Weekly Vulnerabilities Reports > May 21 to 27, 2007
Overview
97 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 75 vendors including Apple, Alstrasoft, Lead Technologies, Jetbox, and Madwifi. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Information Exposure", "Code Injection", and "Use of Externally-Controlled Format String".
- 94 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 94 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-05-24 | CVE-2007-2390 | Apple | Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9 Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | 10.0 |
| 2007-05-24 | CVE-2007-2853 | H H | Remote Command Execution vulnerability in H+H Software Virtual CD VC9API.DLL ActiveX The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function. | 10.0 |
| 2007-05-24 | CVE-2007-2850 | Citrix | Security Bypass vulnerability in MetaFrame The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string. | 10.0 |
| 2007-05-24 | CVE-2007-2849 | Knowledgetree Document Management | Security Bypass vulnerability in Knowledgetree Document Management Knowledgetree Document Management 3.3.3 KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check. | 10.0 |
| 2007-05-24 | CVE-2007-2848 | SKY Software | Buffer Overflow vulnerability in SKY Software Shcombobox Activex Control and Shell Megapack Activex Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. | 10.0 |
| 2007-05-24 | CVE-2007-2843 | Apple | Information Disclosure vulnerability in Apple Safari 2.0.4 Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | 10.0 |
| 2007-05-24 | CVE-2007-0448 | PHP | Unspecified vulnerability in PHP 5.2.0 The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | 10.0 |
| 2007-05-24 | CVE-2007-2831 | Madwifi | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Madwifi Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value. | 10.0 |
| 2007-05-24 | CVE-2007-2687 | Microworld Technologies | Remote Buffer Overflow vulnerability in Microworld Technologies Escan 9.0.715.1 Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command. | 10.0 |
| 2007-05-22 | CVE-2007-2824 | Alstrasoft | SQL Injection vulnerability in AlstraSoft E-Friends Pack Parameter SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. | 10.0 |
| 2007-05-22 | CVE-2007-2815 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Information Services 5.0 The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw. | 10.0 |
| 2007-05-22 | CVE-2007-2810 | Gazi Download Portal | SQL Injection vulnerability in Gazi Download Portal Down_Indir.ASP SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 10.0 |
| 2007-05-22 | CVE-2007-2791 | HP | Unspecified vulnerability in HP Tru64 5.1B3/5.1B4 Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout. | 10.0 |
| 2007-05-21 | CVE-2007-2783 | Rational Software | Authentication Bypass vulnerability in Rational Software Hidden Administrator Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. | 10.0 |
| 2007-05-21 | CVE-2007-2776 | Alstrasoft | Multiple vulnerability in AlstraSoft Template Seller Pro AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php. | 10.0 |
| 2007-05-21 | CVE-2007-2775 | Alstrasoft | Unspecified vulnerability in Alstrasoft Live Support 1.21 AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php. | 10.0 |
| 2007-05-24 | CVE-2007-2386 | Apple | Multiple Security vulnerability in Apple Mac OS X 2007-005 Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | 9.4 |
| 2007-05-25 | CVE-2007-2865 | Phppgadmin | Cross-Site Scripting vulnerability in PHPpgadmin 4.1.1 Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter. | 9.3 |
| 2007-05-24 | CVE-2007-0750 | Apple | Multiple Security vulnerability in Apple Mac OS X 2007-005 Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | 9.3 |
| 2007-05-24 | CVE-2007-2856 | Dart Microsoft | Buffer Errors vulnerability in Dart Powertcp ZIP Compression 1.8.5.3 Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855. | 9.3 |
| 2007-05-24 | CVE-2007-2855 | Dart | Buffer Errors vulnerability in Dart Ziplite Compression 1.8.5.3 Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856. | 9.3 |
