Weekly Vulnerabilities Reports > April 30 to May 6, 2007

Overview

136 new vulnerabilities reported during this period, including 28 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 140 products from 99 vendors including Vmware, Microsoft, Ruben Boelinger, Debian, and Cisco. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Resource Management Errors", "Code Injection", and "Permissions, Privileges, and Access Controls".

  • 115 reported vulnerabilities are remotely exploitables.
  • 33 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 125 reported vulnerabilities are exploitable by an anonymous user.
  • Vmware has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • EMC has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

28 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-04 CVE-2007-2503 PHP Turbulence Remote File Include vulnerability in PHP Turbulence PHP Turbulence 0.0.1Alpha

** DISPUTED ** Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a ..

10.0
2007-05-04 CVE-2007-2500 GNU Remote Code Execution vulnerability in GNU Flash Player 0.7.2

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

10.0
2007-05-04 CVE-2007-2494 Office OCX Denial of Service vulnerability in Office OCX PowerPoint Viewer ActiveX

Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value.

10.0
2007-05-04 CVE-2007-2493 Mxbb Remote File Include vulnerability in MXBB MX Faq Module Module_Root_Path

PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES 2.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

10.0
2007-05-03 CVE-2007-2489 Livedata Remote Heap Overflow vulnerability in LiveData Protocol Server WSDL Files

Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and other versions before update 500062 (5.00.062), allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request for a WSDL file that causes a negative length to be used in a strncpy call.

10.0
2007-05-02 CVE-2007-2476 Novell Privilege Escalation vulnerability in Novell Securelogin 6

Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to Active Directory (AD) password changes.

10.0
2007-05-02 CVE-2007-2462 Cisco Remote vulnerability in Cisco PIX And ASA Appliances

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 before 7.2(2)8, when using Layer 2 Tunneling Protocol (L2TP) or Remote Management Access, allows remote attackers to bypass LDAP authentication and gain privileges via unknown vectors.

10.0
2007-05-02 CVE-2007-2418 Cerulean Studios Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cerulean Studios Trillian PRO

Heap-based buffer overflow in the Rendezvous / Extensible Messaging and Presence Protocol (XMPP) component (plugins\rendezvous.dll) for Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to execute arbitrary code via a message that triggers the overflow from expansion that occurs during encoding.

10.0
2007-05-02 CVE-2007-0655 Microworld Technologies Unspecified vulnerability in Microworld Technologies Escan

The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.

10.0
2007-05-02 CVE-2007-2435 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java Enterprise System, JRE and SDK

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

10.0
2007-05-02 CVE-2007-2434 Aventail Remote Buffer Overflow vulnerability in Aventail Connect Hostname

Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.

10.0
2007-05-02 CVE-2007-2429 Manageengine Remote Unauthorized Access vulnerability in ManageEngine Password Manager Pro Database

ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments.

10.0
2007-04-30 CVE-2007-2375 Symantec Remote Upgrade Remote Code Execution vulnerability in Symantec Enterprise Security Manager

The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.

10.0
2007-04-30 CVE-2007-2372 Gregory Kokanosky Scripts Authentication Bypass vulnerability in PHPMyNewsLetter

admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.

10.0
2007-04-30 CVE-2007-2371 Gregory Kokanosky Scripts Authentication Bypass vulnerability in PHPMyNewsLetter

admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.

10.0
2007-04-30 CVE-2007-2367 Wserve Http Server Buffer Overflow vulnerability in Wserve Http Server Wserve Http Server 4.6

Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.

10.0
2007-04-30 CVE-2007-2355 Opendap Remote Command Execution vulnerability in Opendap Server3 3.2.10/3.7.4

The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

10.0
2007-04-30 CVE-2007-2352 Afflib Remote Security vulnerability in AFFLIB

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp.

10.0
2007-04-30 CVE-2007-2053 Afflib Remote Buffer Overflow vulnerability in AFFLIB LastModified

Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path.

10.0
2007-04-30 CVE-2006-7198 IBM Remote Security vulnerability in Websphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

10.0
2007-05-04 CVE-2007-2505 Intervations Remote Buffer Overflow vulnerability in Intervations Mailcopa 8.0120070323

Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI.

