Weekly Vulnerabilities Reports > March 26 to April 1, 2007

Overview

93 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 69 vendors including PHP, Microsoft, IBM, Madwifi, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", "Resource Management Errors", and "SQL Injection".

  • 83 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 84 reported vulnerabilities are exploitable by an anonymous user.
  • PHP has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-30 CVE-2006-7183 Photography ON THE NET Remote File Include vulnerability in Exhibit Engine 2

PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.

10.0
2007-03-30 CVE-2006-7182 Mnews Remote Security vulnerability in Mnews

PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

10.0
2007-03-30 CVE-2006-7181 Morcego CMS Code Injection vulnerability in Morcego CMS Morcego CMS

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php.

10.0
2007-03-30 CVE-2007-1778 EVE Nuke Remote File Include vulnerability in Eve-Nuke Forum 0.1

PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

10.0
2007-03-30 CVE-2007-1770 Esri Stack Buffer Overflow vulnerability in ESRI ArcSDE Server

Buffer overflow in the ArcSDE service (giomgr) in Environmental Systems Research Institute (ESRI) ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service (giomgr crash) and execute arbitrary code via long parameters in crafted requests.

10.0
2007-03-30 CVE-2007-1766 Msxstudios Remote File Include vulnerability in MsxStudios Advanced Login ProfileEdit.PHP

PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

10.0
2007-03-28 CVE-2007-1733 Intervations Buffer Overflow vulnerability in Intervations Navicopa web Server 2.01

Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows remote attackers to execute arbitrary code via a long (1) /cgi-bin/ or (2) /cgi/ pathname in an HTTP GET request, probably a different issue than CVE-2006-5112.

10.0
2007-03-28 CVE-2007-1675 IBM Buffer Overflow vulnerability in IBM Lotus Domino IMAP Cram-MD5

Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.

10.0
2007-03-28 CVE-2007-1731 Hpaftpd Remote Buffer Overflow vulnerability in Hpaftpd 1.01

Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP command.

10.0
2007-03-28 CVE-2007-1724 Reactos Remote Security vulnerability in Reactos 0.3.1

Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.

10.0
2007-03-28 CVE-2007-1722 Signkorea Remote Buffer Overflow vulnerability in SignKorea SKCommAX ActiveX Control 6.6.0.13280/7.2.0.2

Buffer overflow in the DownloadCertificateExt function in SignKorea SKCommAX ActiveX control module 7.2.0.2 and 3280 6.6.0.1 allows remote attackers to execute arbitrary code via a long pszUserID argument.

10.0
2007-03-28 CVE-2007-1721 Realink Remote File Include vulnerability in C-Arbre

Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse_current_category.inc.php, (5) docfile_details.php, (6) main.php, (7) mainarticle.php, (8) maindocfile.php, (9) modify.php, (10) new.php, (11) resource_details.php, or (12) smallsearch.php in lib/; or (13) mwiki/LocalSettings.php.

10.0
2007-03-27 CVE-2007-1699 Joomla
Mambo
Remote File Include vulnerability in Mambo SWMenu MosConfig_Absolute_Path Parameter

Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.

10.0
2007-03-27 CVE-2007-1697 Philex Remote And Local File Include vulnerability in Philex

PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.

10.0
2007-03-27 CVE-2007-1695 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 2.0.19

** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

10.0
2007-03-31 CVE-2007-1787 Softerra Remote File Include vulnerability in Softerra Time-Assistant

Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.

9.3
2007-03-31 CVE-2007-1784 IBM Unspecified vulnerability in IBM Lotus Sametime

The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.

9.3
2007-03-30 CVE-2006-7185 Cmsmelborp Remote Security vulnerability in Cmsmelborp Beta

PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.

9.3
2007-03-30 CVE-2007-0038 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.

9.3
2007-03-30 CVE-2007-1771 AY System Solutions Remote File Include vulnerability in AY System Solutions web Content System 2.7.1

PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.

9.3
2007-03-30 CVE-2007-1765 Microsoft
Avaya
Remote Buffer Overflow vulnerability in Microsoft Windows Cursor And Icon ANI Format Handling

Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7.

