Weekly Vulnerabilities Reports > May 14 to 20, 2007
Overview
129 new vulnerabilities reported during this period, including 21 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 157 products from 107 vendors including BEA, Linux, Apple, HP, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Use of Externally-Controlled Format String", "Resource Exhaustion", and "Information Exposure".
- 122 reported vulnerabilities are remotely exploitables.
- 40 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 114 reported vulnerabilities are exploitable by an anonymous user.
- BEA has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
21 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-18 | CVE-2007-2763 | Sienzo | Stack Buffer Overflow vulnerability in Sienzo Digital Music Mentor 2.6.0.4 Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564. | 10.0 |
2007-05-17 | CVE-2007-2755 | Precisionid Barcode | Unspecified vulnerability in Precisionid Barcode Precisionid Barcode 1.9 The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744. | 10.0 |
2007-05-17 | CVE-2007-2736 | Apple HP IBM Linux Microsoft Santa Cruz Operation SUN Windriver Achievo | Remote File Include vulnerability in Achievo 1.1.0 PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | 10.0 |
2007-05-16 | CVE-2007-1173 | Centennial Numara Symantec | Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a crafted TCP packet. | 10.0 |
2007-05-16 | CVE-2007-1689 | Symantec | Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. | 10.0 |
2007-05-16 | CVE-2007-2719 | HP | Improper Authentication vulnerability in HP Systems Insight Manager 4.2/5.0 Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie. | 10.0 |
2007-05-16 | CVE-2007-2715 | Snaps Gallery | Remote Password Change vulnerability in Snaps Gallery Snaps Gallery 1.4.4 Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action. | 10.0 |
2007-05-16 | CVE-2007-2714 | Matt Mullenweg | Unspecified vulnerability in WordPress Akismet Plugin Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors. | 10.0 |
2007-05-16 | CVE-2007-2713 | Ifusionservices | Authentication Bypass vulnerability in IFDate Administrative ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI. | 10.0 |
2007-05-16 | CVE-2007-2712 | MH Software | Unspecified vulnerability in MHSoftware Connect Daily Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors. | 10.0 |
2007-05-16 | CVE-2007-2711 | Tinyirc | Remote Buffer Overflow vulnerability in TinyIdentD Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113. | 10.0 |
2007-05-14 | CVE-2007-2446 | Samba | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samba Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). | 10.0 |
2007-05-16 | CVE-2007-2439 | Caucho Technology | Denial-Of-Service vulnerability in Resin Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to cause a denial of service (device hang) and read data from a COM or LPT device via a DOS device name with an arbitrary extension. | 9.4 |
2007-05-18 | CVE-2007-2758 | Winimage | Buffer Overflow vulnerability in Winimage 8.0.8000 Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal. | 9.3 |
2007-05-17 | CVE-2007-2741 | Littlecms | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Littlecms Lcms Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file. | 9.3 |
2007-05-16 | CVE-2007-2568 | Vcdgear | Buffer Overflow vulnerability in Vcdgear 3.55 Multiple stack-based buffer overflows in VCDGear 3.55 allow user-assisted remote attackers to execute arbitrary code via a long (1) tag or (2) track type in a CUE file. | 9.3 |
2007-05-14 | CVE-2007-2667 | DB Soft LAB | Buffer Overflow vulnerability in DB Soft LAB Vimp X 4.7.3 Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter. | 9.3 |
2007-05-14 | CVE-2007-2648 | Clever Components | Buffer Overflow vulnerability in Clever Components Clever Database Comparer 2.2 Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function. | 9.3 |
2007-05-14 | CVE-2007-2645 | Libexif | Remote Integer Overflow vulnerability in LibEXIF Exif_Data_Load_Data_Entry Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable. | 9.3 |
2007-05-14 | CVE-2007-0754 | Apple | Buffer Overflow vulnerability in Apple QuickTime MOV File STSD Heap Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie. | 9.3 |
2007-05-18 | CVE-2007-2760 | Adempiere | Remote Security vulnerability in Adempiere The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. | 9.0 |
54 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-18 | CVE-2007-2764 | Linux Brocade | Improper Input Validation vulnerability in Linux Kernel The embedded Linux kernel in certain Sun-Brocade SilkWorm switches before 20070516 does not properly handle a situation in which a non-root user creates a kernel process, which allows attackers to cause a denial of service (oops and device reboot) via unspecified vectors. | 7.8 |