9.3
2007-05-04 CVE-2007-2498 Nullsoft Buffer Overflow vulnerability in Winamp MP4 File Parsing

libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file.

9.3
2007-05-03 CVE-2007-2478 Cerulean Studios IRC Module UTF-8 vulnerability in Cerulean Studios Trillian

Multiple heap-based buffer overflows in the IRC component in Cerulean Studios Trillian Pro before 3.1.5.1 allow remote attackers to corrupt memory and possibly execute arbitrary code via (1) a URL with a long UTF-8 string, which triggers the overflow when the user highlights it, or (2) a font HTML tag with a face attribute containing a long UTF-8 string.

9.3
2007-04-30 CVE-2007-2374 Microsoft
Avaya
Remote Code Execution vulnerability in Microsoft Windows

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-04-30 CVE-2006-7201 EMC Remote Security vulnerability in Rsa Security Sitekey

EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.

9.3
2007-04-30 CVE-2007-2365 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

9.3
2007-04-30 CVE-2006-7200 EMC Security Bypass vulnerability in Rsa Security Sitekey

EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.

9.0
2007-04-30 CVE-2007-2362 DON Moore Remote Dynamic DNS Update vulnerability in DON Moore Mydns 1.1.0

Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-04-30 CVE-2006-7199 EMC Remote Security vulnerability in Rsa Security Sitekey

EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server.

8.5
2007-04-30 CVE-2007-2363 Irfanview Remote Buffer Overflow vulnerability in IrfanView .IFF Format Handling

Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.

8.5
2007-05-04 CVE-2007-2507 Treble Designs Directory Traversal vulnerability in Treble Designs 1024 CMS 0.7

Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a ..

7.8
2007-05-04 CVE-2007-2506 Progress Denial Of Service vulnerability in Progress WebSpeed

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by requests for cgiip.exe or wsisa.dll with WService=wsbroker1/_edit.r in the PATH_INFO.

7.8
2007-05-04 CVE-2007-2502 HP Denial of Service vulnerability in HP ProCurve 9300m Switches

Unspecified vulnerability in HP ProCurve 9300m Series switches with software 08.0.01c through 08.0.01j allows remote attackers to cause a denial of service via unknown vectors, a different switch series than CVE-2006-4015.

7.8
2007-05-04 CVE-2007-2497 Realnetworks Remote Denial of Service vulnerability in Realnetworks Realplayer 10.0

RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file.

7.8
2007-05-04 CVE-2007-2496 Office OCX Multiple vulnerability in Office OCX Word Viewer OCX 3.2.0.5

The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.

7.8
2007-05-03 CVE-2007-2490 Livedata Denial of Service vulnerability in Livedata Iccp Server, Maintenance Server and Protocol Server

Unspecified vulnerability in LiveData Server before 5.00.62 allows remote attackers to cause a denial of service (exit) via crafted Connection-Oriented Transport Protocol (COTP) packets.

7.8
2007-05-02 CVE-2007-2466 SUN Denial Of Service vulnerability in SUN Java System Directory Server and ONE Directory Server

Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings.

7.8
2007-05-02 CVE-2007-2463 Cisco Remote vulnerability in Cisco PIX And ASA Appliances

Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)17 allows remote attackers to cause a denial of service (device reload) via unknown vectors related to VPN connection termination and password expiry.

7.8
2007-05-02 CVE-2007-2461 Cisco Remote Denial of Service vulnerability in Cisco PIX/ASA DHCP Relay

The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and PIX 7.2 allows remote attackers to cause a denial of service (dropped packets) via a DHCPREQUEST or DHCPINFORM message that causes multiple DHCPACK messages to be sent from DHCP servers to the agent, which consumes the memory allocated for a local buffer.

7.8
2007-05-02 CVE-2007-1877 Vmware Denial Of Service vulnerability in VMware

VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.

7.8
2007-05-02 CVE-2007-1337 Vmware Denial Of Service vulnerability in VMware

The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unknown vectors.

