Weekly Vulnerabilities Reports > April 23 to 29, 2007

Overview

174 new vulnerabilities reported during this period, including 30 critical vulnerabilities and 88 high severity vulnerabilities. This weekly summary report vulnerabilities in 186 products from 147 vendors including Apple, Phorum, Microsoft, HP, and Asterisk. Vulnerabilities are notably categorized as "Code Injection", "Resource Management Errors", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 162 reported vulnerabilities are remotely exploitables.
  • 49 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 168 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

30 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-27 CVE-2007-2333 Nortel Remote Unauthorized Access vulnerability in Nortel Contivity, VPN Router 5000 and VPN Router Portfolio

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.

10.0
2007-04-27 CVE-2007-2325 Mynewsgroup Remote File Include vulnerability in MyNewsGroups Include.PHP

PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.

10.0
2007-04-27 CVE-2007-2323 Intervideo Remote Buffer Overflow vulnerability in Intervideo Home Theater 2.1.13.0/2.5.13.58

Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method.

10.0
2007-04-27 CVE-2007-2321 Silverstripe Remote Security vulnerability in Silverstripe 2.0.0

Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.

10.0
2007-04-26 CVE-2007-2316 Open Business Management Authentication Bypass vulnerability in Open Business Management Open Business Management 1.2.4

Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."

10.0
2007-04-26 CVE-2007-2282 Cisco Remote Default Account vulnerability in Cisco NetFlow Collection Engine

Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.

10.0
2007-04-25 CVE-2007-2266 Progress Unspecified vulnerability in Progress Webspeed Messenger

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

10.0
2007-04-25 CVE-2007-2139 Broadcom
CA
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
10.0
2007-04-24 CVE-2007-2200 Pagode Directory Traversal vulnerability in Pagode 0.5.8

Directory traversal vulnerability in navigator/navigator_ok.php in Pagode 0.5.8 allows remote attackers to read and possibly delete arbitrary files via a ..

10.0
2007-04-24 CVE-2007-2171 Novell Remote Buffer Overflow vulnerability in Novell Groupwise 7.0

Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in an HTTP Basic Authentication request.

10.0
2007-04-24 CVE-2007-2194 Gentoo Buffer Overflow vulnerability in Gentoo Xnview 1.90.3

Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string.

10.0
2007-04-24 CVE-2007-2188 Extremail Buffer Overflow And DNS Spoofing vulnerability in Extremail 2.1/2.1.1

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

10.0
2007-04-24 CVE-2007-2187 Extremail Buffer Overflow And DNS Spoofing vulnerability in Extremail 2.1/2.1.1

Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response.

10.0
2007-04-24 CVE-2007-0746 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".

10.0
2007-04-24 CVE-2007-2176 Mozilla Remote Security vulnerability in Firefox

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors.

10.0
2007-04-24 CVE-2007-2173 Gentoo
Double Precision Incorporated
Unspecified vulnerability in Double Precision Incorporated Courier-Imap

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

10.0
2007-04-25 CVE-2007-2271 Rajneel LAL Totaram Directory Traversal vulnerability in Rajneel LAL Totaram USP Foss Distribution 1.01

Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a ..

9.4
2007-04-24 CVE-2007-2170 Oracle Unspecified vulnerability in Oracle E-Business Suite

The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes.

9.4
2007-04-26 CVE-2007-2318 Filezilla Format String vulnerability in FileZilla

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server.

9.3
2007-04-26 CVE-2007-2296 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.

9.3
2007-04-26 CVE-2007-2295 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

9.3
2007-04-26 CVE-2007-2284 ABC View Buffer Overflow vulnerability in Abc-View Manager 1.42

Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.

9.3
2007-04-26 CVE-2007-2283 Freshdevices Buffer Overflow vulnerability in Freshdevices Freshview 7.15

Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.

9.3
2007-04-25 CVE-2007-2244 Adobe Buffer Errors vulnerability in Adobe Golive, Illustrator and Photoshop

Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.

