Weekly Vulnerabilities Reports > May 7 to 13, 2007
Overview
157 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 73 high severity vulnerabilities. This weekly summary report vulnerabilities in 167 products from 115 vendors including Microsoft, PHP, Wikkawiki, Apple, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Resource Management Errors", "Cross-site Scripting", and "Improper Input Validation".
- 147 reported vulnerabilities are remotely exploitables.
- 43 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 149 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
33 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-13 | CVE-2007-2639 | Prosysinfo | Directory Traversal vulnerability in Prosysinfo Tftp Server Tftpdwin 0.4.2 Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors. | 10.0 |
2007-05-13 | CVE-2007-2638 | Efilecabinet | Authentication Bypass vulnerability in EFileCabinet FileCabinetNumber eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures. | 10.0 |
2007-05-13 | CVE-2007-2633 | Positive Software | Directory Traversal vulnerability in Positive Software Sitestudio 1.6 Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. | 10.0 |
2007-05-13 | CVE-2007-0749 | Apple | Remote Buffer Overflow vulnerability in Apple Darwin Streaming Server Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. | 10.0 |
2007-05-13 | CVE-2007-0748 | Apple | Remote Buffer Overflow vulnerability in Apple Darwin Streaming Server Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. | 10.0 |
2007-05-11 | CVE-2007-2616 | Novell | Stack Buffer Overflow vulnerability in Novell Netmail NMDMC Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request. | 10.0 |
2007-05-11 | CVE-2007-2522 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | 10.0 |
2007-05-10 | CVE-2007-2584 | Mcafee | Remote Buffer Overflow vulnerability in Mcafee Security Center, Securitycenter Agent and Virusscan Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. | 10.0 |
2007-05-10 | CVE-2007-2582 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | 10.0 |
2007-05-09 | CVE-2007-2564 | Sienzo | Stack Buffer Overflow vulnerability in Sienzo Digital Music Mentor 2.6.0.4 Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function. | 10.0 |
2007-05-09 | CVE-2007-2533 | Trend Micro | Remote Security vulnerability in Trend Micro Serverprotect 5.58 Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll. | 10.0 |
2007-05-08 | CVE-2007-2528 | Trend Micro | Remote Security vulnerability in Trend Micro Serverprotect 5.58 Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests. | 10.0 |
2007-05-08 | CVE-2007-2508 | Trend Micro | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. | 10.0 |
2007-05-08 | CVE-2007-0213 | Microsoft | Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007 Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message. | 10.0 |
2007-05-07 | CVE-2007-2488 | Asterisk | Information Disclosure vulnerability in Asterisk IAX2 Text Frame The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte. | 10.0 |
2007-05-13 | CVE-2007-2644 | Morovia | Unspecified vulnerability in Morovia Barcode Activex Control 3.3.1304 A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename. | 9.4 |
2007-05-11 | CVE-2007-2601 | Divx City | Remote Buffer Overflow vulnerability in Divx City Gdivx Zenith Player 1.1/1.2 Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. | 9.3 |
2007-05-10 | CVE-2007-2588 | Office OCX | Denial of Service vulnerability in Office OCX Office Viewer OCX 3.2 Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function. | 9.3 |
2007-05-10 | CVE-2007-2585 | Barcodewiz | Remote Buffer Overflow vulnerability in Barcodewiz Barcode Activex Control 2.0/2.52 Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2007-05-09 | CVE-2007-2567 | Taltech | Remote Security vulnerability in Tal Bar Code Activex Control Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-05-09 | CVE-2007-2563 | Versalsoft | Remote Buffer Overflow vulnerability in VersalSoft HTTP File Upload ActiveX Control Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2007-05-08 | CVE-2007-2526 | Smartcode | Denial of Service vulnerability in Smartcode VNC Manager 3.6 Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument. | 9.3 |
2007-05-08 | CVE-2007-2221 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." | 9.3 |
2007-05-08 | CVE-2007-1747 | Microsoft | Resource Management Errors vulnerability in Microsoft Office Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption. | 9.3 |
2007-05-08 | CVE-2007-0947 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 6/7.0 Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. | 9.3 |
2007-05-08 | CVE-2007-0946 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. | 9.3 |
2007-05-08 | CVE-2007-0945 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6/6.0/7.0 Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." | 9.3 |
2007-05-08 | CVE-2007-0944 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2007-05-08 | CVE-2007-0942 | Microsoft | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | 9.3 |
