Weekly Vulnerabilities Reports > May 28 to June 3, 2007

Overview

104 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 69 vendors including Microsoft, Mozilla, SUN, Jelsoft, and F Secure. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Code Injection", and "Cross-site Scripting".

  • 97 reported vulnerabilities are remotely exploitables.
  • 28 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 101 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-01 CVE-2007-2985 Pheap Permissions, Privileges, and Access Controls vulnerability in Pheap 2.0

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.

10.0
2007-06-01 CVE-2007-2974 Avira Remote vulnerability in Avira Antivir Antivirus

Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."

10.0
2007-05-31 CVE-2007-2967 F Secure Improper Input Validation vulnerability in F-Secure products

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

10.0
2007-05-31 CVE-2007-2946 Lead Technologies Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Dialog File Object 14.5.0.44

Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.

10.0
2007-05-31 CVE-2007-2938 Honeywell
Microsoft
Buffer Overflow vulnerability in Ademco ATNBaseLoader100 ActiveX Control

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.

10.0
2007-05-29 CVE-2007-2881 SUN Buffer Overflow vulnerability in Sun Java Web Proxy Server

Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.

10.0
2007-06-01 CVE-2007-2987 Zenturi Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zenturi Programchecker

Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.

9.3
2007-06-01 CVE-2007-2982 BT Buffer Overflow vulnerability in BT Business Connect Webhelper Activex Control 1.0.0.6

Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-06-01 CVE-2007-2981 Lead Technologies Buffer Errors vulnerability in Lead Technologies Leadtools Raster OCR Document Object Library 14.5.0.44

Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.

9.3
2007-06-01 CVE-2007-2917 Authentium Buffer Overflow vulnerability in Authentium Command Antivirus ActiveX Control ODAPI.DLL

Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-06-01 CVE-2007-2868 Mozilla Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

9.3
2007-06-01 CVE-2007-2867 Mozilla Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.

9.3
2007-06-01 CVE-2007-0328 Macrovision Unspecified vulnerability in Macrovision Flexnet Connect and Update Service

The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method.

9.3
2007-05-30 CVE-2007-2884 Microsoft Improper Input Validation vulnerability in Microsoft Visual Basic 6.0

Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.

9.3
2007-05-29 CVE-2007-2388 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime 7.1.6

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

9.3

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-30 CVE-2007-2911 Jelsoft SQL-Injection vulnerability in vBulletin

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573.

8.5
2007-06-01 CVE-2007-2989 SUN Denial of Service vulnerability in SUN Solaris 9.0

The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500.

7.8
2007-06-01 CVE-2007-2979 Techno Dreams Information Disclosure vulnerability in Techno Dreams web Directory 2.0

Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb.

7.8
2007-06-01 CVE-2007-2977 Domjudge Denial-Of-Service vulnerability in DOMjudge

Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact.

7.8
2007-06-01 CVE-2007-2973 Avira Remote vulnerability in Avira Antivir Antivirus

Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive.

7.8
2007-06-01 CVE-2007-2972 Avira Remote vulnerability in Avira Antivir Antivirus

The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error.

7.8
2007-05-31 CVE-2007-2934 Windy Road Directory Traversal vulnerability in Windy Road Vistered Little 1.6A

Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a ..

7.8
2007-05-30 CVE-2007-2888 EZB Systems Stack Buffer Overflow vulnerability in UltraISO Cue File

Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761.

7.6
2007-06-01 CVE-2007-2988 Inout Scripts Remote PHP Code Execution vulnerability in Inout Metasearch Engine Create_Engine.PHP

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php.

7.5
2007-06-01 CVE-2007-2986 Nexen Remote Security vulnerability in Nexen Adminbot MX 9.0.5

PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter.

7.5
2007-06-01 CVE-2007-2975 Ignite Realtime Permissions, Privileges, and Access Controls vulnerability in Ignite Realtime Openfire

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader.

7.5
2007-06-01 CVE-2007-2971 Greg Neustaetter SQL Injection vulnerability in gCards GetNewsItem.PHP

SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

7.5
2007-06-01 CVE-2007-2969 Wanewsletter Remote File Include vulnerability in WANewsletter Waroot Parameter

PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter.

7.5
2007-05-31 CVE-2007-2966 F Secure Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in F-Secure products

Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

7.5
2007-05-31 CVE-2007-2961 Filecloset Arbitrary File Upload vulnerability in Filecloset 1.1.5

Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors.

7.5
2007-05-31 CVE-2007-2960 Scallywag ORG File-Upload vulnerability in Scallywag.Org Scallywag 20050425

Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a ..

7.5
2007-05-31 CVE-2007-2959 Cpcommerce SQL Injection vulnerability in CPCommerce Manufacturer.PHP

SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter.

7.5
2007-05-31 CVE-2007-2947 David Branco Remote File Include vulnerability in David Branco Openbase 0.6Alpha

Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php.

