Weekly Vulnerabilities Reports > March 26 to April 1, 2007
Overview
87 new vulnerabilities reported during this period, including 20 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 92 products from 65 vendors including PHP, Microsoft, IBM, Redhat, and Madwifi. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "SQL Injection", "Path Traversal", and "Improper Input Validation".
- 77 reported vulnerabilities are remotely exploitables.
- 32 reported vulnerabilities have public exploit available.
- 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 79 reported vulnerabilities are exploitable by an anonymous user.
- PHP has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
20 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-30 | CVE-2006-7183 | Photography ON THE NET | Remote File Include vulnerability in Exhibit Engine 2 PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter. | 10.0 |
2007-03-30 | CVE-2006-7182 | Mnews | Remote Security vulnerability in Mnews PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | 10.0 |
2007-03-30 | CVE-2007-1778 | EVE Nuke | Remote File Include vulnerability in Eve-Nuke Forum 0.1 PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 10.0 |
2007-03-30 | CVE-2007-1766 | Msxstudios | Remote File Include vulnerability in MsxStudios Advanced Login ProfileEdit.PHP PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | 10.0 |
2007-03-28 | CVE-2007-1733 | Intervations | Buffer Overflow vulnerability in Intervations Navicopa web Server 2.01 Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112. | 10.0 |
2007-03-28 | CVE-2007-1675 | IBM | Buffer Overflow vulnerability in IBM Lotus Domino IMAP Cram-MD5 Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username. | 10.0 |
2007-03-28 | CVE-2007-1731 | Hpaftpd | Remote Buffer Overflow vulnerability in Hpaftpd 1.01 Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command. | 10.0 |
2007-03-28 | CVE-2007-1724 | Reactos | Remote Security vulnerability in Reactos 0.3.1 Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures. | 10.0 |
2007-03-28 | CVE-2007-1722 | Signkorea | Remote Buffer Overflow vulnerability in SignKorea SKCommAX ActiveX Control 6.6.0.13280/7.2.0.2 Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument. | 10.0 |
2007-03-28 | CVE-2007-1721 | Realink | Remote File Include vulnerability in C-Arbre Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php. | 10.0 |
2007-03-27 | CVE-2007-1699 | Joomla Mambo | Remote File Include vulnerability in Mambo SWMenu MosConfig_Absolute_Path Parameter Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | 10.0 |
2007-03-27 | CVE-2007-1697 | Philex | Remote And Local File Include vulnerability in Philex PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter. | 10.0 |
2007-03-31 | CVE-2007-1787 | Softerra | Remote File Include vulnerability in Softerra Time-Assistant Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter. | 9.3 |
2007-03-31 | CVE-2007-1784 | IBM | Unspecified vulnerability in IBM Lotus Sametime The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | 9.3 |
2007-03-30 | CVE-2006-7185 | Cmsmelborp | Remote Security vulnerability in Cmsmelborp Beta PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter. | 9.3 |
2007-03-30 | CVE-2007-0038 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. | 9.3 |
2007-03-30 | CVE-2007-1771 | AY System Solutions | Remote File Include vulnerability in AY System Solutions web Content System 2.7.1 PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter. | 9.3 |
2007-03-30 | CVE-2007-1765 | Microsoft Avaya | Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. | 9.3 |
2007-03-28 | CVE-2007-1735 | Corel | Buffer Errors vulnerability in Corel Wordperfect 13.0.0.565 Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document. | 9.3 |
2007-03-28 | CVE-2007-1725 | Icebb | SQL Injection vulnerability in Icebb 1.0Rc5 SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges. | 9.3 |
31 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-30 | CVE-2006-7179 | Madwifi | Denial of Service vulnerability in MadWIFI Channel Switch Announcement Information Elements ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. | 7.8 |
2007-03-30 | CVE-2006-7178 | Madwifi | Remote Denial of Service vulnerability in MadWifi Auth Frame IBSS MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. | 7.8 |
2007-03-30 | CVE-2006-7177 | Madwifi | Denial of Service vulnerability in Madwifi 0.9.2 MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." | 7.8 |
2007-03-30 | CVE-2007-1767 | AOL | Denial-Of-Service vulnerability in AOL Client Software 9.0 Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors. | 7.8 |
2007-03-28 | CVE-2007-1739 | IBM | HTML Injection vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2 Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. | 7.8 |
2007-03-28 | CVE-2007-1728 | Sony | Denial-Of-Service vulnerability in Sony Playstation 3 and Playstation Portable The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | 7.8 |
