Weekly Vulnerabilities Reports > April 9 to 15, 2007

Overview

154 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 141 products from 109 vendors including Microsoft, IBM, HP, Apple, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Improper Authentication", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".

  • 138 reported vulnerabilities are remotely exploitables.
  • 47 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 145 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-13 CVE-2007-1748 Microsoft Buffer Errors vulnerability in Microsoft Windows 2000 and Windows 2003 Server

Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.

10.0
2007-04-11 CVE-2007-1959 Tinymux Remote Security vulnerability in TinyMUX

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."

10.0
2007-04-11 CVE-2007-1955 Signkorea Buffer Overflow vulnerability in Signkorea Skcommax Activex Control 5.4.1.2

Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722.

10.0
2007-04-11 CVE-2007-1946 Microsoft Denial of Service vulnerability in Microsoft Windows Explorer BMP Image

Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.

10.0
2007-04-10 CVE-2007-1917 IBM
Apple
HP
Linux
Microsoft
Siemens
SUN
SAP
Buffer Overflow vulnerability in SAP RFC Library System_Create_Instance Function

Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2007-04-10 CVE-2007-1916 IBM
Apple
HP
Linux
Microsoft
Siemens
SUN
SAP
Buffer Overflow vulnerability in SAP RFC_Start_Gui RFC Function

Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors.

10.0
2007-04-10 CVE-2007-0938 Microsoft Remote Code Execution vulnerability in Microsoft Content Management Server 2001/2002

Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."

10.0
2007-04-10 CVE-2007-1687 Internet Pictures Corporation Buffer Overflow vulnerability in IPIX Image Well ActiveX Controls

Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.

10.0
2007-04-12 CVE-2007-1993 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Hp-Ux B.11.00/B.11.11/B.11.23

Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."

9.3
2007-04-11 CVE-2007-1559 Roxio Remote Buffer Overflow vulnerability in Roxio Cineplayer 3.2

Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.

9.3
2007-04-11 CVE-2007-1948 Irfanview Denial-Of-Service vulnerability in Irfanview 3.99

Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.

9.3
2007-04-11 CVE-2007-1943 ACD Systems BMP Denial of Service vulnerability in ACD Systems Acdsee Photo Manager 9.0

Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.

9.3
2007-04-11 CVE-2007-1942 Faststone BMP Denial of Service vulnerability in Faststone Image Viewer 2.9

Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.

9.3
2007-04-10 CVE-2007-1922 Nullsoft Improper Input Validation vulnerability in Nullsoft Winamp 5.33

The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

9.3
2007-04-10 CVE-2007-1921 Nullsoft Remote Code Execution vulnerability in Nullsoft Winamp 5.33

LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.

9.3
2007-04-10 CVE-2007-1205 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.

9.3

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-13 CVE-2007-2026 Amavis
Gentoo
Denial of Service vulnerability in File

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.

7.8
2007-04-12 CVE-2007-1981 Microsoft
Metamod P
Denial-Of-Service vulnerability in Metamod-P

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.

7.8
2007-04-11 CVE-2007-1357 Linux Denial Of Service vulnerability in Linux Kernel AppleTalk ATalk_Sum_SKB Function

The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.

7.8
2007-04-10 CVE-2007-1930 Cattadoc Information Disclosure vulnerability in Cattadoc 2.21/3.0

Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a ..

7.8
2007-04-10 CVE-2007-1914 SAP Buffer Overflow and Informaiton vulnerability in SAP RFC_Start_Gui RFC Function

The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to obtain sensitive information (external RFC server configuration data) via unspecified vectors, a different vulnerability than CVE-2006-6010.

7.8
2007-04-13 CVE-2007-2025 Phpwiki Unspecified vulnerability in PHPwiki 1.3.11P1

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.

7.5
2007-04-12 CVE-2007-2021 Pineapple Technologies Remote Security vulnerability in Pineapple Technologies Lore 1.0

Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php.

7.5
2007-04-12 CVE-2007-2020 Xodagallery Unspecified vulnerability in Xodagallery

** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter.

7.5
2007-04-12 CVE-2007-2019 Tomex Remote Security vulnerability in Tomex PHPgalleryscript 1.0

PHP remote file inclusion vulnerability in init.gallery.php in phpGalleryScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the include_class parameter.

