Weekly Vulnerabilities Reports > May 7 to 13, 2007

Overview

168 new vulnerabilities reported during this period, including 35 critical vulnerabilities and 77 high severity vulnerabilities. This weekly summary report vulnerabilities in 177 products from 123 vendors including Microsoft, Apache, PHP, Wikkawiki, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Code Injection", "Resource Management Errors", and "Improper Input Validation".

  • 158 reported vulnerabilities are remotely exploitables.
  • 45 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 160 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 20 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

35 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-13 CVE-2007-2639 Prosysinfo Directory Traversal vulnerability in Prosysinfo Tftp Server Tftpdwin 0.4.2

Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.

10.0
2007-05-13 CVE-2007-2638 Efilecabinet Authentication Bypass vulnerability in EFileCabinet FileCabinetNumber

eFileCabinet 3.3 allows remote attackers to bypass authentication and access restricted portions of the interface via an invalid filecabinetnumber, which can be leveraged to obtain sensitive information or create new data structures.

10.0
2007-05-13 CVE-2007-2633 Positive Software Directory Traversal vulnerability in Positive Software Sitestudio 1.6

Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a ..

10.0
2007-05-13 CVE-2007-0749 Apple Remote Buffer Overflow vulnerability in Apple Darwin Streaming Server

Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

10.0
2007-05-13 CVE-2007-0748 Apple Remote Buffer Overflow vulnerability in Apple Darwin Streaming Server

Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.

10.0
2007-05-11 CVE-2007-2616 Novell Stack Buffer Overflow vulnerability in Novell Netmail NMDMC

Stack-based buffer overflow in the SSL version of the NMDMC.EXE service in Novell NetMail 3.52e FTF2 and probably earlier allows remote attackers to execute arbitrary code via a crafted request.

10.0
2007-05-11 CVE-2007-2598 Simplenews SQL Injection vulnerability in Simplenews 1.0.0Final

SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

10.0
2007-05-11 CVE-2007-2522 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom products

Stack-based buffer overflow in the inoweb Console Server in CA Anti-Virus for the Enterprise r8, Threat Manager r8, Anti-Spyware for the Enterprise r8, and Protection Suites r3 allows remote attackers to execute arbitrary code via a long (1) username or (2) password.

10.0
2007-05-10 CVE-2007-2584 Mcafee Remote Buffer Overflow vulnerability in Mcafee Security Center, Securitycenter Agent and Virusscan

Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument.

10.0
2007-05-10 CVE-2007-2582 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."

10.0
2007-05-09 CVE-2007-2564 Sienzo Stack Buffer Overflow vulnerability in Sienzo Digital Music Mentor 2.6.0.4

Multiple stack-based buffer overflows in the Sienzo Digital Music Mentor (DMM) 2.6.0.4 ActiveX control (DSKernel2.dll) allow remote attackers to execute arbitrary code via a long argument to the (1) LockModules or (2) UnlockModule function.

10.0
2007-05-09 CVE-2007-2533 Trend Micro Remote Security vulnerability in Trend Micro Serverprotect 5.58

Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.

10.0
2007-05-08 CVE-2007-2528 Trend Micro Remote Security vulnerability in Trend Micro Serverprotect 5.58

Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for Windows before Security Patch 3 Build 1176 allows remote attackers to execute arbitrary code via unknown vectors related to RPC requests.

10.0
2007-05-08 CVE-2007-2508 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Serverprotect

Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe.

10.0
2007-05-08 CVE-2007-0213 Microsoft Improper Input Validation vulnerability in Microsoft Exchange Server 2000/2003/2007

Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.

10.0
2007-05-07 CVE-2007-2488 Asterisk Information Disclosure vulnerability in Asterisk IAX2 Text Frame

The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

10.0
2007-05-13 CVE-2007-2644 Morovia Unspecified vulnerability in Morovia Barcode Activex Control 3.3.1304

A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.

9.4
2007-05-11 CVE-2007-2601 Divx City Remote Buffer Overflow vulnerability in Divx City Gdivx Zenith Player 1.1/1.2

Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.