9.3
2007-03-28 CVE-2007-1735 Corel Buffer Errors vulnerability in Corel Wordperfect 13.0.0.565

Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.

9.3
2007-03-28 CVE-2007-1725 Icebb SQL Injection vulnerability in Icebb 1.0Rc5

SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.

9.3

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-30 CVE-2006-7179 Madwifi Denial of Service vulnerability in MadWIFI Channel Switch Announcement Information Elements

ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change.

7.8
2007-03-30 CVE-2006-7178 Madwifi Remote Denial of Service vulnerability in MadWifi Auth Frame IBSS

MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.

7.8
2007-03-30 CVE-2006-7177 Madwifi Denial of Service vulnerability in Madwifi 0.9.2

MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."

7.8
2007-03-30 CVE-2007-1767 AOL Denial-Of-Service vulnerability in AOL Client Software 9.0

Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.

7.8
2007-03-28 CVE-2007-1739 IBM HTML Injection vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2

Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.

7.8
2007-03-28 CVE-2007-1728 Sony Denial-Of-Service vulnerability in Sony Playstation 3 and Playstation Portable

The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.

7.8
2007-03-28 CVE-2007-1718 PHP Unspecified vulnerability in PHP

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

7.8
2007-03-26 CVE-2006-4175 SUN Remote Memory Corruption vulnerability in SUN Java System Directory Server and ONE Directory Server

The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

7.8
2007-03-31 CVE-2007-1791 Alexscriptengine SQL Injection vulnerability in Picture-Engine Wall.PHP

SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2007-03-30 CVE-2007-1779 Advanced Website Creator SQL Injection vulnerability in Advanced Website Creator

Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters, related to use of mysql_escape_string instead of mysql_real_escape_string.

7.5
2007-03-30 CVE-2007-1777 PHP Integer Overflow vulnerability in PHP Zip_Entry_Read()

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

7.5
2007-03-28 CVE-2007-1737 Opera Security Bypass vulnerability in Opera Browser 9.10

Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

7.5
2007-03-28 CVE-2007-1736 Mozilla Security Bypass vulnerability in Mozilla Firefox 2.0.0.3

Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

7.5
2007-03-28 CVE-2007-1729 Revolutionproducts SQL Injection vulnerability in Revolutionproducts Flexbb 1.0.010005Beta1

SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.

7.5
2007-03-28 CVE-2007-1720 SB Websoft Local File Include vulnerability in Sb-Websoft Addressbook 1.2

Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-03-27 CVE-2006-7175 Redhat
Sendmail
Remote Security vulnerability in Sendmail 8.13.1.2

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

7.5
2007-03-27 CVE-2007-1715 Free PHP Scripts Remote Security vulnerability in Free Image Hosting 1.0/2.0

PHP remote file inclusion vulnerability in frontpage.php in Free Image Hosting 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter.

7.5
2007-03-27 CVE-2007-1712 Active WEB Softwares SQL-Injection vulnerability in Active web Softwares Active Auction House 7.1

SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-27 CVE-2007-1708 Ttcms Remote File Include vulnerability in TTCMS EZ_SQL.PHP

PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS 4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.

7.5
2007-03-27 CVE-2007-1707 NET Side NET Remote File Include vulnerability in Net Side CMS

PHP remote file inclusion vulnerability in index.php in Net Side Content Management System (Net-Side.net CMS) allows remote attackers to execute arbitrary PHP code via a URL in the cms parameter.

7.5
2007-03-27 CVE-2007-1706 Ewebquiz SQL-Injection vulnerability in Ewebquiz 8

SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.

7.5
2007-03-27 CVE-2007-1705 Active Trade Unspecified vulnerability in Active Trade Active Trade 2

SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5
2007-03-27 CVE-2007-1704 Joomla SQL Injection vulnerability in WebFormatique Car Manager Joomla Component

SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-03-27 CVE-2007-1703 Joomla SQL Injection vulnerability in Joomla RWCards Component

SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

7.5
2007-03-27 CVE-2007-1700 PHP Unspecified vulnerability in PHP

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

7.5
2007-03-27 CVE-2007-1696 Active WEB Softwares SQL Injection vulnerability in Active Newsletter ViewNewspapers.ASP

SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.