2007-05-08 | CVE-2007-0940 | Microsoft | Remote Code Execution vulnerability in Microsoft Biztalk Server and Capicom Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability." | 9.3 |
2007-05-08 | CVE-2007-1203 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Set Font Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption. | 9.3 |
2007-05-08 | CVE-2007-0035 | Microsoft | Improper Input Validation vulnerability in Microsoft Office and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability." | 9.3 |
2007-05-07 | CVE-2007-2239 | Axis | Remote Buffer Overflow vulnerability in Axis Camera Control ActiveX Control AxisCamControl.OCX Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument. | 9.3 |
73 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-11 | CVE-2006-3456 | Symantec | Code Injection vulnerability in Symantec products The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. | 8.5 |
2007-05-11 | CVE-2007-2613 | Wikkawiki | Remote Security vulnerability in WikkaWiki WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable. | 8.3 |
2007-05-13 | CVE-2007-2642 | R2K | Local File Include vulnerability in R2K Gallery 1.7 Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-05-13 | CVE-2007-2640 | Heiko Stamer | Unspecified vulnerability in Heiko Stamer Libtmcg 1.0/1.0.1/1.1 LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards. | 7.8 |
2007-05-13 | CVE-2007-2635 | Interchange Development Group | Denial-Of-Service vulnerability in Interchange Development Group Interchange 5.4.1 Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests. | 7.8 |
2007-05-11 | CVE-2007-2629 | Bradford Networks | Information Disclosure vulnerability in Bradford Networks Campusmanager Network Control Application Server 3.1(6) Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/. | 7.8 |
2007-05-11 | CVE-2007-2623 | Fruit2004 | Buffer Overflow vulnerability in Fruit2004 Remote Display Development KIT 1.2.10 Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll. | 7.8 |
2007-05-11 | CVE-2007-2606 | Firebirdsql | Buffer Overflow vulnerability in Firebirdsql Firebird 2.1 Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. | 7.8 |
2007-05-11 | CVE-2007-2604 | Brew City Software | Denial-Of-Service vulnerability in Flexlabel Ocx Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property. | 7.8 |
2007-05-11 | CVE-2007-2603 | Audio CD Tools | Denial of Service vulnerability in Audio CD Tools Audio CD Ripper OCX 1.0 Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors. | 7.8 |
2007-05-09 | CVE-2006-7202 | Mambo | Unspecified vulnerability in Mambo Open Source 4.6.1 The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | 7.8 |
2007-05-09 | CVE-2007-2554 | Associated Press | Remote Security vulnerability in Newspower Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript. | 7.8 |
2007-05-09 | CVE-2007-2539 | Runcms | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. | 7.8 |
2007-05-09 | CVE-2007-2536 | Picozip | Remote Denial of Service vulnerability in Picozip 4.01/4.02 PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-2535 | Winace | Remote Denial of Service vulnerability in Winace 2.5/2.6.0.5/2.60 WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-1673 | Amavis Avast Avira Panda Picozip Rahul Dhesi Unzoo Winace Barracuda Networks | Resource Management Errors vulnerability in multiple products unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-1672 | Avast | Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-1671 | Avira | Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-1670 | Panda | Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-09 | CVE-2007-1669 | Barracuda Networks Amavis | Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. | 7.8 |
2007-05-08 | CVE-2007-0221 | Microsoft | Integer Overflow OR Wraparound vulnerability in Microsoft Exchange Server 2000 Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." | 7.8 |
2007-05-08 | CVE-2007-0039 | Microsoft | Null Pointer Dereference vulnerability in Microsoft Exchange Server 2000/2003/2007 The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception. | 7.8 |
2007-05-08 | CVE-2007-0215 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel, Excel Viewer and Office Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption. | 7.6 |
2007-05-13 | CVE-2007-2641 | W1L3D4 | SQL Injection vulnerability in W1L3D4 Philboard 0.2 SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920. | 7.5 |
2007-05-13 | CVE-2007-2631 | Squirrelmail | Cross-Site Request Forgery vulnerability in SquirelMail Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | 7.5 |
2007-05-11 | CVE-2007-2628 | Justin Koivisto | Remote File Include vulnerability in Justin Koivisto PHPsecurityadmin 4.0.2 PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | 7.5 |
2007-05-11 | CVE-2007-2622 | Taskdriver | SQL Injection vulnerability in TaskDriver Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php. | 7.5 |
2007-05-11 | CVE-2007-2621 | Extrovert Software | SQL Injection vulnerability in Extrovert Software Thyme Calndar 1.3 SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