2007-03-28 | CVE-2007-1718 | PHP | Unspecified vulnerability in PHP CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro. | 7.8 |
2007-03-31 | CVE-2007-1791 | Alexscriptengine | SQL Injection vulnerability in Picture-Engine Wall.PHP SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2007-03-30 | CVE-2007-1779 | Advanced Website Creator | SQL Injection vulnerability in Advanced Website Creator Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string. | 7.5 |
2007-03-30 | CVE-2007-1777 | PHP | Integer Overflow vulnerability in PHP Zip_Entry_Read() Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow. | 7.5 |
2007-03-28 | CVE-2007-1737 | Opera | Security Bypass vulnerability in Opera Browser 9.10 Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | 7.5 |
2007-03-28 | CVE-2007-1736 | Mozilla | Security Bypass vulnerability in Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. | 7.5 |
2007-03-28 | CVE-2007-1729 | Revolutionproducts | SQL Injection vulnerability in Revolutionproducts Flexbb 1.0.010005Beta1 SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php. | 7.5 |
2007-03-28 | CVE-2007-1720 | SB Websoft | Local File Include vulnerability in Sb-Websoft Addressbook 1.2 Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-03-27 | CVE-2006-7175 | Redhat Sendmail | Remote Security vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | 7.5 |
2007-03-27 | CVE-2007-1715 | Free PHP Scripts | Remote Security vulnerability in Free Image Hosting 1.0/2.0 PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 7.5 |
2007-03-27 | CVE-2007-1712 | Active WEB Softwares | SQL-Injection vulnerability in Active web Softwares Active Auction House 7.1 SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-27 | CVE-2007-1708 | Ttcms | Remote File Include vulnerability in TTCMS EZ_SQL.PHP PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | 7.5 |
2007-03-27 | CVE-2007-1707 | NET Side NET | Remote File Include vulnerability in Net Side CMS PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter. | 7.5 |
2007-03-27 | CVE-2007-1706 | Ewebquiz | SQL-Injection vulnerability in Ewebquiz 8 SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter. | 7.5 |
2007-03-27 | CVE-2007-1705 | Active Trade | Unspecified vulnerability in Active Trade Active Trade 2 SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2007-03-27 | CVE-2007-1704 | Joomla | SQL Injection vulnerability in WebFormatique Car Manager Joomla Component SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-03-27 | CVE-2007-1703 | Joomla | SQL Injection vulnerability in Joomla RWCards Component SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
2007-03-27 | CVE-2007-1700 | PHP | Unspecified vulnerability in PHP The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable. | 7.5 |
2007-03-27 | CVE-2007-1696 | Active WEB Softwares | SQL Injection vulnerability in Active Newsletter ViewNewspapers.ASP SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter. | 7.5 |
2007-03-26 | CVE-2007-1692 | Microsoft | Configuration vulnerability in Microsoft Windows 2000 and Windows 2003 Server The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. | 7.5 |
2007-03-28 | CVE-2007-1734 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.6.20/2.6.20.1/2.6.20.2 The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730. | 7.2 |
2007-03-28 | CVE-2007-1719 | Freebsd Jason W Bacon | Local Security vulnerability in Jason W. Bacon Mcweject 0.9 Buffer overflow in eject.c in Jason W. | 7.2 |
2007-03-31 | CVE-2007-1785 | Broadcom CA | The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request. | 7.1 |
2007-03-30 | CVE-2007-1772 | HP | Denial Of Service vulnerability in HP Jetdirect FTP Print Server RERT Command The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname. | 7.1 |
2007-03-30 | CVE-2007-1763 | Microsoft | Denial-Of-Service vulnerability in Windows Vista The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow. | 7.1 |
34 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-28 | CVE-2007-1738 | Truecrypt Foundation | Local Privilege Escalation vulnerability in TrueCrypt Mount Set-EUID TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589. | 6.9 |
2007-03-31 | CVE-2007-1790 | Kaqoo | Code Injection vulnerability in Kaqoo Auction Software Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php. | 6.8 |
2007-03-31 | CVE-2007-1789 | Flyspray | Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9 Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests. | 6.8 |
2007-03-31 | CVE-2007-1788 | Flyspray | Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9 Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request. | 6.8 |
2007-03-31 | CVE-2007-1786 | Hitachi | Products Unspecified SQL Injection vulnerability in Hitachi SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 6.8 |