9.3
2007-04-24 CVE-2007-2193 ACD Systems Buffer Overflow vulnerability in ACD Systems Acdsee and Photo Editor

Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string.

9.3
2007-04-24 CVE-2007-2192 Antonio DA Cruz Buffer Overflow vulnerability in Antonio DA Cruz Photofiltre Studio 8.1.1

Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.

9.3
2007-04-24 CVE-2007-0736 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

9.3
2007-04-24 CVE-2007-0735 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.

9.3
2007-04-24 CVE-2007-0443 Gracenote Buffer Overflow vulnerability in GraceNote CDDBControl Multple Parameters ActiveX Control

Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.

9.3
2007-04-27 CVE-2007-2332 Nortel Remote Unauthorized Access vulnerability in Nortel VPN Routers

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.

9.0

88 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-27 CVE-2007-2344 Enterasys Denial-Of-Service vulnerability in Enterasys Netsight Console and Netsight Inventory Manager

The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that contains an invalid "packet type" field.

7.8
2007-04-27 CVE-2007-2336 Intervations Denial-Of-Service vulnerability in Intervations Navicopa web Server 2.0120070323

Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 20070323 allows remote attackers to cause a denial of service (daemon crash) via crafted HTTP requests, as demonstrated by long requests containing '\A' characters, probably a different issue than CVE-2006-5112 and CVE-2007-1733.

7.8
2007-04-27 CVE-2007-2324 Julmajanne Directory Traversal vulnerability in Julmajanne Julmacms 1.4

Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows remote attackers to read arbitrary files via a ..

7.8
2007-04-27 CVE-2007-2322 Nero Improper Input Validation vulnerability in Nero Mediahome and Mediahome CE

NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences.

7.8
2007-04-26 CVE-2007-2315 Minishare Denial-Of-Service vulnerability in Minimal HTTP Server

MiniShare 1.5.4, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a flood of requests for new connections.

7.8
2007-04-26 CVE-2007-2297 Asterisk Remote Denial of Service vulnerability in Asterisk SIP Channel Driver UDP Packets

The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

7.8
2007-04-26 CVE-2007-2294 Asterisk Remote Denial of Service vulnerability in Asterisk ManagerInterface Manager.Conf

The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.

7.8
2007-04-26 CVE-2007-2285 Jack Slocum Directory Traversal vulnerability in Jack Slocum EXT JS 1.0Alpha1

Directory traversal vulnerability in examples/layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1 (Ext JS) allows remote attackers to read arbitrary files via a ..

7.8
2007-04-25 CVE-2007-2276 3Com Resource Management Errors vulnerability in 3Com Tippingpoint IPS

** DISPUTED ** 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging."

7.8
2007-04-25 CVE-2007-2274 Opera Software Resource Management Errors vulnerability in Opera Software Opera 9.2

The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service (CPU consumption and application crash) via a malformed torrent file.

7.8
2007-04-25 CVE-2007-2270 Linksys Denial of Service vulnerability in Linksys SPA941 377 Character

The Linksys SPA941 VoIP Phone allows remote attackers to cause a denial of service (device reboot) via a 0377 (0xff) character in the From header, and possibly certain other locations, in a SIP INVITE request.

7.8
2007-04-25 CVE-2006-7197 Apache Information Disclosure vulnerability in Apache Tomcat 5.5.15

The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.

7.8
2007-04-25 CVE-2007-2246 HP
Sendmail
Resource Management Errors vulnerability in Sendmail 8.11.1/8.9.3

Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors.

7.8
2007-04-25 CVE-2007-2242 Openbsd
Ietf
Netbsd
Freebsd
Denial of Service vulnerability in IPv6 Protocol Type 0 Route Header

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

7.8
2007-04-24 CVE-2007-2213 Ipswitch Remote Denial of Service vulnerability in Ipswitch WS FTP 2007

Unspecified vulnerability in the Initialize function in NetscapeFTPHandler in WS_FTP Home and Professional 2007 allows remote attackers to cause a denial of service (NULL dereference and application crash) via unspecified vectors related to "improper arguments."