7.5
2007-03-26 CVE-2007-1692 Microsoft Configuration vulnerability in Microsoft Windows 2000 and Windows 2003 Server

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer.

7.5
2007-03-28 CVE-2007-1734 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.20/2.6.20.1/2.6.20.2

The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a denial of service (oops), a related issue to CVE-2007-1730.

7.2
2007-03-28 CVE-2007-1719 Freebsd
Jason W Bacon
Local Security vulnerability in Jason W. Bacon Mcweject 0.9

Buffer overflow in eject.c in Jason W.

7.2
2007-03-31 CVE-2007-1785 Broadcom
CA
The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.
7.1
2007-03-30 CVE-2007-1772 HP Denial Of Service vulnerability in HP Jetdirect FTP Print Server RERT Command

The FTP service in HP JetDirect print servers allows remote attackers to cause a denial of service (engine crash) via a RETR command with a long pathname.

7.1
2007-03-30 CVE-2007-1763 Microsoft Denial-Of-Service vulnerability in Windows Vista

The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows user-assisted remote attackers to cause a denial of service (crash) via a crafted JPG image, as demonstrated by a slideshow, possibly due to a buffer overflow.

7.1

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-28 CVE-2007-1738 Truecrypt Foundation Local Privilege Escalation vulnerability in TrueCrypt Mount Set-EUID

TrueCrypt 4.3, when installed setuid root, allows local users to cause a denial of service (filesystem unavailability) or gain privileges by mounting a crafted TrueCrypt volume, as demonstrated using (1) /usr/bin or (2) another user's home directory, a different issue than CVE-2007-1589.

6.9
2007-03-31 CVE-2007-1790 Kaqoo Code Injection vulnerability in Kaqoo Auction Software

Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction Software Free Edition allow remote attackers to execute arbitrary PHP code via a URL in the install_root parameter to (1) support.inc.php, (2) function.inc.php, (3) rdal_object.inc.php, (4) rdal_editor.inc.php.

6.8
2007-03-31 CVE-2007-1789 Flyspray Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9

Flyspray 0.9.9 allows remote attackers to obtain sensitive information (private project summaries) via direct requests.

6.8
2007-03-31 CVE-2007-1788 Flyspray Security Bypass And Information Disclosure vulnerability in Flyspray 0.9.9

Flyspray 0.9.9, when output_buffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request.

6.8
2007-03-31 CVE-2007-1786 Hitachi Products Unspecified SQL Injection vulnerability in Hitachi

SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

6.8
2007-03-30 CVE-2006-7184 Photography ON THE NET Remote File Include vulnerability in Exhibit Engine Toroot Parameter

Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php.

6.8
2007-03-30 CVE-2007-1776 Design FOR Joomla SQL Injection vulnerability in Design FOR Joomla D4J Ezine

SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.

6.8
2007-03-30 CVE-2007-1775 Jbrowser Unspecified vulnerability in Jbrowser

Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 and earlier allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.

6.8
2007-03-30 CVE-2006-7180 Madwifi Multiple vulnerability in MADWiFi IEEE80211_Output.C Unencrypted Data Packet

ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.

6.8
2007-03-28 CVE-2007-1723 Ciphertrust Cross-Site Scripting vulnerability in Ciphertrust Ironmail 6.1.1

Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.

6.8
2007-03-27 CVE-2007-1714 Cccounter Cross-Site Scripting vulnerability in Cccounter 2.0

Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.

6.8
2007-03-27 CVE-2007-1711 PHP Unspecified vulnerability in PHP 4.4.5/4.4.6

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION.

6.8
2007-03-27 CVE-2007-1702 Mambo Remote File Include vulnerability in Mambo FlatMenu Module MosConfig_Absolute_Path

PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-03-27 CVE-2007-1701 PHP Deserialization of Untrusted Data vulnerability in PHP

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with "_SESSION|s:39:".

6.8
2007-03-30 CVE-2007-1677 Navision Software
Netbsd
Buffer Overflow vulnerability in NetBSD ISO(4)

Multiple buffer overflows in the ISO network protocol support in the NetBSD kernel 2.0 through 4.0_BETA2, and NetBSD-current before 20070329, allow local users to execute arbitrary code via long parameters to certain functions, as demonstrated by a long sockaddr structure argument to the clnp_route function.