2007-05-11 | CVE-2007-2620 | Jakub Steiner | Remote File Include vulnerability in Jakub Steiner Original 0.11 PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter. | 7.5 |
2007-05-11 | CVE-2007-2615 | Crie SUE | Remote File Include vulnerability in Crie SUE PHPlojafacil 0.1.5 Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. | 7.5 |
2007-05-11 | CVE-2007-2614 | Phphtmllib | Remote Security vulnerability in Phphtmllib PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. | 7.5 |
2007-05-11 | CVE-2007-2612 | Wikkawiki | SQL-Injection vulnerability in WikkaWiki SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | 7.5 |
2007-05-11 | CVE-2007-2609 | Gnuedu | Code Injection vulnerability in Gnuedu GNU EDU 1.3B2 Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php. | 7.5 |
2007-05-11 | CVE-2007-2608 | Miplex2 | Remote File Include vulnerability in Miplex2 Alpha1 PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter. | 7.5 |
2007-05-11 | CVE-2007-2607 | Lavague | Remote File Include vulnerability in LaVague PrintBar.PHP PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter. | 7.5 |
2007-05-11 | CVE-2007-2599 | Wavelink Media | SQL Injection vulnerability in TutorialCMS Search.PHP Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php. | 7.5 |
2007-05-11 | CVE-2007-2597 | Telltargetcms | Remote File Include vulnerability in TellTargetCMS Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/. | 7.5 |
2007-05-11 | CVE-2007-2596 | Agner FOG | Remote File Include vulnerability in AForum Func.PHP PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter. | 7.5 |
2007-05-11 | CVE-2007-2594 | Phpmyportal | Remote File Include vulnerability in PHPmyportal 3.0.0Rc3 PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter. | 7.5 |
2007-05-11 | CVE-2007-2593 | Microsoft | Remote Security Restriction Bypass vulnerability in Microsoft Windows Terminal Services The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. | 7.5 |
2007-05-11 | CVE-2007-2591 | Nokia | Denial-Of-Service vulnerability in Nokia products usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action. | 7.5 |
2007-05-09 | CVE-2007-2578 | Acp3 | Input Validation vulnerability in Acp3 4.0Beta3 Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter. | 7.5 |
2007-05-09 | CVE-2007-2577 | Acp3 | Input Validation vulnerability in Acp3 4.0Beta3 Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php. | 7.5 |
2007-05-09 | CVE-2007-2575 | VM Watermark | Code Injection vulnerability in VM Watermark VM Watermark 0.4.1 PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | 7.5 |
2007-05-09 | CVE-2007-2573 | Phptree | Remote Security vulnerability in PHPtree 1.3 PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter. | 7.5 |
2007-05-09 | CVE-2007-2572 | Noah | Code Injection vulnerability in Noah PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter. | 7.5 |
2007-05-09 | CVE-2007-2571 | Xoops | SQL Injection vulnerability in Xoops Wfquotes Module SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |
2007-05-09 | CVE-2007-2570 | Guilain Omont | Remote Security vulnerability in Wikivi5 PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter. | 7.5 |
2007-05-09 | CVE-2007-2569 | Practical Creative AND Code | Remote Security vulnerability in Friendly Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/. | 7.5 |
2007-05-09 | CVE-2007-2561 | Fipsasp | SQL Injection vulnerability in Fipsasp Fipscms 2.1 SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115. | 7.5 |
2007-05-09 | CVE-2007-2559 | American Cart | Remote Security vulnerability in American Cart American Cart 3.5 Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php. | 7.5 |
2007-05-09 | CVE-2007-2556 | Nuked Klan | SQL Injection vulnerability in Nuked-Klan 1.7.6 SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI. | 7.5 |
2007-05-09 | CVE-2007-2549 | Turnkey WEB Tools | SQL-Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter. | 7.5 |
2007-05-09 | CVE-2007-2545 | Persism CMS | Remote File Include vulnerability in Persism Content Management System Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/. | 7.5 |
2007-05-09 | CVE-2007-2544 | PHP Toptree BBS | Remote File Include vulnerability in PHP TopTree BBS TPL_Message.PHP PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. | 7.5 |
2007-05-09 | CVE-2007-2543 | Xoops | SQL Injection vulnerability in Xoops Flashgames Module 1.0.1 SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
2007-05-09 | CVE-2007-2542 | Workbench Survival Guide | Remote File Include vulnerability in Workbench Survival Guide Workbench Survival Guide 0.11 PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 7.5 |
2007-05-09 | CVE-2007-2541 | Versado CMS | Remote File Include vulnerability in Versado CMS Versado CMS 1.07 PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. | 7.5 |
2007-05-09 | CVE-2007-2540 | Pmecms | Remote File Include vulnerability in PMECMS Config[PathMod] Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/. | 7.5 |