7.5
2007-04-12 CVE-2007-2017 Alstrasoft Remote vulnerability in AlstraSoft Video Share Enterprise

siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request.

7.5
2007-04-12 CVE-2007-2014 Mynews Remote Security vulnerability in Mynews 4.2.2

PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.

7.5
2007-04-12 CVE-2007-2008 PL PHP File-Upload vulnerability in Pl-PHP 0.9Beta

Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-12 CVE-2007-2007 PL PHP Security Bypass vulnerability in Pl-PHP 0.9Beta

admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1.

7.5
2007-04-12 CVE-2007-2006 PL PHP SQL-Injection vulnerability in pL-PHP

Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter.

7.5
2007-04-12 CVE-2007-2004 Inoutmailinglistmanager SQL-Injection vulnerability in Inoutmailinglistmanager

Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.

7.5
2007-04-12 CVE-2007-2000 Raphael Limbach SQL Injection vulnerability in Raphael Limbach Crea-Book

Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.

7.5
2007-04-12 CVE-2007-1999 Nazarkin Name Remote Security vulnerability in Weatimages

PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter.

7.5
2007-04-12 CVE-2007-1998 Hiox India Remote Security vulnerability in Hiox India Guest Book 4.0

Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php.

7.5
2007-04-12 CVE-2006-7193 Smarty Unspecified vulnerability in Smarty 2.6.1

** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter.

7.5
2007-04-12 CVE-2007-1992 Mamboxchange Remote File Include vulnerability in Mambo Com-Zoom Module MosConfig_Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.

7.5
2007-04-12 CVE-2007-1990 SAM Crew Remote Security vulnerability in Myblog

PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968.

7.5
2007-04-12 CVE-2007-1987 Phpecho CMS Unspecified vulnerability in PHPecho CMS PHPecho CMS 2.0

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php.

7.5
2007-04-12 CVE-2007-1986 Barnraiser Remote File Include vulnerability in Barnraiser Aroundme 0.7.7

Multiple PHP remote file inclusion vulnerabilities in barnraiser AROUNDMe 0.7.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_path_core parameter to inc/core_profile.header.php, the (2) template_path_core parameter to template/barnraiser_01/maint_contact_view.tpl.php, and the (3) template_path parameter to template/barnraiser_01/default.tpl.php.

7.5
2007-04-12 CVE-2007-1985 Phpexplorator Remote Security vulnerability in PHPexplorator 2.0

Multiple PHP remote file inclusion vulnerabilities in phpexplorator.php in phpexplorator 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd or (2) lang_path parameter.

7.5
2007-04-12 CVE-2007-1984 Lite CMS Remote Security vulnerability in Lite-Cms 0.2.1

PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

7.5
2007-04-12 CVE-2007-1983 Cyboards Remote File Include vulnerability in Cyboards PHP Lite 1.21

PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.

7.5
2007-04-12 CVE-2007-1982 Really Simple PHP AND Ajax Remote File Include vulnerability in Really Simple PHP and Ajax

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.

7.5
2007-04-12 CVE-2007-1980 Nick Jones Modules Index.PHP SQL Injection vulnerability in Nick Jones Topliste Module 1.0

SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2007-04-12 CVE-2007-1979 Xoops SQL Injection vulnerability in Bluemoon Inc. PopnupBlog XOOPS Module

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php.

7.5
2007-04-12 CVE-2007-1978 PHP Fusion SQL-Injection vulnerability in PHP Fusion Arcade Module 1.00

SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.

7.5
2007-04-12 CVE-2007-1976 Xoops Unspecified vulnerability in Xoops Virii Info Module

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.

7.5
2007-04-12 CVE-2007-1975 Slaed Remote Security vulnerability in Slaed CMS 2

Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.

7.5
2007-04-12 CVE-2007-1974 WF Sections
Xoops
SQL Injection vulnerability in XOOPS Module ZMagazine Print.PHP

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

7.5
2007-04-11 CVE-2007-1363 Dropafew SQL Injection vulnerability in DropAFew

Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.

