user.

2.1
2007-03-19 CVE-2007-1505 Fujitsu Information Disclosure vulnerability in Fujitsu Fence and Systemwalker Desktop Encryption

Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption V12.0L10, V12.0L10A, V12.0L10B, V12.0L20 and V13.0.0 allows local users to obtain sensitive information by extracting the decoding password from certain "self-decoding" file types.

2.1