2007-05-17 | CVE-2007-1693 | Yate | Improper Input Validation vulnerability in Yate YET Another Telephony Engine 1.1.0 The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using an incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter. | 7.8 |
2007-05-16 | CVE-2007-2726 | Bitscast | Remote Denial Of Service vulnerability in Bitscast 0.13.0 BitsCast 0.13.0 allows remote attackers to cause a denial of service (application crash) via an RSS 2.0 feed item with certain invalid strings in a pubDate element, as demonstrated by repeated "../A" or "A/../" patterns. | 7.8 |
2007-05-16 | CVE-2007-2722 | Newzcrawler | Remote Denial of Service vulnerability in Newzcrawler 1.8 Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service (application instability) via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence. | 7.8 |
2007-05-16 | CVE-2007-2705 | BEA | Directory Traversal vulnerability in BEA Weblogic Integration and Weblogic Workshop Directory traversal vulnerability in the Test View Console in BEA WebLogic Integration 9.2 before SP1 and WebLogic Workshop 8.1 SP2 through SP6, when "deployed in an exploded format," allows remote attackers to list a WebLogic Workshop Directory (wlwdir) parent directory via unspecified vectors. | 7.8 |
2007-05-16 | CVE-2007-2690 | ISS | Remote Security vulnerability in ISS products Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | 7.8 |
2007-05-16 | CVE-2007-2689 | Checkpoint | Remote Security vulnerability in Checkpoint web Intelligence Gold Check Point Web Intelligence does not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | 7.8 |
2007-05-16 | CVE-2007-2688 | Cisco | Unspecified vulnerability in Cisco IOS and IPS Sensor Software The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS Feature Set do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | 7.8 |
2007-05-14 | CVE-2007-2658 | ID Automation | Denial of Service vulnerability in ID Automation Linear Barcode 1.6.0.5 Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ActiveX control in IDAutomationLinear6.dll allows remote attackers to cause a denial of service via a long argument to the SaveEnhWMF method. | 7.8 |
2007-05-14 | CVE-2007-2657 | Precisionid Barcode | Denial of Service vulnerability in Precisionid Barcode Precisionid Barcode 1.3 Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method. | 7.8 |
2007-05-14 | CVE-2007-2656 | HP | Buffer Overflow vulnerability in HP Hpqvwocx.Dll 1.0.0.309 Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method. | 7.8 |
2007-05-14 | CVE-2007-2649 | T COM | Unspecified vulnerability in T-Com Speedport W 700V Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script. | 7.8 |
2007-05-14 | CVE-2007-2666 | Notepad Scintilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. | 7.6 |
2007-05-18 | CVE-2007-2762 | Build IT Fast | Remote File Include vulnerability in Build IT Fast Build IT Fast 0.4.1 Multiple PHP remote file inclusion vulnerabilities in Build it Fast (bif3) 0.4.1 allow remote attackers to execute arbitrary PHP code via a URL in (1) the pear_dir parameter to Base/Application.php, or the (2) sys_dir parameter to (a) Footer.php, (b) widget.BifContainer.php, (c) widget.BifRoot.php, (d) widget.BifRoot2.php, (e) widget.BifRoot3.php, or (f) widget.BifWarning.php in Widgets/Base/. | 7.5 |
2007-05-18 | CVE-2007-2761 | Magiciso | Stack Buffer Overflow vulnerability in Magic ISO Maker Cue File Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier allows remote attackers to execute arbitrary code via a long filename in a .cue file. | 7.5 |
2007-05-18 | CVE-2007-2759 | Adempiere | SQL-Injection vulnerability in Adempiere Multiple SQL injection vulnerabilities in the insert function in the ValuePreference class (grid/ed/ValuePreference.java) in Adempiere before 3.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) m_Attribute or (2) m_Value parameter. | 7.5 |
2007-05-18 | CVE-2007-2682 | Apple Adobe | Unspecified vulnerability in Adobe Creative Suite 3.0 The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. | 7.5 |
2007-05-17 | CVE-2007-2751 | Phpglossar | Remote File Include vulnerability in PHPglossar 0.8 Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the format_menue parameter to (1) admin/inc/change_action.php or (2) admin/inc/add.php. | 7.5 |
2007-05-17 | CVE-2007-2750 | Simpnews | SQL Injection vulnerability in SimpNews SQL injection vulnerability in print.php in SimpNews 2.40.01 and earlier allows remote attackers to execute arbitrary SQL commands via the newsnr parameter. | 7.5 |