| 2007-05-24 | CVE-2007-2852 | Eset Software | Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 2.70.37.0 Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name. | 9.3 |
| 2007-05-24 | CVE-2007-2847 | Hlstats | Cross-Site Scripting vulnerability in HLstats Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812. | 9.3 |
| 2007-05-24 | CVE-2007-2846 | Avas T Avast | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around." | 9.3 |
| 2007-05-24 | CVE-2007-2845 | Avast | Remote Heap Overflow vulnerability in Avast! Managed Client CAB File Handling Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around". | 9.3 |
| 2007-05-24 | CVE-2007-2844 | PHP | Authentication Bypass vulnerability in PHP Crypt Function PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access. | 9.3 |
| 2007-05-22 | CVE-2007-2827 | Lead Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lead Technologies Leadtools Isis Activex Control Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property. | 9.3 |
| 2007-05-22 | CVE-2007-2822 | Wavelink Media | Security Bypass vulnerability in Tutorialcms TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php. | 9.3 |
| 2007-05-22 | CVE-2007-2809 | Opera | Classic Buffer Overflow vulnerability in Opera Browser Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. | 9.3 |
| 2007-05-21 | CVE-2007-2771 | Lead Technologies | Buffer Overflow vulnerability in Lead Technologies Leadtools Jpeg 2000 14.5.0.35 Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property. | 9.3 |
| 2007-05-21 | CVE-2007-2770 | Qualcomm | Remote Security vulnerability in Qualcomm Eudora 7.1 Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. | 9.3 |
31 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-05-22 | CVE-2007-2813 | Cisco | Denial Of Service vulnerability in Cisco IOS SSL Packets Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session. | 7.8 |
| 2007-05-21 | CVE-2007-2784 | Globus | Denial of Service vulnerability in Globus Toolkit Nexus Globus-Job-Manager Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications. | 7.8 |
| 2007-05-21 | CVE-2007-2778 | Molyx | Local File Include vulnerability in Molyx Board 2.5.0 Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. | 7.8 |
| 2007-05-21 | CVE-2007-2772 | CA | Denial-Of-Service vulnerability in CA Brightstor Arcserve Backup 11.5.2.0 (1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet. | 7.8 |
| 2007-05-21 | CVE-2007-2767 | Opendap | Information Disclosure vulnerability in OPeNDAP BES File System Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors. | 7.8 |
| 2007-05-25 | CVE-2007-2866 | Phpecho CMS | SQL-Injection vulnerability in PHPEcho CMS Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. | 7.5 |
| 2007-05-24 | CVE-2007-2862 | Devellion | SQL Injection vulnerability in Devellion Cubecart 3.0.16 Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification. | 7.5 |
| 2007-05-24 | CVE-2007-2861 | Saxon | Remote Security vulnerability in Saxon 4.6 Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php. | 7.5 |
| 2007-05-24 | CVE-2007-2859 | Simpgb | Remote Security vulnerability in Simpgb 1.46.0 Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts. | 7.5 |
| 2007-05-24 | CVE-2007-2857 | Zakkis Technology Corporation | Remote File Include vulnerability in ABC Excel Parser Pro Parser_Path PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter. | 7.5 |
| 2007-05-24 | CVE-2007-2854 | BTI Tracker | SQL Injection vulnerability in BTITracker Account_Change.PHP Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter. | 7.5 |
| 2007-05-24 | CVE-2007-2851 | Lead Technologies | Unspecified vulnerability in Lead Technologies Leadtools Raster Variant Object Library 14.5.0.44 A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method. | 7.5 |
| 2007-05-22 | CVE-2007-2826 | Madirish Webmail | Code Injection vulnerability in Madirish Webmail Madirish Webmail 2.0 PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. | 7.5 |
| 2007-05-22 | CVE-2007-2821 | Wordpress | SQL Injection vulnerability in Wordpress Admin-Ajax.PHP SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. | 7.5 |
| 2007-05-22 | CVE-2007-2820 | Ksign | Buffer Overflow vulnerability in Ksign Ksignswat 2.0.3.3 Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions. | 7.5 |