6.6
2007-03-28 CVE-2007-1730 Linux Local Information Disclosure vulnerability in Linux Kernel 2.6.20/2.6.20.1/2.6.20.2

Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.

6.6
2007-03-28 CVE-2007-1727 HP
Linux
Microsoft
SUN
Remote Unauthorized Access vulnerability in HP OpenView Network Node Manager

Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, 7.50, and 7.51 allows remote authenticated users to access certain privileged "facilities" via unspecified vectors.

6.5
2007-03-28 CVE-2007-1726 Icebb Remote PHP Code Execution vulnerability in Icebb 1.0Rc5

Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to upload arbitrary files via the avatar function, which can later be accessed in uploads/.

6.5
2007-03-27 CVE-2007-1713 B21Soft Unspecified vulnerability in B21Soft Basp21 2003.0211

CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, and BASP21 Pro 1.0.702.27 and earlier, allows remote attackers to inject arbitrary headers into e-mail messages via CRLF sequences in Subject lines.

6.4
2007-03-30 CVE-2007-1764 Faststone Buffer Overflow vulnerability in Faststone Image Viewer 2.8

Stack-based buffer overflow in FastStone Image Viewer 2.8 allows user-assisted remote attackers to execute arbitrary code via a crafted JPG image.

6.0
2007-03-30 CVE-2007-1762 Mozilla Security Bypass vulnerability in Mozilla Firefox 2.0.0.1/2.0.0.2/2.0.0.3

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

5.0
2007-03-28 CVE-2007-1717 PHP Unspecified vulnerability in PHP

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages.

5.0
2007-03-27 CVE-2007-1698 Philex Remote And Local File Include vulnerability in Philex

download.php in Philex 0.2.3 and earlier allows remote attackers to read arbitrary files and source code, and obtain sensitive information via the file parameter.

5.0
2007-03-30 CVE-2007-1782 Cruiseworks Denial-Of-Service vulnerability in Cruiseworks

CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact.

4.6
2007-03-30 CVE-2007-1781 Minna DE Office Unspecified vulnerability in Minna DE Office Minna DE Office

Minna De Office 1.x and 2.x does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact.

4.6
2007-03-30 CVE-2007-1780 Overlay Weaver Cross-Site Scripting vulnerability in Overlay Weaver Overlay Weaver 0.5.10/0.5.11/0.5.9

Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms.

4.3
2007-03-30 CVE-2007-1774 Unverse NET Cross-Site Scripting vulnerability in Unverse.Net Abitwhizzy

Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php.

4.3
2007-03-30 CVE-2007-1768 Mephisto HTML Injection vulnerability in Mephisto Blog Author Comment

Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.

4.3
2007-03-30 CVE-2007-1349 Apache Resource Management Errors vulnerability in Apache Test, Http Server and MOD Perl

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

4.3
2007-03-29 CVE-2006-4843 IBM HTML Injection vulnerability in IBM Lotus Domino Web Access Email Message

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.

4.3
2007-03-27 CVE-2006-7176 Redhat
Sendmail
Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages.

4.3
2007-03-27 CVE-2007-1710 PHP Security Bypass vulnerability in PHP 4.4.4/5.1.6/5.2.1

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.

4.3
2007-03-27 CVE-2007-1709 PHP Buffer Errors vulnerability in PHP 5.2.1

Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

4.3
2007-03-26 CVE-2007-1679 Horde HTML Injection vulnerability in Horde Groupware 1.0

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.php and (2) ingo/rule.php.

4.3
2007-03-26 CVE-2007-1678 Fizzle HTML Injection vulnerability in Fizzle 0.5

Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI handler.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-03-28 CVE-2007-1732 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.1.2

** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter.

3.5
2007-03-27 CVE-2007-1716 Redhat Unspecified vulnerability in Redhat Enterprise Linux 4.4

pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.

3.4
2007-03-30 CVE-2007-1773 Unverse NET Path Traversal vulnerability in Unverse.Net Abitwhizzy

Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a ..

2.6