7.8
2007-04-24 CVE-2007-2210 Netsprint Denial of Service vulnerability in Netsprint ASK IE Toolbar 1.1

A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar 1.1 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long AddAllowed property value, related to "improper memory handling," possibly a buffer overflow.

7.8
2007-04-24 CVE-2007-2135 Oracle Unspecified vulnerability in Oracle E-Business Suite

The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter.

7.8
2007-04-24 CVE-2007-2179 Raiden Professional Servers Remote Denial of Service Vulnerabilitie in Raidenftpd 2.4.2240/2.4.2241

Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.

7.8
2007-04-24 CVE-2007-2178 Objective Development Denial of Service vulnerability in Objective Development Sharity 3.2

Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

7.8
2007-04-24 CVE-2007-0742 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

7.8
2007-04-26 CVE-2007-2293 Asterisk Remote Stack Buffer Overflow vulnerability in Asterisk 1.4.1/1.4.2/1.4Beta

Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.

7.6
2007-04-24 CVE-2007-2175 Apple Unspecified vulnerability in Apple Safari

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.

7.6
2007-04-27 CVE-2007-2347 Oneclick CMS
Sisplet CMS
Remote File Include vulnerability in Sisplet CMS Komentar.PHP

PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

7.5
2007-04-27 CVE-2007-2346 PHP Generics Remote File Include vulnerability in PHP-Generics 1.0Beta

Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php.

7.5
2007-04-27 CVE-2007-2345 Codewand Remote File Include vulnerability in CodeWand PHPBrowse Include_Stream.Inc.PHP

PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.

7.5
2007-04-27 CVE-2007-2343 Enterasys Remote Security vulnerability in Enterasys Netsight Console and Netsight Inventory Manager

Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.

7.5
2007-04-27 CVE-2007-2342 Creascripts SQL Injection vulnerability in Creascripts Creadirectory 1.2

SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083.

7.5
2007-04-27 CVE-2007-2341 Phpbandmanager Remote File Include vulnerability in PHPbandmanager 0.8

PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter.

7.5
2007-04-27 CVE-2007-2339 Phorum SQL-Injection vulnerability in Phorum

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

7.5
2007-04-27 CVE-2007-2338 Phorum Input Validation vulnerability in Phorum

Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.

7.5
2007-04-27 CVE-2007-2334 Nortel Remote Unauthorized Access vulnerability in Nortel Contivity and VPN Router 5000

Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.

7.5
2007-04-27 CVE-2007-2331 Shop Script Remote Security vulnerability in Shop-Script 2.0

PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the lang_list parameter.

7.5
2007-04-27 CVE-2007-2330 Dynatracker Remote File Include vulnerability in Dynatracker 151

PHP remote file inclusion vulnerability in includes_handler.php in DynaTracker 151 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

7.5
2007-04-27 CVE-2007-2329 Searchactivity Remote Security vulnerability in Searchactivity

PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2007-04-27 CVE-2007-2328 Phpmytgp Remote Security vulnerability in PHPmytgp 1.4B

PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstr[PROGSDIR] parameter.

7.5
2007-04-27 CVE-2007-2327 Labs4 Remote File Include vulnerability in Labs4 Htmleditbox 2.2

PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the settings[app_dir] parameter.

7.5
2007-04-27 CVE-2007-2326 Goldcoders Remote File Include vulnerability in HYIP Manager Pro

Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4) core.load_plugins.php, (5) core.load_resource_plugin.php, (6) core.process_cached_inserts.php, (7) core.process_compiled_include.php, and (8) core.read_cache_file.php in inc/libs/core/; and other unspecified files.

7.5
2007-04-26 CVE-2007-2320 Papoo SQL Injection vulnerability in Papoo Kontakt.PHP

SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier allows remote attackers to execute arbitrary SQL commands via the menuid parameter, a different vector than CVE-2005-4478.