2007-05-17 | CVE-2007-2744 | Precisionid Barcode | Buffer Overflow vulnerability in Precisionid Barcode Precisionid Barcode 1.9 Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. | 7.5 |
2007-05-17 | CVE-2007-2743 | Glossword | Remote File Include vulnerability in Glossword 1.8.1 PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter. | 7.5 |
2007-05-17 | CVE-2007-2742 | Labs Beffa ORG | Unspecified vulnerability in Labs.Beffa.Org W2Box 4.0.0Beta4 Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg. | 7.5 |
2007-05-17 | CVE-2007-2738 | Xoops | SQL Injection vulnerability in XOOPS Module Glossarie Glossaire-P-F.PHP SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action. | 7.5 |
2007-05-17 | CVE-2007-2737 | Xoops | SQL-Injection vulnerability in Xoops Myconference Module 1.0 SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2007-05-17 | CVE-2007-2735 | Touteresa | SQL Injection vulnerability in XOOPS ResManager Module Edit_day.PHP SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter. | 7.5 |
2007-05-16 | CVE-2007-2734 | 3Com | Remote Security vulnerability in 3Crx506-96 The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic. | 7.5 |
2007-05-16 | CVE-2007-2725 | DB Soft LAB | Unspecified vulnerability in DB Soft LAB Dewizardx The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function. | 7.5 |
2007-05-16 | CVE-2007-2717 | Igeneric | SQL Injection vulnerability in Igeneric IG Shop 1.4 SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the type_id[] parameter, a different vector than CVE-2005-0537. | 7.5 |
2007-05-16 | CVE-2007-2710 | Nagiosql | Remote Security vulnerability in NagiosQL PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2.00-P00 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][IT] parameter. | 7.5 |
2007-05-16 | CVE-2007-2709 | Nagiosql | Remote File Include vulnerability in Nagiosql 2005 2.00 PHP remote file inclusion vulnerability in functions/prepend_adm.php in NagiosQL 2005 2.00 allows remote attackers to execute arbitrary PHP code via a URL in the SETS[path][physical] parameter. | 7.5 |
2007-05-16 | CVE-2007-2708 | Feindt Computerservice | Remote File Include vulnerability in Feindt Computerservice News-Script 2.0 PHP remote file inclusion vulnerability in newsadmin.php in Feindt Computerservice News (News-Script) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | 7.5 |
2007-05-16 | CVE-2007-2706 | Geeklog | Remote File Include vulnerability in Geeklog Media Gallery Ftpmedia.PHP PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter. | 7.5 |
2007-05-15 | CVE-2007-2681 | B2Evolution | File-Upload vulnerability in B2Evolution 1.6 Directory traversal vulnerability in blogs/index.php in b2evolution 1.6 allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-05-15 | CVE-2007-2678 | Netsprint | Remote Security vulnerability in Netsprint Toolbar 1.1 Buffer overflow in the isChecked function in toolbar.dll in Netsprint Toolbar 1.1 might allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-05-14 | CVE-2007-2677 | Phpchess | Remote File Include vulnerability in PHPchess 2.0 Multiple PHP remote file inclusion vulnerabilities in phpChess Community Edition 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the config parameter to includes/language.php, or the Root_Path parameter to (2) layout_admin_cfg.php, (3) layout_cfg.php, or (4) layout_t_top.php in skins/phpchess/. | 7.5 |
2007-05-14 | CVE-2007-2676 | Open Translation Engine | Remote File Include vulnerability in Open Translation Engine Open Translation Engine 0.7.8 PHP remote file inclusion vulnerability in skins/header.php in Open Translation Engine (OTE) 0.7.8 allows remote attackers to execute arbitrary PHP code via a URL in the ote_home parameter. | 7.5 |
2007-05-14 | CVE-2007-2675 | PRE Projects | SQL Injection vulnerability in PRE Projects PRE Classifieds Listings 1.0 SQL injection vulnerability in search.php in Pre Classifieds Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
2007-05-14 | CVE-2007-2674 | PRE Projects | SQL Injection vulnerability in PRE Projects PRE Shopping Mall 1.0 SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | 7.5 |
2007-05-14 | CVE-2007-2673 | Censura | SQL Injection vulnerability in Censura 1.15.04 SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | 7.5 |
2007-05-14 | CVE-2007-2672 | Thinc4Orce Marketing Group | SQL Injection vulnerability in Thinc4Orce Marketing Group PHP Coupon Script 3.0 SQL injection vulnerability in index.php in PHP Coupon Script 3.0 allows remote attackers to execute arbitrary SQL commands via the bus parameter in a viewbus page. | 7.5 |
