Weekly Vulnerabilities Reports > April 30 to May 6, 2007
Overview
111 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 119 products from 80 vendors including Vmware, Ruben Boelinger, Microsoft, Debian, and Symantec. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Resource Management Errors", "Out-of-bounds Write", "Information Exposure", and "Permissions, Privileges, and Access Controls".
- 91 reported vulnerabilities are remotely exploitables.
- 31 reported vulnerabilities have public exploit available.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 100 reported vulnerabilities are exploitable by an anonymous user.
- Vmware has the most reported vulnerabilities, with 6 reported vulnerabilities.
- EMC has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-04 | CVE-2007-2500 | GNU | Remote Code Execution vulnerability in GNU Flash Player 0.7.2 server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow. | 10.0 |
2007-05-04 | CVE-2007-2494 | Office OCX | Denial of Service vulnerability in Office OCX PowerPoint Viewer ActiveX Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. | 10.0 |
2007-05-04 | CVE-2007-2493 | Mxbb | Remote File Include vulnerability in MXBB MX Faq Module Module_Root_Path PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 10.0 |
2007-05-03 | CVE-2007-2489 | Livedata | Remote Heap Overflow vulnerability in LiveData Protocol Server WSDL Files Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call. | 10.0 |
2007-05-02 | CVE-2007-2476 | Novell | Privilege Escalation vulnerability in Novell Securelogin 6 Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes. | 10.0 |
2007-05-02 | CVE-2007-2418 | Cerulean Studios | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cerulean Studios Trillian PRO Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding. | 10.0 |
2007-05-02 | CVE-2007-0655 | Microworld Technologies | Unspecified vulnerability in Microworld Technologies Escan The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222. | 10.0 |
2007-05-02 | CVE-2007-2435 | SUN | Permissions, Privileges, and Access Controls vulnerability in SUN Java Enterprise System, JRE and SDK Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | 10.0 |
2007-05-02 | CVE-2007-2434 | Aventail | Remote Buffer Overflow vulnerability in Aventail Connect Hostname Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query. | 10.0 |
2007-05-02 | CVE-2007-2429 | Manageengine | Remote Unauthorized Access vulnerability in ManageEngine Password Manager Pro Database ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. | 10.0 |
2007-04-30 | CVE-2007-2375 | Symantec | Remote Upgrade Remote Code Execution vulnerability in Symantec Enterprise Security Manager The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol. | 10.0 |
2007-04-30 | CVE-2007-2372 | Gregory Kokanosky | Scripts Authentication Bypass vulnerability in PHPMyNewsLetter admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/. | 10.0 |
2007-04-30 | CVE-2007-2371 | Gregory Kokanosky | Scripts Authentication Bypass vulnerability in PHPMyNewsLetter admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action. | 10.0 |
2007-04-30 | CVE-2007-2367 | Wserve Http Server | Buffer Overflow vulnerability in Wserve Http Server Wserve Http Server 4.6 Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI. | 10.0 |
2007-04-30 | CVE-2007-2355 | Opendap | Remote Command Execution vulnerability in Opendap Server3 3.2.10/3.7.4 The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | 10.0 |
2007-04-30 | CVE-2007-2352 | Afflib | Remote Security vulnerability in AFFLIB Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. | 10.0 |
2007-04-30 | CVE-2007-2053 | Afflib | Remote Buffer Overflow vulnerability in AFFLIB LastModified Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. | 10.0 |
2007-04-30 | CVE-2006-7198 | IBM | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. | 10.0 |
2007-05-04 | CVE-2007-2505 | Intervations | Remote Buffer Overflow vulnerability in Intervations Mailcopa 8.0120070323 Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. | 9.3 |
2007-05-04 | CVE-2007-2498 | Nullsoft | Buffer Overflow vulnerability in Winamp MP4 File Parsing libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. | 9.3 |
2007-05-03 | CVE-2007-2478 | Cerulean Studios | IRC Module UTF-8 vulnerability in Cerulean Studios Trillian Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string. | 9.3 |
2007-04-30 | CVE-2007-2374 | Microsoft Avaya | Remote Code Execution vulnerability in Microsoft Windows Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-04-30 | CVE-2006-7201 | EMC | Remote Security vulnerability in Rsa Security Sitekey EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | 9.3 |
2007-04-30 | CVE-2007-2365 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | 9.3 |