9.3
2007-05-10 CVE-2007-2588 Office OCX Denial of Service vulnerability in Office OCX Office Viewer OCX 3.2

Multiple buffer overflows in the Office Viewer OCX ActiveX control (oa.ocx) 3.2 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) HttpDownloadFile, (2) Open, (3) OpenWebFile, (4) DoOleCommand, (5) FTPDownloadFile, (6) FTPUploadFile, (7) HttpUploadFile, (8) Save, or (9) SaveWebFile function.

9.3
2007-05-10 CVE-2007-2586 Cisco Incorrect Authorization vulnerability in Cisco IOS

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

9.3
2007-05-10 CVE-2007-2585 Barcodewiz Remote Buffer Overflow vulnerability in Barcodewiz Barcode Activex Control 2.0/2.52

Stack-based buffer overflow in the Verify function in the BarCodeWiz ActiveX control 2.0 and 2.52 (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument.

9.3
2007-05-09 CVE-2007-2567 Taltech Remote Security vulnerability in Tal Bar Code Activex Control

Buffer overflow in the SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-05-09 CVE-2007-2563 Versalsoft Remote Buffer Overflow vulnerability in VersalSoft HTTP File Upload ActiveX Control

Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.

9.3
2007-05-08 CVE-2007-2526 Smartcode Denial of Service vulnerability in Smartcode VNC Manager 3.6

Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.

9.3
2007-05-08 CVE-2007-2221 Microsoft Remote Code Execution vulnerability in Microsoft Windows Media Server MDSAuth.DLL ActiveX Control

Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."

9.3
2007-05-08 CVE-2007-1747 Microsoft Resource Management Errors vulnerability in Microsoft Office

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.

9.3
2007-05-08 CVE-2007-0947 Microsoft Resource Management Errors vulnerability in Microsoft IE 6/7.0

Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.

9.3
2007-05-08 CVE-2007-0946 Microsoft Remote Code Execution vulnerability in Microsoft IE 7.0

Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.

9.3
2007-05-08 CVE-2007-0945 Microsoft Remote Code Execution vulnerability in Microsoft IE 6/6.0/7.0

Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability."

9.3
2007-05-08 CVE-2007-0944 Microsoft Remote Code Execution vulnerability in Microsoft IE 5.01/6.0

Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."

9.3
2007-05-08 CVE-2007-0942 Microsoft Unspecified vulnerability in Microsoft IE 5.0.1/6.0/7.0

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

9.3
2007-05-08 CVE-2007-0940 Microsoft Remote Code Execution vulnerability in Microsoft Biztalk Server and Capicom

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."

9.3
2007-05-08 CVE-2007-1203 Microsoft Remote Code Execution vulnerability in Microsoft Excel Set Font

Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.

9.3
2007-05-08 CVE-2007-0035 Microsoft Improper Input Validation vulnerability in Microsoft Office and Works

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."

9.3
2007-05-07 CVE-2007-2239 Axis Remote Buffer Overflow vulnerability in Axis Camera Control ActiveX Control AxisCamControl.OCX

Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.

9.3

77 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-11 CVE-2006-3456 Symantec Code Injection vulnerability in Symantec products

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.

8.5
2007-05-11 CVE-2007-2613 Wikkawiki Remote Security vulnerability in WikkaWiki

WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared virtual host server environment to upload and execute an arbitrary configuration file by modifying the WAKKA_CONFIG environment variable.

8.3
2007-05-13 CVE-2007-2642 R2K Local File Include vulnerability in R2K Gallery 1.7

Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a ..

7.8
2007-05-13 CVE-2007-2640 Heiko Stamer Unspecified vulnerability in Heiko Stamer Libtmcg 1.0/1.0.1/1.1

LibTMCG before 1.1.1 does not perform a range check to avoid "trivial group generators," which allows attackers to obtain sensitive information about private cards.

7.8
2007-05-13 CVE-2007-2635 Interchange Development Group Denial-Of-Service vulnerability in Interchange Development Group Interchange 5.4.1

Unspecified vulnerability in Interchange before 5.4.2 allows remote attackers to cause an unspecified denial of service (possibly server hang) via crafted HTTP requests.

