Weekly Vulnerabilities Reports > May 21 to 27, 2007

Overview

99 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 97 products from 75 vendors including Apple, Alstrasoft, Lead Technologies, PHP, and Jetbox. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Numeric Errors", "Information Exposure", "Code Injection", and "Use of Externally-Controlled Format String".

  • 95 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 96 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-24 CVE-2007-2390 Apple Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9

Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

10.0
2007-05-24 CVE-2007-2853 H H Remote Command Execution vulnerability in H+H Software Virtual CD VC9API.DLL ActiveX

The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.

10.0
2007-05-24 CVE-2007-2850 Citrix Security Bypass vulnerability in MetaFrame

The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.

10.0
2007-05-24 CVE-2007-2849 Knowledgetree Document Management Security Bypass vulnerability in Knowledgetree Document Management Knowledgetree Document Management 3.3.3

KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.

10.0
2007-05-24 CVE-2007-2848 SKY Software Buffer Overflow vulnerability in SKY Software Shcombobox Activex Control and Shell Megapack Activex

Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument.

10.0
2007-05-24 CVE-2007-2843 Apple Information Disclosure vulnerability in Apple Safari 2.0.4

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.

10.0
2007-05-24 CVE-2007-0448 PHP Unspecified vulnerability in PHP 5.2.0

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

10.0
2007-05-24 CVE-2007-2831 Madwifi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Madwifi

Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.

10.0
2007-05-24 CVE-2007-2687 Microworld Technologies Remote Buffer Overflow vulnerability in Microworld Technologies Escan 9.0.715.1

Stack-based buffer overflow in the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan before 9.0.718.1 allows remote attackers to execute arbitrary code via a long command.

10.0
2007-05-22 CVE-2007-2824 Alstrasoft SQL Injection vulnerability in AlstraSoft E-Friends Pack Parameter

SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.

10.0
2007-05-22 CVE-2007-2815 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Information Services 5.0

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

10.0
2007-05-22 CVE-2007-2810 Gazi Download Portal SQL Injection vulnerability in Gazi Download Portal Down_Indir.ASP

SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

10.0
2007-05-22 CVE-2007-2791 HP Unspecified vulnerability in HP Tru64 5.1B3/5.1B4

Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.

10.0
2007-05-21 CVE-2007-2783 Rational Software Authentication Bypass vulnerability in Rational Software Hidden Administrator

Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors.

10.0
2007-05-21 CVE-2007-2776 Alstrasoft Multiple vulnerability in AlstraSoft Template Seller Pro

AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.

10.0
2007-05-21 CVE-2007-2775 Alstrasoft Unspecified vulnerability in Alstrasoft Live Support 1.21

AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.

10.0
2007-05-24 CVE-2007-2386 Apple Multiple Security vulnerability in Apple Mac OS X 2007-005

Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

9.4
2007-05-25 CVE-2007-2865 Phppgadmin Cross-Site Scripting vulnerability in PHPpgadmin 4.1.1

Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

9.3
2007-05-24 CVE-2007-0750 Apple Multiple Security vulnerability in Apple Mac OS X 2007-005

Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.

9.3
2007-05-24 CVE-2007-2856 Dart
Microsoft
Buffer Errors vulnerability in Dart Powertcp ZIP Compression 1.8.5.3

Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.

9.3
2007-05-24 CVE-2007-2855 Dart Buffer Errors vulnerability in Dart Ziplite Compression 1.8.5.3

Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.

9.3
2007-05-24 CVE-2007-2852 Eset Software Buffer Overflow vulnerability in Eset Software Nod32 Antivirus 2.70.37.0

Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.

9.3
2007-05-24 CVE-2007-2847 Hlstats Cross-Site Scripting vulnerability in HLstats

Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.

9.3
2007-05-24 CVE-2007-2846 Avas T
Avast
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around."

9.3
2007-05-24 CVE-2007-2845 Avast Remote Heap Overflow vulnerability in Avast! Managed Client CAB File Handling

Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".

9.3
2007-05-24 CVE-2007-2844 PHP Authentication Bypass vulnerability in PHP Crypt Function

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

9.3
2007-05-22 CVE-2007-2827 Lead Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lead Technologies Leadtools Isis Activex Control

Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property.

9.3
2007-05-22 CVE-2007-2822 Wavelink Media Security Bypass vulnerability in Tutorialcms

TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.

9.3
2007-05-22 CVE-2007-2809 Opera Software Buffer Overflow vulnerability in Opera Web Browser Torrent File Handling

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file.