| 2007-05-22 | CVE-2007-2817 | OL Bookmarks | SQL-Injection vulnerability in OL Bookmarks OL Bookmarks 0.7.4 SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-05-22 | CVE-2007-2816 | OL Bookmarks | Code Injection vulnerability in OL Bookmarks OL Bookmarks 0.7.4 Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/. | 7.5 |
| 2007-05-22 | CVE-2007-2814 | Pegasus | Buffer Overflow vulnerability in Pegasus Imagn Activex Control 4.00.041 Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions. | 7.5 |
| 2007-05-22 | CVE-2007-2803 | Vizayn Urun | SQL Injection vulnerability in Vizayn Urun Tanitim Sitesi 0.2 SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | 7.5 |
| 2007-05-22 | CVE-2007-2793 | Geeklog | Remote File Include vulnerability in Geeklog 2.X PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter. | 7.5 |
| 2007-05-22 | CVE-2007-2792 | COM Yanc | SQL Injection vulnerability in COM Yanc COM Yanc 1.4Beta SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. | 7.5 |
| 2007-05-21 | CVE-2007-2787 | Lead Technologies | Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Thumbnail Object Library 14.5.0.44 Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument. | 7.5 |
| 2007-05-21 | CVE-2007-2782 | Packeteer | Unspecified vulnerability in Packeteer Packetshaper 7.3.0G2/7.5.0G1 Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption. | 7.5 |
| 2007-05-21 | CVE-2007-2779 | Libstats | Remote File Include vulnerability in Libstats Template_CSV.PHP PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. | 7.5 |
| 2007-05-21 | CVE-2007-2777 | Alstrasoft | Multiple vulnerability in AlstraSoft Template Seller Pro Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/. | 7.5 |
| 2007-05-21 | CVE-2007-2774 | Sunlight CMS | Remote File Include vulnerability in Sunlight CMS Sunlight CMS 5.3 Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php. | 7.5 |
| 2007-05-21 | CVE-2007-2773 | Zomplog | SQL Injection vulnerability in Zomplog Mp3playlist.PHP SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter. | 7.5 |
| 2007-05-21 | CVE-2007-2769 | Opendap | Remote Command Execution vulnerability in OPeNDAP BES Compressed Files BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. | 7.5 |
| 2007-05-21 | CVE-2007-2685 | Jetbox | SQL Injection vulnerability in Jetbox CMS 2.1 Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter. | 7.5 |
| 2007-05-24 | CVE-2007-0753 | Apple | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | 7.2 |
| 2007-05-24 | CVE-2007-0752 | Apple | Multiple Security vulnerability in Apple Mac OS X 2007-005 The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | 7.2 |
34 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-05-24 | CVE-2007-0740 | Apple | Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9 Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. | 6.8 |
| 2007-05-22 | CVE-2007-2823 | HT Editor | Remote Buffer Overflow vulnerability in HT Editor HT Editor 0.5.0/0.8.0 Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. | 6.8 |
| 2007-05-22 | CVE-2007-2807 | Eggheads | Remote Buffer Overflow vulnerability in Eggdrop Server Module Message Handling Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. | 6.8 |
| 2007-05-22 | CVE-2007-2519 | PHP Group | Unspecified vulnerability in PHP Group Pear Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. | 6.8 |
| 2007-05-22 | CVE-2007-2790 | VP ASP | Cross-Site Scripting vulnerability in Vp-Asp Shopping Cart Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 6.8 |
| 2007-05-22 | CVE-2007-2788 | SUN | Numeric Errors vulnerability in SUN Jdk, JRE and SDK Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. | 6.8 |
| 2007-05-21 | CVE-2007-2785 | Esyndicat | Remote Security vulnerability in Esyndicat PRO 1.X manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action. | 6.8 |
| 2007-05-21 | CVE-2007-2781 | Wikyblog | Cross-Site Scripting vulnerability in WikyBlog Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element. | 6.8 |
| 2007-05-24 | CVE-2007-2860 | Boastmachine | Unspecified vulnerability in Boastmachine 3.0 user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action. | 6.5 |