7.8
2007-05-02 CVE-2007-1069 Vmware Denial Of Service vulnerability in VMware

The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).

7.8
2007-05-02 CVE-2007-2459 Tony Cook Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tony Cook Imager

Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.

7.8
2007-05-02 CVE-2007-2430 Tecnick COM Remote PHP Code Execution vulnerability in TCExam SessionUserLang

shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.

7.8
2007-05-01 CVE-2007-2414 Microsoft
Myserver
Denial Of Service vulnerability in MyServer

MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.

7.8
2007-05-01 CVE-2007-2412 Seir Anphin Unspecified vulnerability in Seir Anphin Seir Anphin

** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a ..

7.8
2007-04-30 CVE-2007-2384 Script Aculo US Denial-Of-Service vulnerability in Script.Aculo.Us

The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

7.8
2007-04-30 CVE-2007-2354 Progress Information Disclosure vulnerability in Webspeed Messenger

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.

7.8
2007-04-30 CVE-2007-2029 Debian
Clam Anti Virus
Resource Management Errors vulnerability in Clam Anti-Virus Clamav 0.84Rc2

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

7.8
2007-04-30 CVE-2006-4520 Novell Denial Of Service vulnerability in Novell EDirectory NCP Fragment Length

ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file.

7.8
2007-05-02 CVE-2007-2438 Foresight Linux
VIM Development Group
Remote Code Execution vulnerability in VIM Development Group VIM 7.0

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.

7.6
2007-05-04 CVE-2007-2504 PHP Turbulence Remote File Include vulnerability in PHP Turbulence Turbulence.PHP

** DISPUTED ** PHP remote file inclusion vulnerability in user/turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[tcore] parameter.

7.5
2007-05-04 CVE-2007-2501 Fernando M A D S Unspecified vulnerability in Fernando M.A.D.S. Codepress

Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.

7.5
2007-05-04 CVE-2007-2495 Office OCX Denial of Service vulnerability in Office OCX ExcelViewer.OCX Excel Viewer ActiveX

Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value.

7.5
2007-05-04 CVE-2007-2492 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postnuke V4Bjournal Module 0.99

SQL injection vulnerability in index.php in the v4bJournal module for PostNuke allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a journal_comment action.

7.5
2007-05-03 CVE-2007-2487 Atomix Productions Buffer Overflow vulnerability in Atomix MP3 Malformed MP3 File

Stack-based buffer overflow in AtomixMP3 allows remote attackers to execute arbitrary code via a long filename in an MP3 file, a different vector than CVE-2006-6287.

7.5
2007-05-03 CVE-2007-2485 Ruben Boelinger Remote File Include vulnerability in Wordpress Myflash Plugin

PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

7.5
2007-05-03 CVE-2007-2477 Phpmychat Unspecified vulnerability in PHPmychat 0.14.5

** DISPUTED ** PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter.

7.5
2007-05-02 CVE-2007-2474 Turnkey WEB Tools Remote File Include vulnerability in TurnkeyWebTools Sunshop

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php, (2) global.php, or (3) libsecure.php, different vectors than CVE-2007-2070.

7.5
2007-05-02 CVE-2007-2473 Cmsmadesimple SQL Injection vulnerability in CMS Made Simple Stylesheet.PHP

SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

7.5
2007-05-02 CVE-2007-2469 Filerun SQL Injection and Cross-Site Scripting vulnerability in FileRun

SQL injection vulnerability in index.php in FileRun 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.

7.5
2007-05-02 CVE-2007-2460 Firefly Remote Security vulnerability in Firefly

PHP remote file inclusion vulnerability in modules/admin/include/config.php in FireFly 1.1.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.

7.5
2007-05-02 CVE-2007-2458 Pixaria Code Injection vulnerability in Pixaria Gallery

Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.

7.5
2007-05-02 CVE-2007-2457 Pixaria Remote File Include vulnerability in Pixaria Gallery Class.Smarty.PHP

PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.

7.5
2007-05-02 CVE-2007-2456 Firefly Remote File Include vulnerability in Firefly 1.1.01

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.