7.8
2007-05-11 CVE-2007-2629 Bradford Networks Information Disclosure vulnerability in Bradford Networks Campusmanager Network Control Application Server 3.1(6)

Bradford CampusManager Network Control Application Server 3.1(6) allows remote attackers to obtain sensitive information (backup, log, and configuration files) via direct request for certain files in (1) /runTime/ or (2) /remediationReports/.

7.8
2007-05-11 CVE-2007-2623 Fruit2004 Buffer Overflow vulnerability in Fruit2004 Remote Display Development KIT 1.2.10

Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.

7.8
2007-05-11 CVE-2007-2606 Firebirdsql Buffer Overflow vulnerability in Firebirdsql Firebird 2.1

Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp.

7.8
2007-05-11 CVE-2007-2604 Brew City Software Denial-Of-Service vulnerability in Flexlabel Ocx

Unspecified vulnerability in the FlexLabel ActiveX control allows remote attackers to cause a denial of service (unstable behavior) via an improper initialization, as demonstrated by a certain value of the Caption property.

7.8
2007-05-11 CVE-2007-2603 Audio CD Tools Denial of Service vulnerability in Audio CD Tools Audio CD Ripper OCX 1.0

Unspecified vulnerability in the Init function in the Audio CD Ripper OCX (AudioCDRipperOCX.ocx) 1.0 ActiveX control allows remote attackers to cause a denial of service (NULL dereference and Internet Explorer crash) via unspecified vectors.

7.8
2007-05-11 CVE-2007-2602 Ipswitch Denial-Of-Service vulnerability in Ipswitch Whatsup Gold 11

Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows attackers to cause a denial of service (application crash) or execute arbitrary code via a long MIB filename argument.

7.8
2007-05-09 CVE-2006-7202 Mambo Unspecified vulnerability in Mambo Open Source 4.6.1

The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.

7.8
2007-05-09 CVE-2007-2554 Associated Press Remote Security vulnerability in Newspower

Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript.

7.8
2007-05-09 CVE-2007-2539 Runcms SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php

The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors.

7.8
2007-05-09 CVE-2007-2536 Picozip Remote Denial of Service vulnerability in Picozip 4.01/4.02

PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-2535 Winace Remote Denial of Service vulnerability in Winace 2.5/2.6.0.5/2.60

WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-1673 Amavis
Avast
Avira
Panda
Picozip
Rahul Dhesi
Unzoo
Winace
Barracuda Networks
Resource Management Errors vulnerability in multiple products

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-1672 Avast Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm

avast! antivirus before 4.7.981 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-1671 Avira Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm

avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-1670 Panda Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm

Panda Software Antivirus before 20070402 allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-09 CVE-2007-1669 Barracuda Networks
Amavis
Remote Denial of Service vulnerability in Multiple Vendors Zoo Compression Algorithm

zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

7.8
2007-05-08 CVE-2007-0221 Microsoft Integer Overflow OR Wraparound vulnerability in Microsoft Exchange Server 2000

Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."

7.8
2007-05-08 CVE-2007-0039 Microsoft Null Pointer Dereference vulnerability in Microsoft Exchange Server 2000/2003/2007

The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.

7.8
2007-05-08 CVE-2007-0215 Microsoft Remote Code Execution vulnerability in Microsoft Excel, Excel Viewer and Office

Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.

7.6
2007-05-13 CVE-2007-2641 W1L3D4 SQL Injection vulnerability in W1L3D4 Philboard 0.2

SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard 0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter, a different vector than CVE-2007-0920.

7.5
2007-05-13 CVE-2007-2631 Squirrelmail Cross-Site Request Forgery vulnerability in SquirelMail

Cross-site request forgery (CSRF) vulnerability in SquirrelMail 1.4.8-4.fc6 and earlier allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.

7.5
2007-05-11 CVE-2007-2628 Justin Koivisto Remote File Include vulnerability in Justin Koivisto PHPsecurityadmin 4.0.2

PHP remote file inclusion vulnerability in include/logout.php in Justin Koivisto SecurityAdmin for PHP (aka PHPSecurityAdmin, PSA) 4.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.