9.3
2007-05-21 CVE-2007-2771 Lead Technologies Buffer Overflow vulnerability in Lead Technologies Leadtools Jpeg 2000 14.5.0.35

Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.

9.3
2007-05-21 CVE-2007-2770 Qualcomm Remote Security vulnerability in Qualcomm Eudora 7.1

Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply.

9.3

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-22 CVE-2007-2813 Cisco Denial Of Service vulnerability in Cisco IOS SSL Packets

Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished message during an SSL session.

7.8
2007-05-21 CVE-2007-2784 Globus Denial of Service vulnerability in Globus Toolkit Nexus Globus-Job-Manager

Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.

7.8
2007-05-21 CVE-2007-2778 Molyx Local File Include vulnerability in Molyx Board 2.5.0

Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a ..

7.8
2007-05-21 CVE-2007-2772 CA Denial-Of-Service vulnerability in CA Brightstor Arcserve Backup 11.5.2.0

(1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and rwxdr.dll) in CA BrightStor Backup 11.5.2.0 SP2 allow remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted RPC packet.

7.8
2007-05-21 CVE-2007-2767 Opendap Information Disclosure vulnerability in OPeNDAP BES File System

Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 allows remote attackers to list filesystem contents and obtain sensitive information via unknown vectors.

7.8
2007-05-25 CVE-2007-2866 Phpecho CMS SQL-Injection vulnerability in PHPEcho CMS

Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters.

7.5
2007-05-24 CVE-2007-2862 Devellion SQL Injection vulnerability in Devellion Cubecart 3.0.16

Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.

7.5
2007-05-24 CVE-2007-2861 Saxon Remote Security vulnerability in Saxon 4.6

Multiple PHP remote file inclusion vulnerabilities in Simple Accessible XHTML Online News (SAXON) 4.6 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) news.php, (2) preview.php, or (3) archive-display.php.

7.5
2007-05-24 CVE-2007-2859 Simpgb Remote Security vulnerability in Simpgb 1.46.0

Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php, (2) search.php, (3) mailer.php, (4) avatars.php, (5) ccode.php, (6) comments.php, (7) emoticons.php, (8) gbdownload.php, and possibly other PHP scripts.

7.5
2007-05-24 CVE-2007-2857 Zakkis Technology Corporation Remote File Include vulnerability in ABC Excel Parser Pro Parser_Path

PHP remote file inclusion vulnerability in sample/xls2mysql in ABC Excel Parser Pro 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the parser_path parameter.

7.5
2007-05-24 CVE-2007-2854 BTI Tracker SQL Injection vulnerability in BTITracker Account_Change.PHP

Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.

7.5
2007-05-24 CVE-2007-2851 Lead Technologies Unspecified vulnerability in Lead Technologies Leadtools Raster Variant Object Library 14.5.0.44

A certain ActiveX control in LeadTools Raster Variant Object Library (LTRVR14e.dll) 14.5.0.44 allows remote attackers to overwrite arbitrary files via the WriteDataToFile method.

7.5
2007-05-22 CVE-2007-2826 Madirish Webmail Code Injection vulnerability in Madirish Webmail Madirish Webmail 2.0

PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.

7.5
2007-05-22 CVE-2007-2821 Wordpress SQL Injection vulnerability in Wordpress Admin-Ajax.PHP

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.

7.5
2007-05-22 CVE-2007-2820 Ksign Buffer Overflow vulnerability in Ksign Ksignswat 2.0.3.3

Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.

7.5
2007-05-22 CVE-2007-2817 OL Bookmarks SQL-Injection vulnerability in OL Bookmarks OL Bookmarks 0.7.4

SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-05-22 CVE-2007-2816 OL Bookmarks Code Injection vulnerability in OL Bookmarks OL Bookmarks 0.7.4

Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.

7.5
2007-05-22 CVE-2007-2814 Pegasus Buffer Overflow vulnerability in Pegasus Imagn Activex Control 4.00.041

Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA, (4) DefineImage, (5) DefineImageEx, (6) DefineImageFox, (7) CopyBufToClipExA, (8) LoadEx, (9) LoadFox, and other functions.

7.5
2007-05-22 CVE-2007-2803 Vizayn Urun SQL Injection vulnerability in Vizayn Urun Tanitim Sitesi 0.2

SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.

7.5
2007-05-22 CVE-2007-2793 Geeklog Remote File Include vulnerability in Geeklog 2.X

PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.

7.5
2007-05-22 CVE-2007-2792 COM Yanc SQL Injection vulnerability in COM Yanc COM Yanc 1.4Beta

SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php.