2007-03-30 | CVE-2006-7184 | Photography ON THE NET | Remote File Include vulnerability in Exhibit Engine Toroot Parameter Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. | 6.8 |
2007-03-30 | CVE-2007-1776 | Design FOR Joomla | SQL Injection vulnerability in Design FOR Joomla D4J Ezine SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | 6.8 |
2007-03-30 | CVE-2007-1775 | Jbrowser | Unspecified vulnerability in Jbrowser Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. | 6.8 |
2007-03-30 | CVE-2006-7180 | Madwifi | Multiple vulnerability in MADWiFi IEEE80211_Output.C Unencrypted Data Packet ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. | 6.8 |
2007-03-28 | CVE-2007-1723 | Ciphertrust | Cross-Site Scripting vulnerability in Ciphertrust Ironmail 6.1.1 Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do. | 6.8 |
2007-03-27 | CVE-2007-1714 | Cccounter | Cross-Site Scripting vulnerability in Cccounter 2.0 Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter. | 6.8 |
2007-03-27 | CVE-2007-1711 | PHP | Unspecified vulnerability in PHP 4.4.5/4.4.6 Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. | 6.8 |
2007-03-27 | CVE-2007-1702 | Mambo | Remote File Include vulnerability in Mambo FlatMenu Module MosConfig_Absolute_Path PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2007-03-27 | CVE-2007-1701 | PHP | Deserialization of Untrusted Data vulnerability in PHP PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:". | 6.8 |
2007-03-30 | CVE-2007-1677 | Navision Software Netbsd | Buffer Overflow vulnerability in NetBSD ISO(4) Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function. | 6.6 |
2007-03-28 | CVE-2007-1730 | Linux | Local Information Disclosure vulnerability in Linux Kernel 2.6.20/2.6.20.1/2.6.20.2 Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value. | 6.6 |
2007-03-28 | CVE-2007-1727 | HP Linux Microsoft SUN | Remote Unauthorized Access vulnerability in HP OpenView Network Node Manager Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors. | 6.5 |
2007-03-28 | CVE-2007-1726 | Icebb | Remote PHP Code Execution vulnerability in Icebb 1.0Rc5 Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/. | 6.5 |
2007-03-27 | CVE-2007-1713 | B21Soft | Unspecified vulnerability in B21Soft Basp21 2003.0211 CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines. | 6.4 |
2007-03-30 | CVE-2007-1764 | Faststone | Buffer Overflow vulnerability in Faststone Image Viewer 2.8 Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image. | 6.0 |
2007-03-30 | CVE-2007-1762 | Mozilla | Security Bypass vulnerability in Mozilla Firefox 2.0.0.1/2.0.0.2/2.0.0.3 Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | 5.0 |
2007-03-30 | CVE-2007-1349 | Apache Canonical Redhat | Improper Input Validation vulnerability in multiple products PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. | 5.0 |
2007-03-28 | CVE-2007-1717 | PHP | Unspecified vulnerability in PHP The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. | 5.0 |
2007-03-27 | CVE-2007-1698 | Philex | Remote And Local File Include vulnerability in Philex download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter. | 5.0 |
2007-03-30 | CVE-2007-1782 | Cruiseworks | Denial-Of-Service vulnerability in Cruiseworks CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. | 4.6 |
2007-03-30 | CVE-2007-1781 | Minna DE Office | Unspecified vulnerability in Minna DE Office Minna DE Office Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. | 4.6 |
2007-03-30 | CVE-2007-1780 | Overlay Weaver | Cross-Site Scripting vulnerability in Overlay Weaver Overlay Weaver 0.5.10/0.5.11/0.5.9 Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms. | 4.3 |
2007-03-30 | CVE-2007-1774 | Unverse NET | Cross-Site Scripting vulnerability in Unverse.Net Abitwhizzy Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php. | 4.3 |
2007-03-30 | CVE-2007-1768 | Mephisto | HTML Injection vulnerability in Mephisto Blog Author Comment Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment. | 4.3 |
2007-03-29 | CVE-2006-4843 | IBM | HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | 4.3 |
2007-03-27 | CVE-2006-7176 | Redhat Sendmail | Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | 4.3 |
2007-03-27 | CVE-2007-1710 | PHP | Security Bypass vulnerability in PHP 4.4.4/5.1.6/5.2.1 The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence. | 4.3 |
2007-03-27 | CVE-2007-1709 | PHP | Buffer Errors vulnerability in PHP 5.2.1 Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string. | 4.3 |
2007-03-26 | CVE-2007-1678 | Fizzle | HTML Injection vulnerability in Fizzle 0.5 Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-03-27 | CVE-2007-1716 | Redhat | Unspecified vulnerability in Redhat Enterprise Linux 4.4 pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. | 3.4 |
2007-03-30 | CVE-2007-1773 | Unverse NET | Path Traversal vulnerability in Unverse.Net Abitwhizzy Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. | 2.6 |