7.5
2007-05-11 CVE-2007-2626 Free PHP Scripts SQL Injection vulnerability in SchoolBoard

** DISPUTED ** SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

7.5
2007-05-11 CVE-2007-2622 Taskdriver SQL Injection vulnerability in TaskDriver

Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login.php or (2) the taskid parameter to notes.php.

7.5
2007-05-11 CVE-2007-2621 Extrovert Software SQL Injection vulnerability in Extrovert Software Thyme Calndar 1.3

SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter.

7.5
2007-05-11 CVE-2007-2620 Jakub Steiner Remote File Include vulnerability in Jakub Steiner Original 0.11

PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub Steiner (aka jimmac) original 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the x[1] parameter.

7.5
2007-05-11 CVE-2007-2615 Crie SUE Remote File Include vulnerability in Crie SUE PHPlojafacil 0.1.5

Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php.

7.5
2007-05-11 CVE-2007-2614 Phphtmllib Remote Security vulnerability in Phphtmllib

PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter.

7.5
2007-05-11 CVE-2007-2612 Wikkawiki SQL-Injection vulnerability in WikkaWiki

SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to execute arbitrary SQL commands via the limit parameter.

7.5
2007-05-11 CVE-2007-2609 Gnuedu Code Injection vulnerability in Gnuedu GNU EDU 1.3B2

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

7.5
2007-05-11 CVE-2007-2608 Miplex2 Remote File Include vulnerability in Miplex2 Alpha1

PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote attackers to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.

7.5
2007-05-11 CVE-2007-2607 Lavague Remote File Include vulnerability in LaVague PrintBar.PHP

PHP remote file inclusion vulnerability in views/print/printbar.php in LaVague 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the views_path parameter.

7.5
2007-05-11 CVE-2007-2599 Wavelink Media SQL Injection vulnerability in TutorialCMS Search.PHP

Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or (3) the search parameter to search.php.

7.5
2007-05-11 CVE-2007-2597 Telltargetcms Remote File Include vulnerability in TellTargetCMS

Multiple PHP remote file inclusion vulnerabilities in telltarget CMS 1.3.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) ordnertiefe parameter to site_conf.php; or the (2) tt_docroot parameter to (a) class.csv.php, (b) produkte_nach_serie.php, or (c) ref_kd_rubrik.php in functionen/; (d) hg_referenz_jobgalerie.php, (e) surfer_anmeldung_NWL.php, (f) produkte_nach_serie_alle.php, (g) surfer_aendern.php, (h) ref_kd_rubrik.php, or (i) referenz.php in module/; or (j) 1/lay.php or (k) 3/lay.php in standard/.

7.5
2007-05-11 CVE-2007-2596 Agner FOG Remote File Include vulnerability in AForum Func.PHP

PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.

7.5
2007-05-11 CVE-2007-2594 Phpmyportal Remote File Include vulnerability in PHPmyportal 3.0.0Rc3

PHP remote file inclusion vulnerability in inc/articles.inc.php in phpMyPortal 3.0.0 RC3 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[CHEMINMODULES] parameter.

7.5
2007-05-11 CVE-2007-2593 Microsoft Remote Security Restriction Bypass vulnerability in Microsoft Windows Terminal Services

The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client.

7.5
2007-05-11 CVE-2007-2591 Nokia Denial-Of-Service vulnerability in Nokia products

usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to modify user account details and cause a denial of service (account deactivation) via the userid parameter in an update action.

7.5
2007-05-09 CVE-2007-2578 Acp3 Input Validation vulnerability in Acp3 4.0Beta3

Unspecified vulnerability in search/list/action_search/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the form[search_term] parameter.

7.5
2007-05-09 CVE-2007-2577 Acp3 Input Validation vulnerability in Acp3 4.0Beta3

Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to execute arbitrary SQL commands via (1) the mode parameter to feeds.php, the (2) form[cat] parameter to (a) news/list/index.php or (b) certain news/details/id_*/action_create/index.php files, or (3) the form[mods][] parameter to search/list/action_search/index.php.