7.5
2007-05-31 CVE-2007-2942 MY Little Homepage SQL Injection vulnerability in My Little Forum User.PHP

SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-05-31 CVE-2007-2941 Michael Brandon Remote File Include vulnerability in Michael Brandon Vbgsitemap 2.41

Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php.

7.5
2007-05-31 CVE-2007-2937 Troforum Remote File Include vulnerability in Troforum 0.1

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter.

7.5
2007-05-31 CVE-2007-2936 Frequency Clock Remote File Include vulnerability in Frequency Clock Frequency Clock 0.1Beta

Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.

7.5
2007-05-31 CVE-2007-2935 Fundanemt Remote Command Execution vulnerability in Fundanemt SpellCheck.PHP

core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter.

7.5
2007-05-31 CVE-2007-2933 Phil A Form SQL-Injection vulnerability in Phil-A-Form 1.2.0.0

SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.

7.5
2007-05-30 CVE-2007-2905 2Z Project SQL-Injection vulnerability in 2Z Project 2Z Project 0.9.5

SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

7.5
2007-05-30 CVE-2007-2902 Dokeos SQL-Injection vulnerability in Dokeos

SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter.

7.5
2007-05-30 CVE-2007-2899 Navboard Code Injection vulnerability in Navboard 16

Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action.

7.5
2007-05-30 CVE-2007-2898 2Z Project SQL Injection vulnerability in 2Z Project 2Z Project 0.9.5

SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.

7.5
2007-05-30 CVE-2007-2897 Microsoft Unspecified vulnerability in Microsoft Internet Information Server 6.0

Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.

7.5
2007-05-30 CVE-2007-2895 Lead Technologies Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Dialog File Object 14.5.0.44

Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value.

7.5
2007-05-30 CVE-2007-2891 Firmworx Remote File Include vulnerability in Firmworx 0.1.2

Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php.

7.5
2007-05-30 CVE-2007-2890 Cpcommerce SQL Injection vulnerability in CPCommerce Category.PHP

SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter.

7.5
2007-05-30 CVE-2007-2889 Dokeos SQL Injection vulnerability in Dokeos CourseLog.PHP

SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.

7.5
2007-05-31 CVE-2007-2965 F Secure Local Security vulnerability in Internet Gatekeeper

Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."

7.2
2007-05-30 CVE-2007-2893 Bochs Project Buffer Errors vulnerability in Bochs Project Bochs 2.3

Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."

7.2
2007-05-29 CVE-2007-2877 TCL TK Local Security vulnerability in Tcl Tk

Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths.

7.2
2007-05-29 CVE-2007-2389 Apple
Microsoft
Information Disclosure vulnerability in Apple Quicktime 7.1.6

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-01 CVE-2007-2984 Media Technology Group Buffer Errors vulnerability in Media Technology Group Cdpass Activex Control 1.0.0.13

Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method.

6.8
2007-06-01 CVE-2007-2980 Lead Technologies Buffer Errors vulnerability in Lead Technologies products

Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827.

6.8
2007-06-01 CVE-2007-2978 Eggblog Link Following vulnerability in Eggblog

Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

6.8
2007-06-01 CVE-2007-2918 Logitech ActiveX Controls Multiple Buffer Overflow vulnerability in Logitech VideoCall

Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors.

6.8
2007-05-31 CVE-2007-2943 Webavis Remote Security vulnerability in Webavis

PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

6.8
2007-05-31 CVE-2007-2940 Flap Remote File Include vulnerability in Flap 1.0Beta

Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php.

6.8
2007-05-31 CVE-2007-2939 Mazens PHP Chat Remote File Include vulnerability in Mazens PHP Chat Mazens PHP Chat 3.0.0

Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/.

6.8
2007-05-30 CVE-2007-0693 Dian Gemilang SQL Injection vulnerability in Dgnews 1.5.1/2.1

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action.

6.8
2007-05-30 CVE-2007-2900 Scallywag ORG Code Injection vulnerability in Scallywag.Org Scallywag 20050425

Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/.

6.8
2007-05-29 CVE-2007-0246 Gforge Remote Arbitrary Command Execution vulnerability in GForge

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO.

6.8
2007-05-31 CVE-2007-2964 F Secure Remote Denial of Service vulnerability in F-Secure Policy Manager FSMSH.DLL

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs.

5.0
2007-05-31 CVE-2007-2945 Rmforum Information Disclosure vulnerability in Rmforum

RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb.

5.0
2007-05-31 CVE-2007-2944 Wabcms Permissions, Privileges, and Access Controls vulnerability in Wabcms 1.0

WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb.

5.0
2007-05-30 CVE-2007-0692 Dgnews Information Disclosure vulnerability in Dgnews 2.1

DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages.

5.0
2007-05-30 CVE-2007-0690 Myevent Information Disclosure vulnerability in Myevent 1.6

myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages.

5.0
2007-05-30 CVE-2007-2912 Jelsoft Remote Security vulnerability in vBulletin

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user.