2007-05-14 | CVE-2007-2665 | PHP Firstpost | Remote File Include vulnerability in PHP Firstpost PHP Firstpost 0.1 PHP remote file inclusion vulnerability in block.php in PhpFirstPost 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the Include parameter. | 7.5 |
2007-05-14 | CVE-2007-2664 | Tomasz Rekawek | Remote Security vulnerability in Yet Another Asterisk Panel PHP remote file inclusion vulnerability in includes/common.php in Yaap 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter, possibly related to the __autoload function. | 7.5 |
2007-05-14 | CVE-2007-2663 | Beacon | Remote File Include vulnerability in Beacon 0.2.0 PHP remote file inclusion vulnerability in language/1/splash.lang.php in Beacon 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the languagePath parameter. | 7.5 |
2007-05-14 | CVE-2007-2662 | Efestech Haber | SQL Injection vulnerability in Efestech Haber Efestech Haber 5.0 SQL injection vulnerability in EfesTECH Haber 5.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to the top-level URI. | 7.5 |
2007-05-14 | CVE-2007-2661 | Drumster | SQL Injection vulnerability in Drumster Blogme 3.0 SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows remote attackers to execute arbitrary SQL commands via the var parameter, a different vector than CVE-2006-5976. | 7.5 |
2007-05-14 | CVE-2007-2655 | Netwin | USE of Externally-Controlled Format String vulnerability in Netwin Surgemail and Webmail Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | 7.5 |
2007-05-14 | CVE-2007-2652 | Free SA | Buffer Overflow vulnerability in Free-SA Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. | 7.5 |
2007-05-14 | CVE-2007-2651 | Voodoo Circle | Remote vulnerability in VooDoo CIrcle Server Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets. | 7.5 |
2007-05-18 | CVE-2007-2766 | Backup Manager | Credentials Management vulnerability in Backup Manager Backup Manager lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh. | 7.2 |
2007-05-16 | CVE-2007-2730 | Microsoft Checkpoint Comodo | Local Security vulnerability in Comodo Firewall Pro Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | 7.2 |
2007-05-16 | CVE-2007-2729 | Comodo | Local Security vulnerability in Comodo Firewall PRO and Comodo Personal Firewall Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier. | 7.2 |
2007-05-14 | CVE-2007-2444 | Samba Debian Canonical | Improper Privilege Management vulnerability in multiple products Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | 7.2 |
2007-05-16 | CVE-2007-2699 | BEA | File-Upload vulnerability in Weblogic Server 9.0/9.1 The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files. | 7.1 |
2007-05-14 | CVE-2007-2671 | Mozilla | Denial of Service vulnerability in Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. | 7.1 |
48 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-18 | CVE-2007-2765 | AC Zoom | Remote Denial of Service vulnerability in BlockHosts blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression, a related issue to CVE-2006-6301. | 6.8 |
2007-05-18 | CVE-2007-2757 | Dean J Robinson | Cross-Site Scripting vulnerability in Dean J Robinson Redoable 1.2 Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php. | 6.8 |
2007-05-17 | CVE-2007-2740 | Xajax | Cross-Site Scripting vulnerability in Xajax Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS. | 6.8 |
2007-05-16 | CVE-2007-2732 | Jetbox | Cross-Site Scripting vulnerability in Jetbox CMS 2.1 Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/. | 6.8 |
2007-05-16 | CVE-2007-2716 | Eqdkp | Cross-Site Scripting vulnerability in EQDKP Show Variable Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c and earlier allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) listmembers.php and (2) stats.php. | 6.8 |
2007-05-16 | CVE-2007-2707 | Linksnet | Remote File Include vulnerability in Linksnet Newsfeed 1.0 PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php in Linksnet Newsfeed 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dirpath_linksnet_newsfeed parameter. | 6.8 |
2007-05-16 | CVE-2007-2696 | BEA | Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1 The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through SP6, and 8.1 through SP5 enforces security access policies on the front end, which allows remote attackers to access protected queues via direct requests to the JMS back-end server. | 6.8 |
2007-05-15 | CVE-2007-2679 | Simple PHP Scripts Gallery | Remote File Include vulnerability in Simple PHP Scripts Gallery Simple PHP Scripts Gallery 0.3 PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. | 6.8 |