| 2007-05-24 | CVE-2007-2858 | Phpbb | SQL-Injection vulnerability in Ip-Tracking SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field. | 6.5 |
| 2007-05-22 | CVE-2007-2828 | Johntp | Cross-Site Request Forgery vulnerability in Adsense-Deluxe Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors. | 6.0 |
| 2007-05-22 | CVE-2007-2806 | Galix | Cross-Site Scripting vulnerability in Galix 2.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters. | 5.8 |
| 2007-05-23 | CVE-2007-2799 | File Sleuth KIT | Numeric Errors vulnerability in multiple products Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement. | 5.1 |
| 2007-05-24 | CVE-2007-2830 | Madwifi | Denial of Service vulnerability in MadWifi The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error. | 5.0 |
| 2007-05-24 | CVE-2007-2829 | Madwifi | Denial of Service vulnerability in MadWifi The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference. | 5.0 |
| 2007-05-24 | CVE-2006-7205 | PHP Group | Denial-Of-Service vulnerability in PHP Group PHP 4.4.2/5.1.2 The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | 5.0 |
| 2007-05-22 | CVE-2006-3894 | Dell | Unspecified vulnerability in Dell Bsafe Cert-C and Bsafe Crypto-C The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects. | 5.0 |
| 2007-05-21 | CVE-2007-2786 | Ircd Ratbox | Denial Of Service vulnerability in IRCD RatBox Pending Connections Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client. | 5.0 |
| 2007-05-21 | CVE-2007-2780 | Psychostats | Information Exposure vulnerability in Psychostats PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message. | 5.0 |
| 2007-05-21 | CVE-2007-2684 | Jetbox | SQL-Injection vulnerability in Jetbox CMS 2.1 Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message. | 5.0 |
| 2007-05-24 | CVE-2007-2832 | Cisco | Cross-Site Scripting vulnerability in Cisco CallManager Search Form Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors. | 4.3 |
| 2007-05-22 | CVE-2007-2825 | Atmail | Cross-Site Scripting vulnerability in @Mail Links/Images Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. | 4.3 |
| 2007-05-22 | CVE-2007-2819 | Track | Cross-Site Scripting vulnerability in Track+ ReportItem.DO Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. | 4.3 |
| 2007-05-22 | CVE-2007-2818 | Cactusoft | Cross-Site Scripting vulnerability in Cactusoft Parodia Cand_Login.ASP Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. | 4.3 |
| 2007-05-22 | CVE-2007-2812 | Hlstats | Cross-Site Scripting vulnerability in HLstats Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. | 4.3 |
| 2007-05-22 | CVE-2007-2811 | OSK | Cross-Site Scripting vulnerability in OSK Advance-Flow Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-05-22 | CVE-2007-2808 | GNU Yngve Svendsen | Cross-Site Scripting vulnerability in GNU GNATS Gnatsweb.PL Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. | 4.3 |
| 2007-05-22 | CVE-2007-2805 | Clientexec | Cross-Site Scripting vulnerability in ClientExec Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters. | 4.3 |
| 2007-05-22 | CVE-2007-2804 | Candypress | Cross-Site Scripting vulnerability in CandyPress Store ProdList.ASP Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. | 4.3 |
| 2007-05-22 | CVE-2007-2802 | RM | Cross-Site Scripting vulnerability in Rm Easymail Plus Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter. | 4.3 |
| 2007-05-22 | CVE-2007-2686 | Jetbox | Cross-Site Scripting vulnerability in Jetbox CMS 2.1 Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. | 4.3 |
| 2007-05-22 | CVE-2007-2789 | SUN | Resource Management Errors vulnerability in SUN Jdk, JRE and SDK The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. | 4.3 |
| 2007-05-21 | CVE-2007-2768 | Openbsd Netapp | Information Exposure vulnerability in multiple products OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243. | 4.3 |
| 2007-05-21 | CVE-2007-1355 | Apache | Cross-Site Scripting vulnerability in Apache Tomcat Documentation Sample Application Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors. | 4.3 |
1 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-05-24 | CVE-2007-0751 | Apple | Multiple Security vulnerability in Apple Mac OS X 2007-005 A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | 2.1 |