5.0
2007-05-30 CVE-2007-2906 SUN Denial-Of-Service vulnerability in SUN Java Embedding Plugin 0.9.6.1

Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method.

5.0
2007-05-30 CVE-2007-2903 Microsoft Buffer Overflow vulnerability in Microsoft Office 2000

Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument.

5.0
2007-05-30 CVE-2007-2886 Nortel Remote Denial of Service vulnerability in Nortel Communications Server 1000E/1000M/1000S

Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors.

5.0
2007-05-30 CVE-2007-2882 SUN Denial of Service vulnerability in Sun Solaris NFS Client Module ACL(2) Packets

Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets.

5.0
2007-05-29 CVE-2007-2451 Linux Unspecified vulnerability in Linux Kernel GEODE-AES

Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.

5.0
2007-06-01 CVE-2007-2990 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.

4.9
2007-05-30 CVE-2007-2907 SSL Explorer Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ssl-Explorer

Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do.

4.9
2007-05-29 CVE-2007-2878 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.21.1

The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.

4.9
2007-05-30 CVE-2007-2883 Credant Information Disclosure vulnerability in Credant Mobile Guardian Shield

Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image.

4.6
2007-06-01 CVE-2007-2976 Cetrinity Cross-Site Scripting vulnerability in Cetrinity Firstclass and Server and Internet Services

Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

4.3
2007-06-01 CVE-2007-2970 8E6 Technologies Cross-Site Scripting vulnerability in 8e6 R3000 Internet Filter

Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters.

4.3
2007-06-01 CVE-2007-2968 Cpcommerce HTML Injection vulnerability in CPCommerce Full Name Field

Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).

4.3
2007-06-01 CVE-2007-2871 Mozilla Remote vulnerability in Mozilla Products

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane.

4.3
2007-06-01 CVE-2007-2870 Mozilla Remote vulnerability in Mozilla Products

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

4.3
2007-06-01 CVE-2007-2869 Mozilla Remote vulnerability in Mozilla Products

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.

4.3
2007-06-01 CVE-2007-1362 Mozilla Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

4.3
2007-05-31 CVE-2007-2963 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/.

4.3
2007-05-31 CVE-2007-2962 Particle Soft Cross-Site Scripting vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1

Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.

4.3
2007-05-31 CVE-2007-2932 Boastmachine Cross-Site Scripting vulnerability in Boastmachine 3.1

Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.

4.3
2007-05-30 CVE-2007-0694 Dian Gemilang Cross-Site Scripting vulnerability in Dian Gemilang Dgnews 2.1

Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter.

4.3
2007-05-30 CVE-2007-2916 Gmtt Cross-Site Scripting vulnerability in Gmtt Music Distro 1.2

Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.

4.3
2007-05-30 CVE-2007-2915 RM Easymail Cross-Site Scripting vulnerability in Rm Easymail Plus

Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.

4.3
2007-05-30 CVE-2007-2914 Psychostats Cross-Site Scripting vulnerability in Psychostats 3.0.6B

Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files.

4.3
2007-05-30 CVE-2007-2913 Clonuswiki Cross-Site Scripting vulnerability in Clonuswiki 0.5

Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2007-05-30 CVE-2007-2910 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin

Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909.

4.3
2007-05-30 CVE-2007-2908 Jelsoft HTML Injection vulnerability in VBulletin Calendar.PHP

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.

4.3
2007-05-30 CVE-2007-2904 SUN Cross-Site Scripting vulnerability in Java System Messaging Server

Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.

4.3
2007-05-30 CVE-2007-2901 Dokeos SQL Injection and Cross-Site Scripting vulnerability in Dokeos

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.

4.3
2007-05-30 CVE-2007-2896 Microsoft
Symantec
Denial of Service vulnerability in Symantec Enterprise Security Manager 6.5.3

Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports.

4.3
2007-05-30 CVE-2007-2892 ASP Nuke Cross-Site Scripting vulnerability in Asp-Nuke 2.0.7

Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-05-30 CVE-2007-2887 Forsnet Cross-Site Scripting vulnerability in Forsnet web Icerik Yonetim Sistemi 1.0

Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page.

4.3
2007-05-30 CVE-2007-2885 Microsoft Buffer Overflow vulnerability in Microsoft Visual Database Tools Database Designer 7.0

The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument.

4.3
2007-05-29 CVE-2007-2880 Digiappz Cross-Site Scripting vulnerability in Digiappz Digirez 3.4

Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp.

4.3
2007-05-29 CVE-2007-2879 Gnuturk Cross-Site Scripting vulnerability in Gnuturk Portal System 3G

Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-05-30 CVE-2007-2909 Jelsoft Cross-Site Scripting vulnerability in vBulletin

Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.

3.5
2007-05-30 CVE-2007-2894 Bochs Project Buffer Overflow and Denial Of Service vulnerability in Bochs Project Bochs 2.3

The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.

2.1