7.5
2007-05-09 CVE-2007-2575 VM Watermark Code Injection vulnerability in VM Watermark VM Watermark 0.4.1

PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

7.5
2007-05-09 CVE-2007-2573 Phptree Remote Security vulnerability in PHPtree 1.3

PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in PHPtree 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_dir parameter.

7.5
2007-05-09 CVE-2007-2572 Noah Code Injection vulnerability in Noah

PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter.

7.5
2007-05-09 CVE-2007-2571 Xoops SQL Injection vulnerability in Xoops Wfquotes Module

SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.

7.5
2007-05-09 CVE-2007-2570 Guilain Omont Remote Security vulnerability in Wikivi5

PHP remote file inclusion vulnerability in handlers/page/show.php in Wikivi5 allows remote attackers to execute arbitrary PHP code via a URL in the sous_rep parameter.

7.5
2007-05-09 CVE-2007-2569 Practical Creative AND Code Remote Security vulnerability in Friendly

Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

7.5
2007-05-09 CVE-2007-2561 Fipsasp SQL Injection vulnerability in Fipsasp Fipscms 2.1

SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-6115.

7.5
2007-05-09 CVE-2007-2559 American Cart Remote Security vulnerability in American Cart American Cart 3.5

Multiple PHP remote file inclusion vulnerabilities in american cart 3.5 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php, (2) checkout.php, and (3) libsecure.php.

7.5
2007-05-09 CVE-2007-2558 Netsliver Unspecified vulnerability in Netsliver PFA CMS 6.0

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in phpFullAnnu CMS (pfa CMS) 6.0 allows remote attackers to execute arbitrary PHP code via a URL in the repinc parameter.

7.5
2007-05-09 CVE-2007-2556 Nuked Klan SQL Injection vulnerability in Nuked-Klan 1.7.6

SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.

7.5
2007-05-09 CVE-2007-2549 Turnkey WEB Tools SQL-Injection vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.

7.5
2007-05-09 CVE-2007-2545 Persism CMS Remote File Include vulnerability in Persism Content Management System

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

7.5
2007-05-09 CVE-2007-2544 PHP Toptree BBS Remote File Include vulnerability in PHP TopTree BBS TPL_Message.PHP

PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter.

7.5
2007-05-09 CVE-2007-2543 Xoops SQL Injection vulnerability in Xoops Flashgames Module 1.0.1

SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

7.5
2007-05-09 CVE-2007-2542 Workbench Survival Guide Remote File Include vulnerability in Workbench Survival Guide Workbench Survival Guide 0.11

PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

7.5
2007-05-09 CVE-2007-2541 Versado CMS Remote File Include vulnerability in Versado CMS Versado CMS 1.07

PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter.

7.5
2007-05-09 CVE-2007-2540 Pmecms Remote File Include vulnerability in PMECMS Config[PathMod]

Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3) mod/liste/, (4) mod/special/, or (5) mod/texte/.

7.5
2007-05-09 CVE-2007-2538 Runcms SQL Injection and Information Disclosure vulnerability in RunCms Debug_Show.php

SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter.

7.5
2007-05-09 CVE-2007-2534 Phphoo3 SQL Injection vulnerability in RETIRED: PHPHoo3

** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login.

7.5
2007-05-09 CVE-2007-2531 Berylium Remote File-Include vulnerability in Berylium Berylium2 20030818

PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.

7.5
2007-05-09 CVE-2007-2530 Tropicalm Denial-Of-Service vulnerability in Tropicalm Crowell Resource 4.5.2

Multiple PHP remote file inclusion vulnerabilities in Tropicalm Crowell Resource 4.5.2 allow remote attackers to execute arbitrary PHP code via a URL in the RESPATH parameter to (1) dosearch.php or (2) printfriendly.php.

7.5
2007-05-09 CVE-2007-1864 PHP
Debian
Canonical
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.