7.5
2007-05-21 CVE-2007-2787 Lead Technologies Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Thumbnail Object Library 14.5.0.44

Stack-based buffer overflow in the BrowseDir function in the (1) lttmb14E.ocx or (2) LTRTM14e.DLL ActiveX control in LeadTools Raster Thumbnail Object Library 14.5.0.44 allows remote attackers to execute arbitrary code via a long argument.

7.5
2007-05-21 CVE-2007-2782 Packeteer Unspecified vulnerability in Packeteer Packetshaper 7.3.0G2/7.5.0G1

Packeteer PacketShaper uses fixed increments in TCP initial sequence number (ISN) values, which allows remote attackers to predict the ISN value, and perform session hijacking or disruption.

7.5
2007-05-21 CVE-2007-2779 Libstats Remote File Include vulnerability in Libstats Template_CSV.PHP

PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter.

7.5
2007-05-21 CVE-2007-2777 Alstrasoft Multiple vulnerability in AlstraSoft Template Seller Pro

Unrestricted file upload vulnerability in admin/addsptemplate.php in AlstraSoft Template Seller Pro 3.25 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary .php filename in the zip parameter, which is created under sptemplates/.

7.5
2007-05-21 CVE-2007-2774 Sunlight CMS Remote File Include vulnerability in Sunlight CMS Sunlight CMS 5.3

Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) _connect.php or (2) modules/startup.php.

7.5
2007-05-21 CVE-2007-2773 Zomplog SQL Injection vulnerability in Zomplog Mp3playlist.PHP

SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in Zomplog 3.8 and earlier allows remote attackers to execute arbitrary SQL commands via the speler parameter.

7.5
2007-05-21 CVE-2007-2769 Opendap Remote Command Execution vulnerability in OPeNDAP BES Compressed Files

BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly handle compressed files, which allows remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file.

7.5
2007-05-21 CVE-2007-2685 Jetbox SQL Injection vulnerability in Jetbox CMS 2.1

Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.

7.5
2007-05-24 CVE-2007-0753 Apple USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server

Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.

7.2
2007-05-24 CVE-2007-0752 Apple Multiple Security vulnerability in Apple Mac OS X 2007-005

The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.

7.2

35 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-24 CVE-2007-0740 Apple Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9

Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.

6.8
2007-05-22 CVE-2007-2823 HT Editor Remote Buffer Overflow vulnerability in HT Editor HT Editor 0.5.0/0.8.0

Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width.

6.8
2007-05-22 CVE-2007-2807 Eggheads Remote Buffer Overflow vulnerability in Eggdrop Server Module Message Handling

Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.

6.8
2007-05-22 CVE-2007-2519 PHP Group Unspecified vulnerability in PHP Group Pear

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a ..

6.8
2007-05-22 CVE-2007-2790 VP ASP Cross-Site Scripting vulnerability in Vp-Asp Shopping Cart

Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP Shopping Cart 6.50, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the type parameter.

6.8
2007-05-22 CVE-2007-2788 SUN Numeric Errors vulnerability in SUN Jdk, JRE and SDK

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

6.8
2007-05-21 CVE-2007-2785 Esyndicat Remote Security vulnerability in Esyndicat PRO 1.X

manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, new_pass, new_pass2, status, super, and certain other parameters in an add action.

6.8
2007-05-21 CVE-2007-2781 Wikyblog Cross-Site Scripting vulnerability in WikyBlog

Cross-site scripting (XSS) vulnerability in include/sessionRegister.php in WikyBlog before 1.4.13 allows remote attackers to inject arbitrary web script or HTML, probably via vectors related to a certain data2 array element.

6.8
2007-05-24 CVE-2007-2860 Boastmachine Unspecified vulnerability in Boastmachine 3.0

user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.

6.5
2007-05-24 CVE-2007-2858 Phpbb SQL-Injection vulnerability in Ip-Tracking

SQL injection vulnerability in the IP-Search functionality in the IP-Tracking Mod for phpBB 2.0.x allows remote authenticated administrators to execute arbitrary SQL commands via the Search Query field.

6.5
2007-05-22 CVE-2007-2828 Johntp Cross-Site Request Forgery vulnerability in Adsense-Deluxe

Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php in the AdSense-Deluxe 0.x plugin for WordPress allows remote attackers to perform unspecified actions as arbitrary users via unspecified vectors.

6.0
2007-05-22 CVE-2007-2806 Galix Cross-Site Scripting vulnerability in Galix 2.0

Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters.