7.5
2007-04-11 CVE-2007-1971 Gazi Okul Sitesi SQL Injection vulnerability in Gazi Okul Sitesi Gazi Okul Sitesi 2007

SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.

7.5
2007-04-11 CVE-2007-1963 Mybb
Mybulletinboard
SQL-Injection vulnerability in MyBB

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

7.5
2007-04-11 CVE-2007-1962 Xoops SQL Injection vulnerability in Xoops Wf-Snippets

SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.

7.5
2007-04-11 CVE-2007-1961 Phpbb Remote File Include vulnerability in PHPbb Mutant 0.9.2

PHP remote file inclusion vulnerability in mutant_functions.php in the Mutant 0.9.2 portal for phpBB 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-04-11 CVE-2007-1960 Xoops SQL Injection vulnerability in Xoops Rha7 Downloads Module 1.0/1.10

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.

7.5
2007-04-11 CVE-2007-1956 Ubbcentral SQL Injection vulnerability in UBB.Threads UBBThreads.PHP

SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.

7.5
2007-04-11 CVE-2007-1954 Archivexpert Directory Traversal vulnerability in Archivexpert 2.02Build80

Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a ..

7.5
2007-04-11 CVE-2007-1953 Onelook Improper Authentication vulnerability in Onelook Courts Online

Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

7.5
2007-04-11 CVE-2007-1952 Onelook Improper Authentication vulnerability in Onelook Onebyone CMS

Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

7.5
2007-04-11 CVE-2007-1951 Onelook Improper Authentication vulnerability in Onelook Oboshop

Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

7.5
2007-04-11 CVE-2007-1949 Webblizzard Improper Authentication vulnerability in Webblizzard Content Management System

Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

7.5
2007-04-11 CVE-2007-1945 HP
IBM
Linux
Microsoft
SUN
Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

7.5
2007-04-10 CVE-2007-1933 Dreamcodes File-Upload vulnerability in Dreamcodes Pcp-Guestbook 3.0

Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-10 CVE-2007-1932 Scar4U Local File Include vulnerability in Scar4U Scarnews 1.2.1

Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-10 CVE-2007-1931 Smodcms SQL-Injection vulnerability in SmodCMS

SQL injection vulnerability in index.php in the slownik module in SmodCMS 2.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ssid parameter.

7.5
2007-04-10 CVE-2007-1928 Witshare Local File Include vulnerability in Witshare 0.9

Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-10 CVE-2007-1923 DWS Systems INC
Ledgersmb
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.
7.5
2007-04-10 CVE-2007-1920 Smodbip SQL Injection vulnerability in Smodbip

SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.

7.5
2007-04-10 CVE-2007-1915 IBM
Apple
HP
Linux
Microsoft
Siemens
SAP
Buffer Overflow and Informaiton vulnerability in SAP RFC_Start_Gui RFC Function

Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2007-04-10 CVE-2007-1909 Ryan Haudenschilt SQL Injection vulnerability in Battle.net Clan Script Login.PHP

SQL injection vulnerability in login.php in Ryan Haudenschilt Battle.net Clan Script for PHP 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass parameter.

7.5
2007-04-13 CVE-2007-2023 Secustick Local Security vulnerability in Secustick Usb Flash Drive

USB20.dll in Secustick USB flash drive decouples the authorization and file access routines, which allows local users to bypass authentication requirements by altering the return value of the VerifyPassWord function.

7.2
2007-04-11 CVE-2007-1874 Adobe Unspecified vulnerability in Adobe Coldfusion 7.0

Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions for certain scripts and directories, which allows local users to execute arbitrary code or obtain sensitive information via the (1) CFMX7DreamWeaverExtensions.mxp, (2) CFReportBuilderInstaller.exe, (3) .com.zerog.registry.xml, (4) uninstall.lax, (5) license.txt, (6) Readme.htm, (7) .com.zerog.registry.xml, (8) k2adminstop, or (9) k2adminstart files; or (10) certain files in lib/wsconfig/.

7.2
2007-04-11 CVE-2007-1279 Apple
Adobe
Local Privilege Escalation vulnerability in Adobe Bridge 1.0.3

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

7.2
2007-04-10 CVE-2007-1209 Microsoft Resource Management Errors vulnerability in Microsoft Windows Vista

Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and closing multiple ApiPort connections, which leaves a "dangling pointer" to a process data structure.