7.5
2007-04-26 CVE-2007-2317 Minibb
Tosmo Mambo
Remote File Include vulnerability in TOSMO/Mambo Absolute_Path

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php.

7.5
2007-04-26 CVE-2007-2313 Mxbb Remote File Include vulnerability in Mxbb MX Shotcast 1.0Rc2

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.

7.5
2007-04-26 CVE-2007-2312 Vwar SQL-Injection vulnerability in Vwar Virtual WAR 1.5.0R15

Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 R15 module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the n parameter to extra/online.php and other unspecified scripts in extra/.

7.5
2007-04-26 CVE-2007-2311 Bloofoxcms Unspecified vulnerability in Bloofoxcms 0.2.2

** DISPUTED ** PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter.

7.5
2007-04-26 CVE-2007-2307 Webkalk2 Remote File Include vulnerability in Webkalk2 1.9.0

PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

7.5
2007-04-26 CVE-2007-2305 Qdblog SQL-Injection vulnerability in QDBlog

Multiple SQL injection vulnerabilities in authenticate.php in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2007-04-26 CVE-2007-2304 Qdblog Scripts Multiple Input Validation vulnerability in QDBlog

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a ..

7.5
2007-04-26 CVE-2007-2302 Expow Remote File Include vulnerability in Expow 0.8

PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_file parameter.

7.5
2007-04-26 CVE-2007-2301 Arash Remote File Include vulnerability in Arash Audiocms 0.1.4

Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlib_dir parameter to (1) edit.inc.php and (2) list_features.inc.php in arash_lib/include, and (3) arash_gadmin.class.php and (4) arash_sadmin.class.php in arash_lib/class/.

7.5
2007-04-26 CVE-2007-2299 Frogss SQL Injection vulnerability in Frogss CMS

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php, or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php, different vectors than CVE-2006-4536.

7.5
2007-04-26 CVE-2007-2298 Gforge Remote File Include vulnerability in Garennes Repertoire_Config

Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertoire_config parameter to index.php in (1) cpe/, (2) direction/, or (3) professeurs/.

7.5
2007-04-26 CVE-2007-2291 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0.5730.11

CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.

7.5
2007-04-26 CVE-2007-2290 Cafelog Remote File Include vulnerability in Cafelog B2 0.6.1

Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php.

7.5
2007-04-26 CVE-2007-2289 Alexscriptengine Remote Security vulnerability in Alexscriptengine Download-Engine 1.4.1

PHP remote file inclusion vulnerability in admin/includes/spaw/dialogs/insert_link.php in download engine (Download-Engine) 1.4.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the spaw_root parameter, a different vector than CVE-2007-2255.

7.5
2007-04-26 CVE-2007-2288 Doruk100 NET Remote File Include vulnerability in Doruk100Net Info.PHP

PHP remote file inclusion vulnerability in info.php in Doruk100.net doruk100net allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

7.5
2007-04-26 CVE-2007-2287 Comus Remote File Include vulnerability in Comus Accept.PHP

PHP remote file inclusion vulnerability in accept.php in comus 2.0 Final allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2007-04-26 CVE-2007-2286 Built2Go Remote File Include vulnerability in Built2Go PHP Link Portal 1.79

PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_db parameter.

7.5
2007-04-25 CVE-2007-2278 DCP Portal Remote Security vulnerability in Dcp-Portal 6.1.1

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the path parameter to library/adodb/adodb.inc.php, (2) the abs_path_editor parameter to library/editor/editor.php, or (3) the cfgfile_to_load parameter to admin/phpMyAdmin/libraries/common.lib.php.

7.5
2007-04-25 CVE-2007-2277 Plogger Improper Authentication vulnerability in Plogger

Session fixation vulnerability in Plogger allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

7.5
2007-04-25 CVE-2007-2273 Alessandro Lulli Remote File Include vulnerability in Alessandro Lulli Wavewoo 0.1.1

PHP remote file inclusion vulnerability in include/loading.php in Alessandro Lulli wavewoo 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter.