7.5
2007-05-08 CVE-2007-2527 Dynamicpad Remote File Include vulnerability in Dynamicpad 1.02

Multiple PHP remote file inclusion vulnerabilities in DynamicPAD before 1.03.31 allow remote attackers to execute arbitrary PHP code via a URL in the HomeDir parameter to (1) dp_logs.php or (2) index.php.

7.5
2007-05-08 CVE-2007-0323 RIM Buffer Overflow vulnerability in Research In Motion Blackberry TeamOn Import Object ActiveX Control

Buffer overflow in the SetLanguage function in Research In Motion (RIM) TeamOn Import Object ActiveX control (TOImport.dll) allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
2007-05-08 CVE-2007-2521 E Gads Code Injection vulnerability in E-Gads

PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter.

7.5
2007-05-11 CVE-2007-2523 Broadcom
CA
CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before 20070510 use weak permissions (NULL security descriptor) for the Task Service shared file mapping, which allows local users to modify this mapping and gain privileges by triggering a stack-based buffer overflow in InoCore.dll before 8.0.448.0.
7.2
2007-05-09 CVE-2007-2553 HP Local Privilege Escalation vulnerability in HP Tru64 5.1A/5.1B3/5.1B4

Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.

7.2
2007-05-09 CVE-2007-2529 SUN Local Denial Of Service vulnerability in Sun Solaris ACE_SETACL

Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL.

7.2
2007-05-09 CVE-2007-2511 PHP Unspecified vulnerability in PHP

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

7.2
2007-05-11 CVE-2007-2605 Brujula Toolbar Denial of Service vulnerability in Brujula Toolbar NULL Pointer Dereference

Unspecified vulnerability in the GetPropertyById function in ISoftomateObj in SoftomateLib in BRUJULA4.NET.DLL in the Brujula Toolbar (Brujula.net toolbar) allows attackers to cause a denial of service (NULL dereference and browser crash) via certain arguments.

7.1
2007-05-09 CVE-2007-2565 Cdelia Software Denial of Service vulnerability in Cdelia Software ImageProcessing Malformed BMP File

Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file.

7.1
2007-05-09 CVE-2007-0608 Advanced Guestbook Information Disclosure vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

7.1

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-13 CVE-2007-2636 Jason Frisvold Security Bypass vulnerability in PHP Todo List Manager Regular Expressions

Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/.

6.8
2007-05-13 CVE-2007-2634 Agner FOG Remote Security vulnerability in Agner FOG Aforum 1.32

PHP remote file inclusion vulnerability in common/errormsg.php in aForum 1.32 and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the header parameter.

6.8
2007-05-13 CVE-2007-2632 PHP Multi User Randomizer Cross-Site Scripting vulnerability in PHP Multi User Randomizer PHP Multi User Randomizer 2006.09.13

Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User Randomizer (phpMUR) 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via (1) the edit_plugin parameter to configure_plugin.tpl.php, or (2) certain array parameters to web/phpinfo.php, as demonstrated by 1[] or a[].

6.8
2007-05-11 CVE-2007-2627 Wordpress Cross-Site Scripting vulnerability in WordPress

Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

6.8
2007-05-11 CVE-2007-2625 Aiocp Cross-Site Scripting vulnerability in AIOCP

Cross-site scripting (XSS) vulnerability in shared/code/cp_authorization.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

6.8
2007-05-11 CVE-2007-2624 Aiocp Cross-Site Scripting vulnerability in All In One Control Panel CP_Config.PHP

Dynamic variable evaluation vulnerability in shared/config/cp_config.php in All In One Control Panel (AIOCP) before 1.3.016 allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks via the SERVER superglobal array.

6.8
2007-05-11 CVE-2007-2611 CGX Remote File Include vulnerability in CGX 20050314

Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 allow remote attackers to execute arbitrary PHP code via a URL in the pathCGX parameter to (1) mtdialogo.php, (2) ltdialogo.php, (3) login.php, and (4) logingecon.php in inc/; and multiple unspecified files in frm/, sql/, and cns/.

6.8
2007-05-11 CVE-2007-2600 Wavelink Media Cross-Site Scripting vulnerability in Tutorialcms

Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.