7.5
2007-05-02 CVE-2007-2428 Ahhp Portal Code Injection vulnerability in Ahhp-Portal

Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.

7.5
2007-05-02 CVE-2007-2427 Pnflashgames SQL Injection vulnerability in Pnflashgames 1.5

SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2007-05-02 CVE-2007-2426 Wildbits Remote File Include vulnerability in Wordpress MyGallery Plugin

PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.

7.5
2007-05-02 CVE-2007-2424 THE Merchant Project Remote File Include vulnerability in the Merchant Project the Merchant 2.2

PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.

7.5
2007-05-02 CVE-2007-2422 Comdev Unspecified vulnerability in Comdev Modules Builder 4.1

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Modules Builder (modbuild) 4.1 for Comdev One Admin allow remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter to (1) config-bak.php or (2) config.php.

7.5
2007-05-02 CVE-2007-2421 Hitachi Remote Buffer Overflow vulnerability in Hitachi Groupmax Mobile Option 0511/0600/0700

Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2007-05-02 CVE-2007-2420 Burak Yilmaz SQL Injection vulnerability in Burak Yilmaz Burak Yilmaz Blog 1.0

SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-05-01 CVE-2007-2416 E Annu SQL Injection vulnerability in E-Annu Home.PHP

SQL injection vulnerability in home.php in E-Annu allows remote attackers to execute arbitrary SQL commands via the a parameter.

7.5
2007-05-01 CVE-2007-2411 Sphider Remote File Include vulnerability in RETIRED: Sphider

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

7.5
2007-04-30 CVE-2007-2373 WF Links SQL Injection vulnerability in XOOPS WF-Link Module Viewcat.PHP

SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2007-04-30 CVE-2007-2370 Xoops SQL-Injection vulnerability in John Mordo Jobs Module

SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a jobsview action.

7.5
2007-04-30 CVE-2007-2364 Burnstone Remote File Include vulnerability in BurnCMS Root Parameter

Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) mysql.class.php or (2) postgres.class.php in lib/db/; or (3) authuser.php, (4) misc.php, or (5) connect.php in lib/.

7.5
2007-04-30 CVE-2007-2358 B2Evolution Unspecified vulnerability in B2Evolution

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php.

7.5
2007-04-30 CVE-2007-2055 Afflib Remote Security vulnerability in AFFLIB

AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp.

7.5
2007-04-30 CVE-2007-2054 Afflib Remote Security vulnerability in AFFLIB

Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp.

7.5
2007-04-30 CVE-2007-2366 Corel Remote Buffer Overflow vulnerability in Corel Paint Shop PRO 11.20

Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

7.4
2007-05-04 CVE-2007-2491 Vmware Denial-Of-Service vulnerability in Server

The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.

7.2
2007-05-02 CVE-2007-1876 Microsoft
Vmware
Denial Of Service vulnerability in VMware

VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."

7.2
2007-05-02 CVE-2007-1320 Qemu
Fedoraproject
Opensuse
Debian
Out-Of-Bounds Write vulnerability in multiple products

Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.

7.2
2007-04-30 CVE-2007-2359 Symantec Local Security vulnerability in BackupExec System Recovery

Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.

7.2
2007-04-30 CVE-2007-2351 HP Remote Agent Local Privilege Escalation vulnerability in HP Power Manager

Unspecified vulnerability in the HP Power Manager Remote Agent (RA) 4.0Build10 and earlier in HP-UX B.11.11 and B.11.23 allows local users to execute arbitrary code via unspecified vectors.

7.2
2007-05-03 CVE-2007-2479 Cerulean Studios Information Exposure vulnerability in Cerulean Studios Trillian 3.1

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.

7.1
2007-05-02 CVE-2007-2464 Cisco Remote vulnerability in Cisco PIX And ASA Appliances

Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 before 7.1(2)49 and 7.2 before 7.2(2)19, when using "clientless SSL VPNs," allows remote attackers to cause a denial of service (device reload) via "non-standard SSL sessions." The vendor has addressed this issue with a product update.