7.5
2007-04-25 CVE-2007-2272 Advanced Webhost Billing System Remote File Include vulnerability in Advanced Webhost Billing System Advanced Webhost Billing System 2.4.0

PHP remote file inclusion vulnerability in docs/front-end-demo/cart2.php in Advanced Webhost Billing System (AWBS) 2.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the workdir parameter.

7.5
2007-04-25 CVE-2007-2262 Sinato Code Injection vulnerability in Sinato Jmuffin

Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters.

7.5
2007-04-25 CVE-2007-2261 Realink Remote Security vulnerability in C-Arbre

PHP remote file inclusion vulnerability in espaces/communiques/annotations.php in C-Arbre 0.6PR7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, a different vector than CVE-2007-1721.

7.5
2007-04-25 CVE-2007-2260 Bibtex Code Injection vulnerability in Bibtex Mase 2.0Beta

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to (1) unavailable.php, (2) source.php, (3) log.php, (4) latex.php, (5) indexinfo.php, (6) index.php, (7) importinfo.php, (8) import.php, (9) examplefile.php, (10) clearinfo.php, (11) clear.php, (12) aboutinfo.php, (13) about.php, and other unspecified files.

7.5
2007-04-25 CVE-2007-2259 Esforum SQL Injection vulnerability in Esforum 3.0

SQL injection vulnerability in forum.php in EsForum 3.0 allows remote attackers to execute arbitrary SQL commands via the idsalon parameter.

7.5
2007-04-25 CVE-2007-2258 Phpmybibli Remote File Include vulnerability in PHPMyBibli Init.Inc.PHP

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter.

7.5
2007-04-25 CVE-2007-2257 Fully Modded Phpbb Remote File Include vulnerability in Fully Modded PHPBB2 PHPBB_Root_Path

PHP remote file inclusion vulnerability in subscp.php in Fully Modded phpBB2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

7.5
2007-04-25 CVE-2007-2255 Alexscriptengine Remote Security vulnerability in Alexscriptengine Download-Engine 1.4.3

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) eng_dir parameter to addmember.php, (2) lang_path parameter to admin/enginelib/class.phpmailer.php, and the (3) spaw_root parameter to admin/includes/spaw/dialogs/colorpicker.php, different vectors than CVE-2006-5291 and CVE-2006-5459.

7.5
2007-04-25 CVE-2007-2254 Deltascripts Remote Security vulnerability in Deltascripts PHP Classifieds 6.04

PHP remote file inclusion vulnerability in admin/setup/level2.php in PHP Classifieds 6.04, and probably earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.

7.5
2007-04-25 CVE-2007-2251 Xaraya Unspecified vulnerability in Xaraya

Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd.

7.5
2007-04-25 CVE-2007-2247 Phpmyspace SQL Injection vulnerability in PHPmyspace 8.10

SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

7.5
2007-04-25 CVE-2007-2234 Punbb SQL-Injection vulnerability in Punbb

include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on the search_id parameter to search.php.

7.5
2007-04-25 CVE-2007-2232 Cosign Security Bypass vulnerability in Cosign

The CHECK command in Cosign 2.0.1 and earlier allows remote attackers to bypass authentication requirements via CR (\r) sequences in the cosign cookie parameter.

7.5
2007-04-24 CVE-2007-2214 Dmcms Unspecified vulnerability in Dmcms

Unrestricted file upload vulnerability in includes/upload_file.php in DmCMS allows remote attackers to upload arbitrary PHP scripts by placing a script's contents in both the File2 and File3 parameters, and sending a ok.php?do=act Referer.

7.5
2007-04-24 CVE-2007-2212 Mybb SQL-Injection vulnerability in Mybb 1.2.5

Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) month parameter.

7.5
2007-04-24 CVE-2007-2211 Mybulletinboard SQL Injection vulnerability in MyBulletinBoard Calendar.PHP

SQL injection vulnerability in calendar.php in MyBB (aka MyBulletinBoard) 1.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a dayview action.