2007-04-30 | CVE-2006-7200 | EMC | Security Bypass vulnerability in Rsa Security Sitekey EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | 9.0 |
2007-04-30 | CVE-2007-2362 | DON Moore | Remote Dynamic DNS Update vulnerability in DON Moore Mydns 1.1.0 Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c. | 9.0 |
49 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-04-30 | CVE-2006-7199 | EMC | Remote Security vulnerability in Rsa Security Sitekey EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. | 8.5 |
2007-04-30 | CVE-2007-2363 | Irfanview | Remote Buffer Overflow vulnerability in IrfanView .IFF Format Handling Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file. | 8.5 |
2007-05-04 | CVE-2007-2507 | Treble Designs | Directory Traversal vulnerability in Treble Designs 1024 CMS 0.7 Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-05-04 | CVE-2007-2506 | Progress | Denial Of Service vulnerability in Progress WebSpeed WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO. | 7.8 |
2007-05-04 | CVE-2007-2502 | HP | Denial of Service vulnerability in HP ProCurve 9300m Switches Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015. | 7.8 |
2007-05-04 | CVE-2007-2497 | Realnetworks | Remote Denial of Service vulnerability in Realnetworks Realplayer 10.0 RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. | 7.8 |
2007-05-04 | CVE-2007-2496 | Office OCX | Multiple vulnerability in Office OCX Word Viewer OCX 3.2.0.5 The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value. | 7.8 |
2007-05-03 | CVE-2007-2490 | Livedata | Denial of Service vulnerability in Livedata Iccp Server, Maintenance Server and Protocol Server Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets. | 7.8 |
2007-05-02 | CVE-2007-2466 | SUN | Denial Of Service vulnerability in SUN Java System Directory Server and ONE Directory Server Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. | 7.8 |
2007-05-02 | CVE-2007-1877 | Vmware | Denial Of Service vulnerability in VMware VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information. | 7.8 |
2007-05-02 | CVE-2007-1337 | Vmware | Denial Of Service vulnerability in VMware The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors. | 7.8 |
2007-05-02 | CVE-2007-1069 | Vmware | Denial Of Service vulnerability in VMware The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF). | 7.8 |
2007-05-02 | CVE-2007-2459 | Tony Cook | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tony Cook Imager Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files. | 7.8 |
2007-05-02 | CVE-2007-2430 | Tecnick COM | Remote PHP Code Execution vulnerability in TCExam SessionUserLang shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php. | 7.8 |
2007-05-01 | CVE-2007-2414 | Microsoft Myserver | Denial Of Service vulnerability in MyServer MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors. | 7.8 |
2007-04-30 | CVE-2007-2354 | Progress | Information Disclosure vulnerability in Webspeed Messenger Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information. | 7.8 |
2007-04-30 | CVE-2007-2029 | Debian Clam Anti Virus | Resource Management Errors vulnerability in Clam Anti-Virus Clamav 0.84Rc2 File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. | 7.8 |
2007-04-30 | CVE-2006-4520 | Novell | Denial Of Service vulnerability in Novell EDirectory NCP Fragment Length ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | 7.8 |
2007-05-02 | CVE-2007-2438 | Foresight Linux VIM Development Group | Remote Code Execution vulnerability in VIM Development Group VIM 7.0 The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines. | 7.6 |
2007-05-04 | CVE-2007-2501 | Fernando M A D S | Unspecified vulnerability in Fernando M.A.D.S. Codepress Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call. | 7.5 |
2007-05-04 | CVE-2007-2495 | Office OCX | Denial of Service vulnerability in Office OCX ExcelViewer.OCX Excel Viewer ActiveX Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. | 7.5 |
2007-05-04 | CVE-2007-2492 | Postnuke Software Foundation | SQL Injection vulnerability in Postnuke Software Foundation Postnuke V4Bjournal Module 0.99 SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action. | 7.5 |
2007-05-03 | CVE-2007-2485 | Ruben Boelinger | Remote File Include vulnerability in Wordpress Myflash Plugin PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | 7.5 |
2007-05-02 | CVE-2007-2474 | Turnkey WEB Tools | Remote File Include vulnerability in TurnkeyWebTools Sunshop Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070. | 7.5 |
2007-05-02 | CVE-2007-2473 | Cmsmadesimple | SQL Injection vulnerability in CMS Made Simple Stylesheet.PHP SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | 7.5 |