7.1
2007-05-02 CVE-2007-0745 Apple Remote Security vulnerability in Apple mac OS X Server 10.4.9

The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.

7.1
2007-05-02 CVE-2007-2241 ISC Denial Of Service vulnerability in ISC BIND Query_AddSOA

Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.

7.1

44 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-04 CVE-2007-2499 Globalmegacorp Cross-Site Scripting vulnerability in DVDdb

Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the movieid parameter to loan.php or (2) the s parameter to listmovies.php.

6.8
2007-05-03 CVE-2007-2484 Ruben Boelinger Remote Security vulnerability in Wp-Table

PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

6.8
2007-05-03 CVE-2007-2483 Ruben Boelinger File-Upload vulnerability in Wp-Table

Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH parameter.

6.8
2007-05-03 CVE-2007-2482 Ruben Boelinger Remote File Include vulnerability in WordPress Plugins

Directory traversal vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-05-03 CVE-2007-2481 Ruben Boelinger Remote File Include vulnerability in WordPress Plugins

PHP remote file inclusion vulnerability in wordtube-button.php in the wordTube 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter.

6.8
2007-05-02 CVE-2007-2454 Parallels Local Security vulnerability in Parallels Desktop for Mac OS X

Heap-based buffer overflow in the VGA device in Parallels allows local users, with root access to the guest operating system, to terminate the virtual machine and possibly execute arbitrary code in the host operating system via unspecified vectors related to bitblt operations.

6.8
2007-05-02 CVE-2007-2433 Ariadne Cross-Site Scripting vulnerability in Ariadne CMS 2.4.1

Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the ARLogin parameter.

6.8
2007-05-02 CVE-2007-2432 Nukedit Cross-Site Scripting vulnerability in Nukedit 4.9.7B

Cross-site scripting (XSS) vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter.

6.8
2007-05-02 CVE-2007-2431 Tecnick COM Cross-Site Scripting vulnerability in TCExam $_SERVER[]

Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.

6.8
2007-04-30 CVE-2007-2360 Symantec Local Security vulnerability in BackupExec System Recovery

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.

6.8
2007-04-30 CVE-2007-2357 Sinecms Cross-Site Scripting vulnerability in Sinecms 2.3.4

Cross-site scripting (XSS) vulnerability in mods/Core/result.php in SineCms 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the stringa parameter.

6.8
2007-04-30 CVE-2007-2356 Gimp Buffer Errors vulnerability in Gimp 2.2.14

Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.

6.8
2007-05-02 CVE-2007-2475 Novell Privilege Escalation vulnerability in Novell Securelogin 6

Unspecified vulnerability in the ADSCHEMA utility in Novell SecureLogin (NSL) 6 SP1 before 6.0.106 has unknown impact and remote attack vectors, related to granting "users excess permissions to their own attributes."

6.5
2007-04-30 CVE-2007-2350 Freepbx Remote Security vulnerability in freePBX

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter.

6.5
2007-05-02 CVE-2007-1744 Microsoft
Vmware
Directory Traversal vulnerability in VMware Workstation Shared Folders

Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.

6.3
2007-05-02 CVE-2007-2455 Parallels Denial-Of-Service vulnerability in Parallels Desktop for Mac OS X

Parallels allows local users to cause a denial of service (virtual machine abort) via (1) certain INT instructions, as demonstrated by INT 0xAA; (2) an IRET instruction when an invalid address is at the top of the stack; (3) a malformed MOVNTI instruction, as demonstrated by using a register as a destination; or a write operation to (4) SEGR6 or (5) SEGR7.

6.1
2007-05-02 CVE-2007-2470 Filerun Cross-Site Scripting vulnerability in FileRun

Multiple cross-site scripting (XSS) vulnerabilities in index.php in FileRun 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) module, or (3) section parameter.

5.8
2007-05-02 CVE-2007-2423 Moinmoin Cross-Site Scripting vulnerability in Moinmoin 1.5.7

Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857.

5.8
2007-04-30 CVE-2007-2349 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Services Invision Power Board 2.1/2.2

Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.