7.5
2007-04-24 CVE-2007-2208 Extreme Phpbb Remote Security vulnerability in Extreme PHPbb Extreme PHPbb 3.0Prefinal

Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.

7.5
2007-04-24 CVE-2007-2207 Ripe Website Manager SQL-Injection vulnerability in Ripe Website Manager

SQL injection vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ripeformpost parameter.

7.5
2007-04-24 CVE-2007-2205 LAN Management System Remote File Include vulnerability in LAN Management System LAN Management System 1.5.3/1.5.4

PHP remote file inclusion vulnerability in modules/rtmessageadd.php in LAN Management System (LMS) 1.5.3, and possibly 1.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643.

7.5
2007-04-24 CVE-2007-2204 GPL PHP Board Remote File Include vulnerability in GPL PHP Board GPL PHP Board 200111141

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board (GPB) unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) db.mysql.inc.php or (2) gpb.inc.php in include/, or the (3) theme parameter to themes/ubb/login.php.

7.5
2007-04-24 CVE-2007-2201 Post Revolution Remote File Include vulnerability in Post Revolution Post Revolution 6.6/7.0Rc2

Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.

7.5
2007-04-24 CVE-2007-2183 PHP Ring SQL Injection vulnerability in PHP-Ring Webring System 0.9

SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.

7.5
2007-04-24 CVE-2007-0741 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

7.5
2007-04-24 CVE-2007-0747 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.

7.2
2007-04-24 CVE-2007-0744 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.

7.2
2007-04-24 CVE-2007-2174 Checkpoint Local Privilege Escalation vulnerability in Checkpoint Zonealarm 5.0.63.0

The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter addresses.

7.2
2007-04-24 CVE-2007-0732 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." The vendor has addressed this issue through Mac OS software updates.

7.2
2007-04-24 CVE-2007-0729 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X, mac OS X Preview.App and mac OS X Server

Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

7.2
2007-04-24 CVE-2007-0725 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

7.2
2007-04-24 CVE-2007-2180 Nullsoft Denial of Service vulnerability in Nullsoft Winamp 5.3

Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.

7.1

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-27 CVE-2007-2348 Alexander V Lukyanov Unspecified vulnerability in Alexander V. Lukyanov Lftp

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script.

6.8
2007-04-27 CVE-2007-2340 Phporacleview Code Injection vulnerability in PHPoracleview

Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.

6.8
2007-04-26 CVE-2007-2319 Autostand Category Code Injection vulnerability in Autostand Category Autostand Category

PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/.

6.8
2007-04-26 CVE-2007-2314 Crea Book SQL-Injection vulnerability in Crea-book

Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter to (a) configurer.php, (b) connect.php, (c) delete.php, (d) delete2.php, (e) index.php, (f) infos.php, (g) membres.php, (h) modif-infos.php, (i) modif-message.php, (j) modif.php, (k) uninstall.php, or (l) uninstall_table.php in admin/, different vectors than CVE-2007-2000.

6.8
2007-04-26 CVE-2007-2303 News Manager Deluxe File-Upload vulnerability in News Manager Deluxe News Manager Deluxe 1.0.1

Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-04-26 CVE-2007-1683 Incredimail Remote Buffer Overflow vulnerability in IncrediMail IMMenuShellExt ActiveX Control

Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-04-25 CVE-2007-2267 SUN Denial Of Service vulnerability in SUN Cluster 3.1/3.2

Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 before 20070424 allows remote authenticated users, operating from a different cluster node, to cause a denial of service (data corruption or send_mondo panic) via unspecified vectors, as demonstrated by EMC Symcli backup software 6.2.1.

6.8
2007-04-25 CVE-2007-2265 Phpee Unspecified vulnerability in PHPee YA Book 0.98Alpha

Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows remote attackers to inject arbitrary web script or HTML via the City field in a sign action in index.php.