2007-05-02 | CVE-2007-2469 | Filerun | SQL Injection and Cross-Site Scripting vulnerability in FileRun SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter. | 7.5 |
2007-05-02 | CVE-2007-2460 | Firefly | Remote Security vulnerability in Firefly PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | 7.5 |
2007-05-02 | CVE-2007-2456 | Firefly | Remote File Include vulnerability in Firefly 1.1.01 Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/. | 7.5 |
2007-05-02 | CVE-2007-2428 | Ahhp Portal | Code Injection vulnerability in Ahhp-Portal Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. | 7.5 |
2007-05-02 | CVE-2007-2427 | Pnflashgames | SQL Injection vulnerability in Pnflashgames 1.5 SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2007-05-02 | CVE-2007-2426 | Wildbits | Remote File Include vulnerability in Wordpress MyGallery Plugin PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter. | 7.5 |
2007-05-02 | CVE-2007-2424 | THE Merchant Project | Remote File Include vulnerability in the Merchant Project the Merchant 2.2 PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter. | 7.5 |
2007-05-02 | CVE-2007-2421 | Hitachi | Remote Buffer Overflow vulnerability in Hitachi Groupmax Mobile Option 0511/0600/0700 Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-05-02 | CVE-2007-2420 | Burak Yilmaz | SQL Injection vulnerability in Burak Yilmaz Burak Yilmaz Blog 1.0 SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-05-01 | CVE-2007-2416 | E Annu | SQL Injection vulnerability in E-Annu Home.PHP SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter. | 7.5 |
2007-04-30 | CVE-2007-2373 | WF Links | SQL Injection vulnerability in XOOPS WF-Link Module Viewcat.PHP SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2007-04-30 | CVE-2007-2370 | Xoops | SQL-Injection vulnerability in John Mordo Jobs Module SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action. | 7.5 |
2007-04-30 | CVE-2007-2364 | Burnstone | Remote File Include vulnerability in BurnCMS Root Parameter Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/. | 7.5 |
2007-04-30 | CVE-2007-2055 | Afflib | Remote Security vulnerability in AFFLIB AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. | 7.5 |
2007-04-30 | CVE-2007-2054 | Afflib | Remote Security vulnerability in AFFLIB Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. | 7.5 |
2007-04-30 | CVE-2007-2366 | Corel | Remote Buffer Overflow vulnerability in Corel Paint Shop PRO 11.20 Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. | 7.4 |
2007-05-04 | CVE-2007-2491 | Vmware | Denial-Of-Service vulnerability in Server The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337. | 7.2 |
2007-05-02 | CVE-2007-1876 | Microsoft Vmware | Denial Of Service vulnerability in VMware VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction." | 7.2 |
2007-05-02 | CVE-2007-1320 | Qemu Fedoraproject Opensuse Debian | Out-Of-Bounds Write vulnerability in multiple products Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow. | 7.2 |
2007-04-30 | CVE-2007-2359 | Symantec | Local Security vulnerability in BackupExec System Recovery Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string. | 7.2 |
2007-04-30 | CVE-2007-2351 | HP | Remote Agent Local Privilege Escalation vulnerability in HP Power Manager Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors. | 7.2 |
2007-05-03 | CVE-2007-2479 | Cerulean Studios | Information Exposure vulnerability in Cerulean Studios Trillian 3.1 Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker. | 7.1 |
2007-05-02 | CVE-2007-0745 | Apple | Remote Security vulnerability in Apple mac OS X Server 10.4.9 The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. | 7.1 |
2007-05-02 | CVE-2007-2241 | ISC | Denial Of Service vulnerability in ISC BIND Query_AddSOA Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. | 7.1 |
34 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-04 | CVE-2007-2499 | Globalmegacorp | Cross-Site Scripting vulnerability in DVDdb Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php. | 6.8 |
2007-05-03 | CVE-2007-2484 | Ruben Boelinger | Remote Security vulnerability in Wp-Table PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | 6.8 |
2007-05-03 | CVE-2007-2483 | Ruben Boelinger | File-Upload vulnerability in Wp-Table Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter. | 6.8 |
2007-05-03 | CVE-2007-2482 | Ruben Boelinger | Remote File Include vulnerability in WordPress Plugins Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
2007-05-03 | CVE-2007-2481 | Ruben Boelinger | Remote File Include vulnerability in WordPress Plugins PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter. | 6.8 |
2007-05-02 | CVE-2007-2454 | Parallels | Local Security vulnerability in Parallels Desktop for Mac OS X Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations. | 6.8 |