7.2
2007-04-10 CVE-2007-1206 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0; 2000 SP4; XP SP2; Server 2003, 2003 SP1, and 2003 SP2; and Windows Vista before June 2006; uses insecure permissions (PAGE_READWRITE) for a physical memory view, which allows local users to gain privileges by modifying the "zero page" during a race condition before the view is unmapped.

7.2
2007-04-10 CVE-2007-1911 Microsoft Denial-Of-Service vulnerability in Microsoft Word 2007

Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.

7.1

76 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-11 CVE-2007-1973 Microsoft Denial-Of-Service vulnerability in Microsoft Windows NT 4.0

Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \Device\PhysicalMemory section handle, a related issue to CVE-2007-1206.

6.9
2007-04-13 CVE-2007-2024 Phpwiki Unspecified vulnerability in PHPwiki 1.3.X

Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.

6.8
2007-04-13 CVE-2007-2022 Adobe
Opera
Information Exposure vulnerability in multiple products

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to obtain sensitive information (browser keystrokes), which are leaked to the Flash Player applet.

6.8
2007-04-12 CVE-2007-2015 Request IT Remote File Include vulnerability in Request IT Request IT 1.0B

PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

6.8
2007-04-12 CVE-2007-2010 Bftpd Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bftpd

Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command.

6.8
2007-04-12 CVE-2007-2009 Simpcms Remote File Include vulnerability in Simpcms 20070410

PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.

6.8
2007-04-12 CVE-2007-2005 Joomla
Mambo
Code Injection vulnerability in multiple products

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.

6.8
2007-04-12 CVE-2007-2003 Inoutmailinglistmanager Remote Security vulnerability in Inoutmailinglistmanager

InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

6.8
2007-04-12 CVE-2007-2002 Inoutmailinglistmanager Remote Security vulnerability in Inoutmailinglistmanager

InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.

6.8
2007-04-12 CVE-2007-1996 Codebreak Code Injection vulnerability in Codebreak

PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.

6.8
2007-04-11 CVE-2007-1968 SAM Crew Remote File Include vulnerability in MyBlog Games.PHP

PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.

6.8
2007-04-11 CVE-2007-1967 Stat12 Unspecified vulnerability in Stat12

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter.

6.8
2007-04-11 CVE-2007-1957 Guernion Sylvain Portail Remote Security vulnerability in Web Php

Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.

6.8
2007-04-10 CVE-2007-1939 Daniel Naber Cross-Site Scripting vulnerability in LanguageTool

Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.

6.8
2007-04-10 CVE-2007-1937 Dreamcodes Remote Security vulnerability in Dreamcodes Scorp Book 1.0

PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.

6.8
2007-04-10 CVE-2007-1936 Scar4U DE Remote Security vulnerability in Scar4U.De Scaradcontroller 1.1

PHP remote file inclusion vulnerability in scaradcontrol.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sac_config_dir parameter.

6.8
2007-04-10 CVE-2007-1935 Scar4U DE Remote Security vulnerability in Scar4U.De Scaradcontroller 1.1

PHP file inclusion vulnerability in admin/index.php in ScarAdControl (ScarAdController) 1.1 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the site parameter, which is accessed by the file_exists function.

6.8
2007-04-10 CVE-2007-1934 PHP Nuke Local File Include vulnerability in PHP-Nuke Eboard Module 1.0.7

Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-04-10 CVE-2007-1926 Jbmc Software HTML Injection vulnerability in DirectAdmin Logfile

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.

6.8
2007-04-10 CVE-2007-1924 Phpcontact Unspecified vulnerability in PHPcontact

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpContact allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) contact_business.php or (2) contact_person.php.

6.8
2007-04-10 CVE-2007-1912 Microsoft Heap Overflow vulnerability in Microsoft Windows Help File

Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file.

6.8
2007-04-10 CVE-2007-1910 Microsoft Document File Buffer Overflow vulnerability in Microsoft Word 2007

Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.

6.8
2007-04-10 CVE-2007-1908 Php121 Local File Include vulnerability in PHP121 Instant Messenger 2.2

PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.