2007-05-14 | CVE-2007-2668 | Webdesproxy | Buffer Errors vulnerability in Webdesproxy 0.0.1 Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c. | 6.8 |
2007-05-14 | CVE-2007-2646 | Yenc32 | Buffer Overflow vulnerability in Yenc32 1.0.7.207 Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted remote attackers to execute arbitrary code via a long filename in an NTX file. | 6.8 |
2007-05-14 | CVE-2007-1902 | Sonicbb | SQL Injection vulnerability in Sonicbb 1.0 Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) part and (2) by parameters to (a) search.php, or the (2) id parameter to (b) viewforum.php. | 6.8 |
2007-05-14 | CVE-2007-2647 | Monalbum | Unspecified vulnerability in Monalbum 0.8.7 Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter. | 6.5 |
2007-05-17 | CVE-2007-2752 | Runawaysoft | SQL Injection vulnerability in Runawaysoft Haber Portal 1.0 SQL injection vulnerability in devami.asp in RunawaySoft Haber portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.4 |
2007-05-16 | CVE-2007-2733 | Jetbox | Unspecified vulnerability in Jetbox CMS 2.1 Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. | 6.0 |
2007-05-16 | CVE-2007-2692 | Mysql Oracle | Privilege Escalation vulnerability in MySQL Security Invoker The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. | 6.0 |
2007-05-14 | CVE-2007-2447 | Samba | Remote Shell Command Execution vulnerability in Samba MS-RPC The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. | 6.0 |
2007-05-16 | CVE-2007-1898 | Apple HP Linux Microsoft Santa Cruz Operation SUN Windriver Jetbox | Unspecified vulnerability in Jetbox CMS 2.1 formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | 5.8 |
2007-05-16 | CVE-2007-2723 | MPC HC | Divide By Zero vulnerability in Mpc-Hc Media Player Classic 6.4.9.0 Media Player Classic 6.4.9.0 allows user-assisted remote attackers to cause a denial of service (web browser crash) via an "empty" .MPA file, which triggers a divide-by-zero error. | 5.5 |
2007-05-16 | CVE-2007-2704 | BEA | Denial-Of-Service vulnerability in BEA Weblogic Server 9.0/9.1/9.2 BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a denial of service (SSL port unavailability) by accessing a half-closed SSL socket. | 5.4 |
2007-05-16 | CVE-2007-2697 | BEA | Denial-Of-Service vulnerability in Weblogic Server The embedded LDAP server in BEA WebLogic Express and WebLogic Server 7.0 through SP6, 8.1 through SP5, 9.0, and 9.1, when in certain configurations, does not limit or audit failed authentication attempts, which allows remote attackers to more easily conduct brute-force attacks against the administrator password, or flood the server with login attempts and cause a denial of service. | 5.1 |
2007-05-16 | CVE-2007-2695 | BEA | Remote Security vulnerability in Weblogic Server The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0, and 9.1, when SecureProxy is enabled, may process "external requests on behalf of a system identity," which allows remote attackers to access administrative data or functionality. | 5.1 |
2007-05-17 | CVE-2007-2753 | Runawaysoft | Information Disclosure vulnerability in Runawaysoft Haber Portal 1.0 RunawaySoft Haber portal 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/xice.mdb. | 5.0 |
2007-05-17 | CVE-2007-2749 | Faqengine | SQL Injection vulnerability in FAQEngine Question.PHP SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action. | 5.0 |
2007-05-17 | CVE-2007-2747 | Rdiffweb | Directory Traversal vulnerability in rdiffWeb Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-05-16 | CVE-2007-2445 | Linux PNG Reference Library | Remote Denial of Service vulnerability in Libpng Library The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. | 5.0 |
2007-05-16 | CVE-2007-2441 | Caucho Technology | Information Disclosure vulnerability in Caucho Resin Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to obtain the system path via certain URLs associated with (1) deploying web applications or (2) displaying .xtp files. | 5.0 |
2007-05-16 | CVE-2007-2440 | Caucho Technology | Information Disclosure vulnerability in Caucho Resin Directory traversal vulnerability in Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for Windows allows remote attackers to read certain files via a .. | 5.0 |
2007-05-16 | CVE-2007-2698 | BEA | Remote Security vulnerability in BEA Weblogic Server 9.0 The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information. | 5.0 |
2007-05-14 | CVE-2007-2659 | Bugada Andrea | Directory Traversal vulnerability in Bugada Andrea PHP Advanced Transfer Manager 1.30 Directory traversal vulnerability in index.php in PHP Advanced Transfer Manager (phpATM) 1.30 allows remote attackers to read arbitrary files and obtain script source code via a .. | 5.0 |