2007-05-09 | CVE-2007-2538 | Runcms | SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. | 7.5 |
2007-05-09 | CVE-2007-2531 | Berylium | Remote File-Include vulnerability in Berylium Berylium2 20030818 PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter. | 7.5 |
2007-05-09 | CVE-2007-2530 | Tropicalm | Denial-Of-Service vulnerability in Tropicalm Crowell Resource 4.5.2 Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php. | 7.5 |
2007-05-09 | CVE-2007-1864 | PHP Debian Canonical Redhat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors. | 7.5 |
2007-05-08 | CVE-2007-2527 | Dynamicpad | Remote File Include vulnerability in Dynamicpad 1.02 Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php. | 7.5 |
2007-05-08 | CVE-2007-0323 | RIM | Buffer Overflow vulnerability in Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-05-08 | CVE-2007-2521 | E Gads | Code Injection vulnerability in E-Gads PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | 7.5 |
2007-05-11 | CVE-2007-2523 | Broadcom CA | CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0. | 7.2 |
2007-05-09 | CVE-2007-2553 | HP | Local Privilege Escalation vulnerability in HP Tru64 5.1A/5.1B3/5.1B4 Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable. | 7.2 |
2007-05-09 | CVE-2007-2529 | SUN | Local Denial Of Service vulnerability in Sun Solaris ACE_SETACL Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. | 7.2 |
2007-05-09 | CVE-2007-2511 | PHP | Unspecified vulnerability in PHP Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors. | 7.2 |
2007-05-11 | CVE-2007-2605 | Brujula Toolbar | Denial of Service vulnerability in Brujula Toolbar NULL Pointer Dereference Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments. | 7.1 |
2007-05-09 | CVE-2007-2565 | Cdelia Software | Denial of Service vulnerability in Cdelia Software ImageProcessing Malformed BMP File Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. | 7.1 |
2007-05-09 | CVE-2007-0608 | Advanced Guestbook | Information Disclosure vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2 Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path. | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-13 | CVE-2007-2636 | Jason Frisvold | Security Bypass vulnerability in PHP Todo List Manager Regular Expressions Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. | 6.8 |
2007-05-13 | CVE-2007-2634 | Agner FOG | Remote Security vulnerability in Agner FOG Aforum 1.32 PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter. | 6.8 |
2007-05-13 | CVE-2007-2632 | PHP Multi User Randomizer | Cross-Site Scripting vulnerability in PHP Multi User Randomizer PHP Multi User Randomizer 2006.09.13 Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[]. | 6.8 |
2007-05-11 | CVE-2007-2627 | Wordpress | Cross-Site Scripting vulnerability in WordPress Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622. | 6.8 |
2007-05-11 | CVE-2007-2625 | Aiocp | Cross-Site Scripting vulnerability in AIOCP Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.8 |
2007-05-11 | CVE-2007-2624 | Aiocp | Cross-Site Scripting vulnerability in All In One Control Panel CP_Config.PHP Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array. | 6.8 |
2007-05-11 | CVE-2007-2611 | CGX | Remote File Include vulnerability in CGX 20050314 Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/. | 6.8 |
2007-05-11 | CVE-2007-2600 | Wavelink Media | Cross-Site Scripting vulnerability in Tutorialcms Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php. | 6.8 |
2007-05-09 | CVE-2007-2576 | East Wind Software | Buffer Overflow vulnerability in East Wind Software Advdaudio.Ocx 1.5.1.1 Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. | 6.8 |
2007-05-09 | CVE-2007-2546 | Simple Machines | Improper Authentication vulnerability in Simple Machines Simple Machines Forum Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2007-05-08 | CVE-2007-1202 | Microsoft | Improper Input Validation vulnerability in Microsoft Word, Word Viewer and Works Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability." | 6.8 |
2007-05-08 | CVE-2007-0220 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000/2003 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | 6.8 |
2007-05-08 | CVE-2007-1214 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption. | 6.8 |
2007-05-11 | CVE-2007-2630 | Activecampaign | Remote Code Execution vulnerability in Activecampaign 1-2-All Broadcast Email 4.5/4.53.13 Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. | 6.5 |
2007-05-11 | CVE-2007-2595 | Rscript | Unspecified vulnerability in Rscript Rsauction 2.73.1.3 RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration. | 6.5 |
2007-05-09 | CVE-2007-2537 | Npds | SQL Injection vulnerability in NPDS Mainfile.PHP Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header. | 6.5 |
2007-05-11 | CVE-2007-2590 | Nokia | Information Exposure vulnerability in Nokia products Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp. | 6.4 |
2007-05-09 | CVE-2007-2548 | Turnkey WEB Tools | Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation." | 6.4 |