6.8
2007-04-10 CVE-2007-1907 Pathos Remote File Include vulnerability in Pathos Content Management System 0.92.2

PHP remote file inclusion vulnerability in warn.php in Pathos Content Management System (CMS) 0.92-2 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

6.8
2007-04-10 CVE-2007-1906 Ecardmax COM
Mybb
Local File Include vulnerability in eCardMAX HotEditor

Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-04-10 CVE-2007-1204 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Windows XP

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in Microsoft Windows XP SP2 allows remote attackers on the same subnet to execute arbitrary code via crafted HTTP headers in request or notification messages, which trigger memory corruption.

6.8
2007-04-09 CVE-2007-1895 SKY Gunning Remote Security vulnerability in Myspeach

PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

6.8
2007-04-12 CVE-2007-2018 Alstrasoft SQL-Injection vulnerability in Video Share Enterprise

SQL injection vulnerability in msg.php in AlstraSoft Video Share Enterprise allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

6.5
2007-04-12 CVE-2007-2001 Crea Book Remote Security vulnerability in Crea-book

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

6.5
2007-04-10 CVE-2007-1925 TRU Zone Unspecified vulnerability in Tru-Zone Nukeet

The borrado function in modules/Your_Account/index.php in Tru-Zone Nuke ET 3.4 before fix 7 does not verify that account deletion requests come from the account owner, which allows remote authenticated users to delete arbitrary accounts via a modified cookie.

6.5
2007-04-09 CVE-2007-1897 Wordpress SQL Injection vulnerability in Wordpress

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

6.5
2007-04-11 CVE-2007-1364 Dropafew SQL Injection vulnerability in DropAFew

DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.

6.4
2007-04-12 CVE-2007-1995 Quagga Improper Input Validation vulnerability in Quagga

bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read.

6.3
2007-04-13 CVE-2007-1741 Apache Race Condition vulnerability in Apache Http Server 2.2.3

Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks.

6.2
2007-04-11 CVE-2007-1964 Mybb
Mybulletinboard
Denial-Of-Service vulnerability in MyBulletinBoard

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

6.0
2007-04-12 CVE-2007-2012 Mimarsinan Directory Traversal vulnerability in Mimarsinan Comprexx 4.1

Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a ..

5.8
2007-04-09 CVE-2007-1896 SKY Gunning Directory Traversal vulnerability in Myspeach

Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a ..

5.8
2007-04-10 CVE-2007-0734 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.

5.4
2007-04-13 CVE-2007-2028 Freeradius Remote Denial Of Service vulnerability in FreeRadius EAP-TTLS Tunnel Memory Leak

Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.

5.0
2007-04-11 CVE-2007-1970 Mozilla Remote Security vulnerability in Firefox

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

5.0
2007-04-11 CVE-2007-1966 Exv2 Improper Authentication vulnerability in Exv2 Content Management System 2.0.4.3

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

5.0
2007-04-11 CVE-2007-1958 Tinymux Denial-Of-Service vulnerability in TinyMUX

Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.

5.0
2007-04-11 CVE-2007-1944 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Websphere Application Server

The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.

5.0
2007-04-10 CVE-2007-1929 GNA Unspecified vulnerability in GNA Beryo 2.0/2.4

Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and possibly other versions including 2.4, allows remote attackers to read arbitrary files via a ..

5.0
2007-04-10 CVE-2007-1918 IBM
Apple
HP
Linux
Microsoft
Siemens
SUN
SAP
Denial of Service vulnerability in SAP RFC_Set_Reg_Server_Property RFC Function

The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors.

5.0
2007-04-10 CVE-2007-1913 IBM
Apple
HP
Linux
Microsoft
Siemens
SUN
SAP
Information Disclosure vulnerability in SAP RFC Library Trusted_System_Security Function

The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010.

5.0
2007-04-10 CVE-2007-1900 PHP Unspecified vulnerability in PHP 5.2.0/5.2.1

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.

5.0
2007-04-12 CVE-2007-1994 HP Denial Of Service vulnerability in HP Hp-Ux 11.00

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors.