6.8
2007-04-25 CVE-2007-2245 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin 2.10.1.0

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

6.8
2007-04-25 CVE-2007-2236 Punbb Cross-Site Scripting vulnerability in Punbb

footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.

6.8
2007-04-24 CVE-2007-2209 Accusoft
Corel
Buffer Overflow vulnerability in AccuSoft ImageGear Igcore15d.DLL Malformed CLP File

Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ImageGear, as used in Corel Paint Shop Pro Photo 11.20 and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted .CLP file.

6.8
2007-04-24 CVE-2007-2202 Acvsws Remote File Include vulnerability in Acvsws PHP5 1.0

PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.

6.8
2007-04-24 CVE-2007-2199 CJG Explorer PRO
Joomla
NX
Phpsitebackup
Code Injection vulnerability in multiple products

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

6.8
2007-04-24 CVE-2007-2196 Joomla
Mambo
Remote File Include vulnerability in RETIRED: Joomla/Mambo Jambook Module MosConfig_Absolute_Path

** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8
2007-04-24 CVE-2007-2191 BSD
HP
IBM
Linux
Santa Cruz Operation
SUN
Freepbx
HTML Injection vulnerability in Freepbx 2.2.1/2.2Rc1

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

6.8
2007-04-24 CVE-2007-2190 EBA News Remote Security vulnerability in EBA News EBA News 1.1

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

6.8
2007-04-24 CVE-2007-2189 MX Smartor Remote File Include vulnerability in MX Smartor Full Album Pack 2.1Rc1

PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

6.8
2007-04-24 CVE-2007-2185 Supasite Code Injection vulnerability in Supasite 1.23B

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.

6.8
2007-04-24 CVE-2007-2182 Maran Unspecified vulnerability in Maran PHP Forum

Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.

6.8
2007-04-24 CVE-2007-2181 Webinsta Remote File Include vulnerability in WEBinsta FM Manager Admin Cookies

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.

6.8
2007-04-24 CVE-2007-2177 Microgaming Remote Buffer Overflow vulnerability in Microgaming Download Helper ActiveX Control

Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.

6.8
2007-04-25 CVE-2007-2249 Phorum Input Validation vulnerability in Phorum

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

6.5
2007-04-25 CVE-2007-2233 Cosign Cross-Site Request Forgery vulnerability in Cosign

cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote authenticated users to perform unauthorized actions as an arbitrary user by using CR (\r) sequences in the service parameter to inject LOGIN and REGISTER commands with the desired username.

6.5
2007-04-25 CVE-2007-2230 Broadcom SQL Injection vulnerability in Broadcom Cleverpath Portal

SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.

6.5
2007-04-24 CVE-2007-2138 Postgresql
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

6.0
2007-04-25 CVE-2007-2269 Swsoft Directory Traversal vulnerability in Plesk 8.1.0/8.1.1

Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a ..

5.0
2007-04-25 CVE-2007-2268 Swsoft Directory Traversal vulnerability in Swsoft Plesk 7.6.1/8.1.0/8.1.1

Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a ..

5.0
2007-04-25 CVE-2007-2253 Exponent Information Exposure vulnerability in Exponent CMS

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php.

5.0
2007-04-25 CVE-2007-2252 Exponent Input Validation vulnerability in Exponent CMS 0.96.5Rc1/0.96.6Alpha

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a ..

5.0
2007-04-25 CVE-2007-2250 Phorum Input Validation vulnerability in Phorum

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.

5.0
2007-04-25 CVE-2007-2243 Openbsd Improper Authentication vulnerability in Openbsd Openssh

OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.

5.0
2007-04-24 CVE-2007-2197 Brettle Development Information Disclosure vulnerability in NeatUpload HTTPWorkerRequest.FlushResponse

Race condition in the NeatUpload ASP.NET component 1.2.11 through 1.2.16, 1.1.18 through 1.1.23, and trunk.379 through trunk.445 allows remote attackers to obtain other clients' HTTP responses via multiple simultaneous requests, which triggers multiple calls to HttpWorkerRequest.FlushResponse for the same HttpWorkerRequest object and causes a buffer to be reused for a different request.