5.8
2007-05-02 CVE-2007-2437 X ORG Denial of Service vulnerability in X.Org X Window System Xserver XRender Extension Divide by Zero

The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.

5.5
2007-05-03 CVE-2007-2486 Motobit Directory Traversal vulnerability in Motobit 1.3/1.5

Directory traversal vulnerability in download.asp in Motobit 1.3 and 1.5 (aka PStruh-CZ) allows remote attackers to read arbitrary files via a ..

5.0
2007-05-02 CVE-2007-2471 Sendcard Directory Traversal vulnerability in Sendcard

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to read arbitrary files via a full pathname in the form parameter.

5.0
2007-05-02 CVE-2007-2425 Blackdot Local File Include vulnerability in Blackdot Imageview 5.3

Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a ..

5.0
2007-05-01 CVE-2007-2415 Pi3Web Resource Management Errors vulnerability in Pi3Web web Server 2.0.3Pl1

Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI.

5.0
2007-04-30 CVE-2007-2385 Yahoo Denial-Of-Service vulnerability in Ui Library

The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2383 Prototypejs Denial-Of-Service vulnerability in Prototypejs Prototype Framework 1.5.1Rc3

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2382 Mad4Milk Denial-Of-Service vulnerability in Moo.Fx

The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2381 Mochikit Denial-Of-Service vulnerability in Mochikit Framework

The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2380 Microsoft Denial-Of-Service vulnerability in Microsoft Atlas framework

The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2379 Jquery
Netapp
Information Exposure vulnerability in multiple products

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2378 Google Denial-Of-Service vulnerability in Web Toolkit

The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2377 Getahead Denial-Of-Service vulnerability in Getahead Direct web Remoting 1.1.4

The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2376 Dojo Toolkit Denial-Of-Service vulnerability in Dojo Toolkit

The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

5.0
2007-04-30 CVE-2007-2369 PHP
Webspell
Directory Traversal vulnerability in PHP

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a ..

5.0
2007-04-30 CVE-2007-2368 Webspell Remote Security vulnerability in webSPELL

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter.

5.0
2007-04-30 CVE-2007-2353 Apache Information Exposure vulnerability in Apache Axis 1.0

Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.

5.0
2007-05-02 CVE-2007-2468 HP Local Denial of Service vulnerability in HP Openvms 8.21/8.3

Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions." The vendor has addressed this issue with the following product updates: HP OpenVMS 8.2-1 Integrity: HP VMS821I_SYS-V0400.ZIPEXE ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.2-1/VMS821I_SYS-V0400.ZIP EXE HP OpenVMS 8.3 Integrity: HP VMS83I_SYS-V0200.ZIPEXE ftp://ftp.itrc.hp.com/openvms_patches/i64/V8.3/VMS83I_SYS-V0200.ZIPEXE

4.9
2007-05-02 CVE-2007-2467 Zonelabs Denial of Service vulnerability in Zonelabs Zonealarm 6.1.744.001/6.5.737.000

ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.

4.9
2007-05-02 CVE-2007-0771 Linux
Redhat
Local Denial of Service vulnerability in Linux Kernel UTrace

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

4.9
2007-04-30 CVE-2007-2361 Symantec Local Security vulnerability in BackupExec System Recovery

Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.

4.9
2007-05-02 CVE-2007-2465 SUN Local Denial Of Service vulnerability in Sun Solaris 9 Auditing BSM

Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function.

4.7
2007-05-03 CVE-2007-2480 Linux Local Security vulnerability in kernel

The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel 2.6.21 and earlier does not prevent a bind to a port with a local address when there is already a bind to that port with a wildcard local address, which might allow local users to intercept local traffic for daemons or other applications.

4.6
2007-05-02 CVE-2007-1859 Redhat
Xscreensaver
Improper Authentication vulnerability in Xscreensaver 4.10

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

4.6
2007-05-02 CVE-2007-2472 Sendcard Cross-Site Scripting vulnerability in Sendcard

Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the form parameter.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-02 CVE-2007-1366 Qemu
Debian
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
2.1
2007-05-02 CVE-2007-1322 Qemu
Debian
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
2.1