4.9
2007-04-11 CVE-2007-1940 IBM Unspecified vulnerability in IBM Tivoli Business Service Manager 4.1

IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.

4.9
2007-04-09 CVE-2007-1893 Wordpress Permissions, Privileges, and Access Controls vulnerability in Wordpress

xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."

4.9
2007-04-10 CVE-2006-4250 Debian Local Buffer Overflow vulnerability in Debian Linux 3.1

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

4.6
2007-04-13 CVE-2007-2027 Elinks USE of Externally-Controlled Format String vulnerability in Elinks 0.11.1

Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.

4.4
2007-04-13 CVE-2007-1743 Apache Local Security vulnerability in Apache Http Server 2.2.3

suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted.

4.4
2007-04-13 CVE-2007-1873 Mephisto Cross-Site Scripting vulnerability in Mephisto 0.7.3

Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.

4.3
2007-04-13 CVE-2007-1872 Toenda Software Development HTML Injection vulnerability in Toenda Software Development Toendacms 1.5.3

Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id.

4.3
2007-04-13 CVE-2007-1871 Chcounter HTML Injection vulnerability in Chcounter 3.1.3

Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.

4.3
2007-04-12 CVE-2007-2016 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.6.1

Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

4.3
2007-04-12 CVE-2007-2013 JEX Treme Cross-Site Scripting vulnerability in Einfacher Passworschutz

Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2007-04-12 CVE-2007-2011 Deskpro HTML Injection vulnerability in Deskpro 2.0.1

Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2007-04-12 CVE-2007-1991 Youngzsoft Cross-Site Scripting vulnerability in Youngzsoft CMailServer Comment Parameter

Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.

4.3
2007-04-12 CVE-2007-1989 Dotclear Cross-Site Scripting vulnerability in DotClear

Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php.

4.3
2007-04-12 CVE-2007-1988 Phpecho CMS Cross-Site Scripting vulnerability in PHPecho CMS PHPecho CMS 2.0

Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-04-12 CVE-2007-1977 Holacms Cross-Site Scripting vulnerability in Holacms 1.4.10

Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.

4.3
2007-04-11 CVE-2007-1969 SAM Crew Cross-Site Scripting vulnerability in Myblog

Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-04-11 CVE-2007-1965 Exv2 Cross-Site Scripting vulnerability in EXV2 CMS

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.

4.3
2007-04-11 CVE-2007-1950 Webblizzard Cross-Site Scripting vulnerability in Content Management System

Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.

4.3
2007-04-11 CVE-2007-1941 IBM HTML Injection vulnerability in IBM Lotus Domino Web Access Active Content Filter

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.

4.3
2007-04-10 CVE-2007-1938 Ichitaro Buffer Errors vulnerability in Ichitaro 2005/2006/2007

Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting (XSS).

4.3
2007-04-10 CVE-2007-1927 Youngzsoft Cross-Site Scripting vulnerability in Youngzsoft CMailServer Signup.ASP

Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.

4.3
2007-04-10 CVE-2007-1919 Arizona Dream Cross-Site Scripting vulnerability in Arizona-Dream Livre D OR Livor 2.5

Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2007-04-10 CVE-2007-1905 Pineapple Technologies Cross-Site Scripting vulnerability in Pineapple Technologies Quizshock

Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".

4.3
2007-04-10 CVE-2007-1904 AOL Directory Traversal vulnerability in AOL ICQ and Instant Messenger

Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a ..

4.3
2007-04-10 CVE-2007-1841 Ipsec Tools Remote Denial Of Service vulnerability in IPSec-Tools

The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.

4.3
2007-04-10 CVE-2006-7192 Microsoft Unspecified vulnerability in Microsoft .Net Framework 2.0

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.

4.3
2007-04-10 CVE-2007-0939 Microsoft Cross-Site Scripting vulnerability in Microsoft Content Management Server 2001/2002

Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."

4.3
2007-04-09 CVE-2007-1894 Wordpress HTML Injection vulnerability in WordPress WP_Title Function

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-13 CVE-2007-1742 Apache Local Security vulnerability in Apache Http Server 2.2.3

suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory.

3.7
2007-04-11 CVE-2007-1947 Parakey INC Security Bypass vulnerability in Firebug

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.

3.5