2007-05-02 | CVE-2007-2433 | Ariadne | Cross-Site Scripting vulnerability in Ariadne CMS 2.4.1 Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter. | 6.8 |
2007-05-02 | CVE-2007-2432 | Nukedit | Cross-Site Scripting vulnerability in Nukedit 4.9.7B Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. | 6.8 |
2007-05-02 | CVE-2007-2431 | Tecnick COM | Cross-Site Scripting vulnerability in TCExam $_SERVER[] Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter. | 6.8 |
2007-04-30 | CVE-2007-2360 | Symantec | Local Security vulnerability in BackupExec System Recovery Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key. | 6.8 |
2007-04-30 | CVE-2007-2357 | Sinecms | Cross-Site Scripting vulnerability in Sinecms 2.3.4 Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter. | 6.8 |
2007-04-30 | CVE-2007-2356 | Gimp | Out-of-bounds Write vulnerability in Gimp 2.2.14 Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file. | 6.8 |
2007-05-02 | CVE-2007-2475 | Novell | Privilege Escalation vulnerability in Novell Securelogin 6 Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes." | 6.5 |
2007-04-30 | CVE-2007-2350 | Freepbx | Remote Security vulnerability in freePBX admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter. | 6.5 |
2007-05-02 | CVE-2007-1744 | Microsoft Vmware | Directory Traversal vulnerability in VMware Workstation Shared Folders Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface. | 6.3 |
2007-05-02 | CVE-2007-2455 | Parallels | Denial-Of-Service vulnerability in Parallels Desktop for Mac OS X Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7. | 6.1 |
2007-05-02 | CVE-2007-2470 | Filerun | Cross-Site Scripting vulnerability in FileRun Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter. | 5.8 |
2007-05-02 | CVE-2007-2423 | Moinmoin | Cross-Site Scripting vulnerability in Moinmoin 1.5.7 Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. | 5.8 |
2007-04-30 | CVE-2007-2349 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.2 Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. | 5.8 |
2007-05-02 | CVE-2007-2437 | X ORG | Denial of Service vulnerability in X.Org X Window System Xserver XRender Extension Divide by Zero The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error. | 5.5 |
2007-05-03 | CVE-2007-2486 | Motobit | Directory Traversal vulnerability in Motobit 1.3/1.5 Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-02 | CVE-2007-2471 | Sendcard | Directory Traversal vulnerability in Sendcard Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter. | 5.0 |
2007-05-02 | CVE-2007-2425 | Blackdot | Local File Include vulnerability in Blackdot Imageview 5.3 Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-01 | CVE-2007-2415 | Pi3Web | Resource Management Errors vulnerability in Pi3Web web Server 2.0.3Pl1 Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. | 5.0 |
2007-04-30 | CVE-2007-2369 | PHP Webspell | Directory Traversal vulnerability in PHP Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-04-30 | CVE-2007-2368 | Webspell | Remote Security vulnerability in webSPELL picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. | 5.0 |
2007-04-30 | CVE-2007-2353 | Apache | Information Exposure vulnerability in Apache Axis 1.0 Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message. | 5.0 |
2007-05-02 | CVE-2007-2468 | HP | Local Denial of Service vulnerability in HP Openvms 8.21/8.3 Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." The vendor has addressed this issue with the following product updates: HP OpenVMS 8.2-1 Integrity: HP VMS821I_SYS-V0400.ZIPEXE ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SYS-V0400.ZIP EXE HP OpenVMS 8.3 Integrity: HP VMS83I_SYS-V0200.ZIPEXE ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SYS-V0200.ZIPEXE | 4.9 |
2007-05-02 | CVE-2007-2467 | Zonelabs | Denial of Service vulnerability in Zonelabs Zonealarm 6.1.744.001/6.5.737.000 ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access. | 4.9 |
2007-05-02 | CVE-2007-0771 | Linux Redhat | Local Denial of Service vulnerability in Linux Kernel UTrace The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c. | 4.9 |
2007-04-30 | CVE-2007-2361 | Symantec | Local Security vulnerability in BackupExec System Recovery Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file. | 4.9 |
2007-05-02 | CVE-2007-2465 | SUN | Local Denial Of Service vulnerability in Sun Solaris 9 Auditing BSM Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. | 4.7 |
2007-05-02 | CVE-2007-1859 | Redhat Xscreensaver | Improper Authentication vulnerability in Xscreensaver 4.10 XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. | 4.6 |
2007-05-02 | CVE-2007-2472 | Sendcard | Cross-Site Scripting vulnerability in Sendcard Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter. | 4.3 |