5.8
2007-05-23 CVE-2007-2799 File
Sleuth KIT
Numeric Errors vulnerability in multiple products

Integer overflow in the "file" program 4.20, when running on 32-bit systems, as used in products including The Sleuth Kit, might allow user-assisted attackers to execute arbitrary code via a large file that triggers an overflow that bypasses an assert() statement.

5.1
2007-05-25 CVE-2007-1860 Apache Path Traversal vulnerability in Apache Tomcat JK web Server Connector 1.2.19/1.2.20/1.2.22

mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded ..

5.0
2007-05-24 CVE-2007-2830 Madwifi Denial of Service vulnerability in MadWifi

The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system crash) via crafted beacon interval information when scanning for access points, which triggers a divide-by-zero error.

5.0
2007-05-24 CVE-2007-2829 Madwifi Denial of Service vulnerability in MadWifi

The 802.11 network stack in net80211/ieee80211_input.c in MadWifi before 0.9.3.1 allows remote attackers to cause a denial of service (system hang) via a crafted length field in nested 802.3 Ethernet frames in Fast Frame packets, which results in a NULL pointer dereference.

5.0
2007-05-24 CVE-2006-7205 PHP Group Denial-Of-Service vulnerability in PHP Group PHP 4.4.2/5.1.2

The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.

5.0
2007-05-22 CVE-2006-3894 RSA Remote ASN.1 Denial of Service vulnerability in RSA BSAFE Library

The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used by RSA BSAFE, multiple Cisco products, and other products, allows remote attackers to cause a denial of service via malformed ASN.1 objects.

5.0
2007-05-21 CVE-2007-2786 Ircd Ratbox Denial Of Service vulnerability in IRCD RatBox Pending Connections

Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote attackers to cause a denial of service (resource exhaustion) by making many requests from a single client.

5.0
2007-05-21 CVE-2007-2780 Psychostats Information Exposure vulnerability in Psychostats

PsychoStats 3.0.6b and earlier allows remote attackers to obtain sensitive information via a request for server.php with a missing or invalid newtheme parameter, which reveals a path in an error message.

5.0
2007-05-21 CVE-2007-2684 Jetbox SQL-Injection vulnerability in Jetbox CMS 2.1

Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.

5.0
2007-05-24 CVE-2007-2832 Cisco Cross-Site Scripting vulnerability in Cisco CallManager Search Form

Cross-site scripting (XSS) vulnerability in the web application firewall in Cisco CallManager before 3.3(5)sr3, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to CCMAdmin/serverlist.asp (aka the search-form) and possibly other unspecified vectors.

4.3
2007-05-22 CVE-2007-2825 Atmail Cross-Site Scripting vulnerability in @Mail Links/Images

Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.

4.3
2007-05-22 CVE-2007-2819 Track Cross-Site Scripting vulnerability in Track+ ReportItem.DO

Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter.

4.3
2007-05-22 CVE-2007-2818 Cactusoft Cross-Site Scripting vulnerability in Cactusoft Parodia Cand_Login.ASP

Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.

4.3
2007-05-22 CVE-2007-2812 Hlstats Cross-Site Scripting vulnerability in HLstats

Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter.

4.3
2007-05-22 CVE-2007-2811 OSK Cross-Site Scripting vulnerability in OSK Advance-Flow

Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-05-22 CVE-2007-2808 GNU
Yngve Svendsen
Cross-Site Scripting vulnerability in GNU GNATS Gnatsweb.PL

Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.

4.3
2007-05-22 CVE-2007-2805 Clientexec Cross-Site Scripting vulnerability in ClientExec

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.

4.3
2007-05-22 CVE-2007-2804 Candypress Cross-Site Scripting vulnerability in CandyPress Store ProdList.ASP

Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters.

4.3
2007-05-22 CVE-2007-2802 RM Cross-Site Scripting vulnerability in Rm Easymail Plus

Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.

4.3
2007-05-22 CVE-2007-2686 Jetbox Cross-Site Scripting vulnerability in Jetbox CMS 2.1

Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.

4.3
2007-05-22 CVE-2007-2789 SUN Resource Management Errors vulnerability in SUN Jdk, JRE and SDK

The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.

4.3
2007-05-21 CVE-2007-2768 Openbsd
Netapp
Information Exposure vulnerability in multiple products

OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.

4.3
2007-05-21 CVE-2007-1355 Apache Cross-Site Scripting vulnerability in Apache Tomcat Documentation Sample Application

Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-24 CVE-2007-0751 Apple Multiple Security vulnerability in Apple Mac OS X 2007-005

A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.

2.1
2007-05-22 CVE-2006-7204 PHP Unspecified vulnerability in PHP

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

2.1