5.0
2007-04-24 CVE-2007-2195 Alvaro Denial Of Service vulnerability in AMSN Malformed Message

aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.

5.0
2007-04-24 CVE-2007-2186 Microsoft
Foxit
Denial of Service vulnerability in Foxit PDF Reader 2.0

Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

5.0
2007-04-24 CVE-2007-2184 Jchit Directory Traversal vulnerability in Jchit Counter 1.0.0

Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a ..

5.0
2007-04-24 CVE-2007-0743 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

4.9
2007-04-25 CVE-2007-2275 HP Local Unauthorized Access vulnerability in HP products

Unspecified vulnerability in HP StorageWorks Command View Advanced Edition for XP before 5.6.0-01, XP Replication Monitor before 5.6.0-01, and XP Tiered Storage Manager before 5.5.0-02 allows local users to access other accounts via unspecified vectors during registration or addition of new users.

4.6
2007-04-24 CVE-2007-0739 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls.

4.6
2007-04-24 CVE-2007-0738 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.

4.6
2007-04-24 CVE-2007-0737 Apple Multiple Security vulnerability in Apple Mac OS X 2007-004

The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors.

4.6
2007-04-27 CVE-2007-2337 Oicgroup Cross-Site Scripting vulnerability in Oicgroup Exponent CMS

Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

4.3
2007-04-27 CVE-2007-2335 Lunascape HTML Injection vulnerability in Lunascape RSS Feed

Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-04-26 CVE-2007-2310 Bloofoxcms Cross-Site Scripting vulnerability in Bloofoxcms 0.2.2

Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.

4.3
2007-04-26 CVE-2007-2309 Flowers Cross-Site Scripting vulnerability in Flowers 2.0

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter.

4.3
2007-04-26 CVE-2007-2308 Flowers Cross-Site Scripting vulnerability in Flowers 2.0

Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.

4.3
2007-04-26 CVE-2007-2306 Vwar Cross-Site Scripting vulnerability in VWar

Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War (VWar) 1.5.0 R15 and earlier module for PHP-Nuke, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) memberlist parameter to extra/login.php and the (2) title parameter to extra/today.php.

4.3
2007-04-26 CVE-2007-2300 Surat Kabar Cross-Site Scripting vulnerability in Surat Kabar PHPwebnews 0.1/0.2

Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto Surat kabar / News Management Online (aka phpwebnews) 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the m_txt parameter to (1) iklan.php, (2) index.php, or (3) bukutamu.php.

4.3
2007-04-26 CVE-2007-2292 Mozilla
Microsoft
Improper Input Validation vulnerability in multiple products

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

4.3
2007-04-25 CVE-2007-2256 Tjschat Cross-Site Scripting vulnerability in Tjschat 0.95

Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2007-04-25 CVE-2007-2248 Phorum Cross-Site Scripting vulnerability in Phorum

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

4.3
2007-04-25 CVE-2007-2235 Punbb Cross-Site Scripting vulnerability in Punbb

Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when deleting a category in admin_categories.php.

4.3
2007-04-25 CVE-2007-2231 Dovecot Remote Information Disclosure vulnerability in Dovecot Zlib Plugin

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a ..

4.3
2007-04-24 CVE-2007-2206 Ripe Website Manager Cross-Site Scripting vulnerability in Ripe Website Manager Ripe Website Manager

Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe Website Manager 0.8.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a leading "<"<" in the ripeformpost parameter.

4.3
2007-04-24 CVE-2007-2203 BIG Blue HTML Injection vulnerability in Big Blue Guestbook Comment

Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.

4.3
2007-04-24 CVE-2007-2198 LAN Management System Cross-Site Scripting vulnerability in LAN Management System LAN Management System 1.5.6

Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-24 CVE-2007-1353 Linux Information Disclosure vulnerability in Linux Kernel L2CAP and HCI Setsockopt Memory Leak

The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.

2.1