6.8
2007-05-09 CVE-2007-2576 East Wind Software Buffer Overflow vulnerability in East Wind Software Advdaudio.Ocx 1.5.1.1

Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value.

6.8
2007-05-09 CVE-2007-2546 Simple Machines Improper Authentication vulnerability in Simple Machines Simple Machines Forum

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.8
2007-05-08 CVE-2007-1202 Microsoft Improper Input Validation vulnerability in Microsoft Word, Word Viewer and Works

Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."

6.8
2007-05-08 CVE-2007-0220 Microsoft Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000/2003

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".

6.8
2007-05-08 CVE-2007-1214 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Excel and Excel Viewer

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.

6.8
2007-05-11 CVE-2007-2630 Activecampaign Remote Code Execution vulnerability in Activecampaign 1-2-All Broadcast Email 4.5/4.53.13

Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors.

6.5
2007-05-11 CVE-2007-2595 Rscript Unspecified vulnerability in Rscript Rsauction 2.73.1.3

RSAuction 2.73.1.3 allows remote authenticated users to move their own account status from Suspended to Active via a direct request for the activation URL that is provided at the time of account registration.

6.5
2007-05-09 CVE-2007-2537 Npds SQL Injection vulnerability in NPDS Mainfile.PHP

Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For (X_FORWARDED_FOR) HTTP header.

6.5
2007-05-11 CVE-2007-2590 Nokia Information Exposure vulnerability in Nokia products

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to (1) usrmgr/userList.asp or (2) usrmgr/userStatusList.asp.

6.4
2007-05-09 CVE-2007-2548 Turnkey WEB Tools Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."

6.4
2007-05-10 CVE-2007-2587 Cisco Multiple vulnerability in Cisco IOS FTP Server

The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).

6.3
2007-05-09 CVE-2007-2579 Acp3 Cross-Site Scripting vulnerability in Acp3 4.0Beta3

Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via (1) the form[mail] parameter to contact/contact/index.php; the (2) form[mods][] or (3) form[search_term] parameter to search/list/action_search/index.php; (4) the id parameter to modules/dl/download.php; (5) the form[cat] parameter to news/list/index.php; the (6) form[cat], (7) form[name], or (8) form[message] parameter to certain news/details/id_*/action_create/index.php files; or (9) the form[mail] parameter to newsletter/create/index.php.

5.8
2007-05-11 CVE-2007-2618 Drake Team Unspecified vulnerability in Drake Team Drake CMS 0.4.0

CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter.

5.1
2007-05-09 CVE-2007-0609 Advanced Guestbook Local File Include vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a ..

5.1
2007-05-09 CVE-2007-2510 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

5.1
2007-05-13 CVE-2007-2643 Pinkcrow Designs Local File Include vulnerability in Pinkcrow Designs Gallery Magazin 2.0

Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a ..

5.0
2007-05-13 CVE-2007-2637 Ubuntu
Moinmoin
Remote Security vulnerability in MoinMoin

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.

5.0
2007-05-11 CVE-2007-2589 Squirrelmail Cross-Site Request Forgery (CSRF) vulnerability in Squirrelmail

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.

5.0
2007-05-11 CVE-2007-0244 Debian
Poptop
Denial Of Service vulnerability in PopTop PPTP Server GRE Packet

pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.

5.0
2007-05-09 CVE-2007-2574 Archangelmgt Denial-Of-Service vulnerability in Archangelmgt Weblog 0.90.02

Directory traversal vulnerability in index.php in Archangel Weblog 0.90.02 allows remote attackers to read arbitrary files via a ..

5.0
2007-05-09 CVE-2007-2566 Taltech Denial-Of-Service vulnerability in Tal Bar Code Activex Control

The SaveBarCode function in the Taltech Tal Bar Code ActiveX control allows remote attackers to cause a denial of service (disk consumption) by uploading multiple bar codes, as demonstrated by a WSF package.

5.0
2007-05-09 CVE-2007-2560 Mentiss Acgv Local File Include vulnerability in Mentiss ACGV acgvnnu

Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2007-05-09 CVE-2007-2552 Wikkawiki Information Exposure vulnerability in Wikkawiki

The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to obtain the names, and possibly revision notes and dates, of private pages via RSS feeds.