2007-05-10 | CVE-2007-2587 | Cisco | Multiple vulnerability in Cisco IOS FTP Server The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244). | 6.3 |
2007-05-09 | CVE-2007-2579 | Acp3 | Cross-Site Scripting vulnerability in Acp3 4.0Beta3 Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php. | 5.8 |
2007-05-11 | CVE-2007-2618 | Drake Team | Unspecified vulnerability in Drake Team Drake CMS 0.4.0 CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. | 5.1 |
2007-05-09 | CVE-2007-0609 | Advanced Guestbook | Local File Include vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2 Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. | 5.1 |
2007-05-09 | CVE-2007-2510 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters. | 5.1 |
2007-05-13 | CVE-2007-2643 | Pinkcrow Designs | Local File Include vulnerability in Pinkcrow Designs Gallery Magazin 2.0 Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-13 | CVE-2007-2637 | Ubuntu Moinmoin | Remote Security vulnerability in MoinMoin MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors. | 5.0 |
2007-05-11 | CVE-2007-2589 | Squirrelmail | Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element. | 5.0 |
2007-05-11 | CVE-2007-0244 | Debian Poptop | Denial Of Service vulnerability in PopTop PPTP Server GRE Packet pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued. | 5.0 |
2007-05-09 | CVE-2007-2574 | Archangelmgt | Denial-Of-Service vulnerability in Archangelmgt Weblog 0.90.02 Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-09 | CVE-2007-2566 | Taltech | Denial-Of-Service vulnerability in Tal Bar Code Activex Control The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package. | 5.0 |
2007-05-09 | CVE-2007-2560 | Mentiss Acgv | Local File Include vulnerability in Mentiss ACGV acgvnnu Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-09 | CVE-2007-2552 | Wikkawiki | Information Exposure vulnerability in Wikkawiki The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds. | 5.0 |
2007-05-09 | CVE-2007-2550 | Devellion | HTTP Response Splitting vulnerability in Devellion Cubecart 3.0.15 Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php. | 5.0 |
2007-05-08 | CVE-2007-2525 | Linux | Local Denial of Service vulnerability in Linux Kernel 2.6.21 Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized. | 4.9 |
2007-05-07 | CVE-2007-1861 | Linux | Resource Management Errors vulnerability in Linux Kernel The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow. | 4.9 |
2007-05-11 | CVE-2007-2619 | Symantec | Local Information Disclosure vulnerability in Symantec Pcanywhere 11.5/11.5.1/12.0 Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785. | 4.6 |
2007-05-11 | CVE-2007-2592 | Nokia | Multiple vulnerability in Nokia products Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files. | 4.3 |
2007-05-11 | CVE-2007-1262 | Squirrelmail | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | 4.3 |
2007-05-10 | CVE-2007-1280 | Microsoft Adobe | Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6. | 4.3 |
2007-05-09 | CVE-2007-2581 | Microsoft | Cross-Site Scripting vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | 4.3 |
2007-05-09 | CVE-2007-2562 | Kayako | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.90 Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter. | 4.3 |
2007-05-09 | CVE-2007-2555 | Podium CMS | Improper Authentication vulnerability in Podium CMS Podium CMS Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS). | 4.3 |
2007-05-09 | CVE-2007-0605 | Advanced Guestbook | Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2 Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. | 4.3 |
2007-05-09 | CVE-2007-2551 | Wikkawiki | Cross-Site Scripting And Information Disclosure vulnerability in WikkaWiki Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | 4.3 |
2007-05-09 | CVE-2007-2547 | Turnkey WEB Tools | Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0 Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. | 4.3 |
2007-05-09 | CVE-2007-2532 | Obie Website | Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2 Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734. | 4.3 |
2007-05-08 | CVE-2007-2524 | Otrs | Cross-Site Scripting vulnerability in Otrs 2.0.4 Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. | 4.3 |
2007-05-10 | CVE-2007-2583 | Oracle Debian Canonical | The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. | 4.0 |
2007-05-09 | CVE-2007-2557 | Mambo | Remote Security vulnerability in Mambo 4.6.1 MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. | 4.0 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-09 | CVE-2007-2509 | PHP | Improper Input Validation vulnerability in PHP CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands. | 2.6 |
2007-05-11 | CVE-2007-2617 | SUN | Local Information Disclosure vulnerability in SUN NET Connect Software 3.2.3/3.2.4 srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. | 2.1 |
2007-05-09 | CVE-2007-2580 | Apple | Local vulnerability in Apple Safari Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | 1.9 |