2007-05-14 | CVE-2007-0689 | Mybb | Information Disclosure vulnerability in MyBB MyBB 1.2.4 allows remote attackers to obtain sensitive information via the (1) action[] parameter to member.php, (2) imagehash[] parameter to captcha.php, and (3) a direct request to inc/datahandlers/event.php, which reveal the installation path in the resulting error message. | 5.0 |
2007-05-16 | CVE-2007-2691 | Mysql Debian Canonical | MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. | 4.9 |
2007-05-16 | CVE-2007-2701 | BEA | Security Bypass vulnerability in BEA Weblogic Server 7.0/8.1 The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 through Service Pack 6, when configured without a username and password, or when the connection URL is not defined, allows remote attackers to bypass the security access policy and "send unauthorized messages to a protected queue." The vendor has released a product update to address this issue: ftp://anonymous:dev2dev%[email protected]/pub/releases/security/CR281022_81sp6_rarfiles.jar | 4.6 |
2007-05-14 | CVE-2007-2654 | Suse Xfsdump | Race Condition vulnerability in multiple products xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems. | 4.4 |
2007-05-18 | CVE-2007-2756 | Libgd | Denial of Service vulnerability in Libgd 2.0.34 The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng. | 4.3 |
2007-05-17 | CVE-2007-2748 | PHP | Information Exposure vulnerability in PHP The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375. | 4.3 |
2007-05-17 | CVE-2007-2745 | Vdesk | Cross-Site Scripting vulnerability in Vdesk Webmail 4.03 Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |
2007-05-17 | CVE-2007-2739 | Xajax | Unspecified vulnerability in Xajax Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-05-16 | CVE-2007-2724 | Fotolog | Cross-Site Scripting vulnerability in Fotolog Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter. | 4.3 |
2007-05-16 | CVE-2007-2720 | Group Office | Security Bypass vulnerability in Group-Office Groupware 2.16.12 Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. | 4.3 |
2007-05-16 | CVE-2007-2718 | Microsoft Stalker | Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. | 4.3 |
2007-05-16 | CVE-2007-2694 | BEA | Cross-Site Scripting vulnerability in Weblogic Server Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-05-15 | CVE-2007-2680 | Canon | Cross Site Scripting vulnerability in Canon products Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-05-14 | CVE-2007-2670 | Globalmegacorp | Cross-Site Scripting vulnerability in PHPChain PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations. | 4.3 |
2007-05-14 | CVE-2007-2669 | Globalmegacorp | Cross-Site Scripting vulnerability in PHPChain Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. | 4.3 |
2007-05-14 | CVE-2007-2650 | Clamav Debian | Resource Exhaustion vulnerability in multiple products The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | 4.3 |
2007-05-14 | CVE-2007-1901 | Sonicbb | Information Disclosure vulnerability in Sonicbb 1.0 SonicBB 1.0 allows remote attackers to obtain sensitive information via the (1) by[] parameter to search.php, (2) p[] parameter to viewforum.php, and the (3) id parameter to (a) viewforum.php or (b) members.php, which reveal the installation path in the resulting error message. | 4.3 |
2007-05-16 | CVE-2007-2731 | Jetbox | Unspecified vulnerability in Jetbox CMS 2.1 CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898. | 4.0 |
2007-05-16 | CVE-2007-2700 | BEA | Information Disclosure vulnerability in Weblogic Server 9.0/9.1 The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensitive information. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-16 | CVE-2007-2703 | Oracle | Remote Security vulnerability in Oracle Weblogic Portal 9.2 BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources. | 3.6 |
2007-05-17 | CVE-2007-2746 | Plain Black | Information Disclosure vulnerability in Webgui The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact. | 3.5 |
2007-05-16 | CVE-2007-2702 | Oracle | Cross-Site Scripting vulnerability in Oracle Weblogic Portal 9.2 Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor. | 3.5 |
2007-05-16 | CVE-2007-2693 | Mysql Oracle | Information Disclosure vulnerability in MySQL Alter Table Function MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement. | 3.5 |
2007-05-15 | CVE-2007-2683 | Mutt | Local Buffer Overflow vulnerability in Mutt 1.4.2 Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | 3.5 |
2007-05-14 | CVE-2007-1903 | Sonicbb | Cross-Site Scripting vulnerability in Sonicbb 1.0 Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter. | 2.6 |