5.0
2007-05-09 CVE-2007-2550 Devellion HTTP Response Splitting vulnerability in Devellion Cubecart 3.0.15

Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a cookie name beginning with "ccSID" to (1) cart.php or (2) index.php.

5.0
2007-05-08 CVE-2007-2525 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.21

Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel before 2.6.21-git8 allows local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

4.9
2007-05-07 CVE-2007-1861 Linux Resource Management Errors vulnerability in Linux Kernel

The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel before 2.6.20.8 allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.

4.9
2007-05-11 CVE-2007-2619 Symantec Local Information Disclosure vulnerability in Symantec Pcanywhere 11.5/11.5.1/12.0

Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login credentials for the most recent login within process memory, which allows local administrators to obtain the credentials by reading process memory, a different vulnerability than CVE-2006-3785.

4.6
2007-05-11 CVE-2007-2610 Openld Cross-Site Scripting vulnerability in OpenLD

Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and 1.1-modified before 1.1-modified3, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the Search feature, possibly the term parameter.

4.3
2007-05-11 CVE-2007-2592 Nokia Multiple vulnerability in Nokia products

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp, (b) de/create_account.asp, and other files.

4.3
2007-05-11 CVE-2007-1262 Squirrelmail Cross-Site Scripting vulnerability in Squirrelmail

Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer.

4.3
2007-05-10 CVE-2007-1280 Microsoft
Adobe
Cross-Site Scripting vulnerability in Adobe Robohelp and Robohelp Server

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a # (hash) in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and (1) whstart.js and (2) whcsh_home.htm in WebHelp, (3) wf_startpage.js and (4) wf_startqs.htm in FlashHelp, or (5) WindowManager.dll in RoboHelp Server 6.

4.3
2007-05-10 CVE-2006-7196 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.

4.3
2007-05-10 CVE-2006-7195 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.

4.3
2007-05-09 CVE-2007-2581 Microsoft Cross-Site Scripting vulnerability in Microsoft products

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.

4.3
2007-05-09 CVE-2007-2562 Kayako Cross-Site Scripting vulnerability in Kayako Esupport 3.00.90

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.

4.3
2007-05-09 CVE-2007-2555 Podium CMS Improper Authentication vulnerability in Podium CMS Podium CMS

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting (XSS).

4.3
2007-05-09 CVE-2007-0605 Advanced Guestbook Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.4.2

Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter.

4.3
2007-05-09 CVE-2007-2551 Wikkawiki Cross-Site Scripting And Information Disclosure vulnerability in WikkaWiki

Cross-site scripting (XSS) vulnerability in usersettings.php in WikkaWiki (Wikka Wiki) before 1.1.6.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

4.3
2007-05-09 CVE-2007-2547 Turnkey WEB Tools Input Validation vulnerability in Turnkey web Tools Sunshop Shopping Cart 4.0

Cross-site scripting (XSS) vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter.

4.3
2007-05-09 CVE-2007-2532 Obie Website Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.

4.3
2007-05-08 CVE-2007-2524 Otrs Cross-Site Scripting vulnerability in Otrs 2.0.4

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action.

4.3
2007-05-10 CVE-2007-2583 Mysql
Oracle
Numeric Errors vulnerability in multiple products

The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.

4.0
2007-05-09 CVE-2007-2557 Mambo Remote Security vulnerability in Mambo 4.6.1

MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-10 CVE-2007-1858 Apache Information Disclosure vulnerability in Apache Tomcat SSL Anonymous Cipher Configuration

The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.

2.6
2007-05-10 CVE-2007-1358 Apache Cross-Site Scripting vulnerability in Apache Tomcat

Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".

2.6
2007-05-09 CVE-2007-2509 PHP Improper Input Validation vulnerability in PHP

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

2.6
2007-05-11 CVE-2007-2617 SUN Local Information Disclosure vulnerability in SUN NET Connect Software 3.2.3/3.2.4

srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.

2.1
2007-05-09 CVE-2007-2580 Apple Local vulnerability in Apple Safari

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

1.9