Weekly Vulnerabilities Reports > May 28 to June 3, 2007
Overview
104 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 69 vendors including Microsoft, Mozilla, SUN, Jelsoft, and F Secure. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Code Injection", and "Cross-site Scripting".
- 97 reported vulnerabilities are remotely exploitables.
- 28 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 101 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-01 | CVE-2007-2985 | Pheap | Permissions, Privileges, and Access Controls vulnerability in Pheap 2.0 Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php. | 10.0 |
2007-06-01 | CVE-2007-2974 | Avira | Remote vulnerability in Avira Antivir Antivirus Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around." | 10.0 |
2007-05-31 | CVE-2007-2967 | F Secure | Improper Input Validation vulnerability in F-Secure products Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files. | 10.0 |
2007-05-31 | CVE-2007-2946 | Lead Technologies | Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Dialog File Object 14.5.0.44 Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value. | 10.0 |
2007-05-31 | CVE-2007-2938 | Honeywell Microsoft | Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods. | 10.0 |
2007-05-29 | CVE-2007-2881 | SUN | Buffer Overflow vulnerability in Sun Java Web Proxy Server Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. | 10.0 |
2007-06-01 | CVE-2007-2987 | Zenturi | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zenturi Programchecker Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods. | 9.3 |
2007-06-01 | CVE-2007-2982 | BT | Buffer Overflow vulnerability in BT Business Connect Webhelper Activex Control 1.0.0.6 Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-06-01 | CVE-2007-2981 | Lead Technologies | Buffer Errors vulnerability in Lead Technologies Leadtools Raster OCR Document Object Library 14.5.0.44 Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property. | 9.3 |
2007-06-01 | CVE-2007-2917 | Authentium | Buffer Overflow vulnerability in Authentium Command Antivirus ActiveX Control ODAPI.DLL Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-06-01 | CVE-2007-2868 | Mozilla | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | 9.3 |
2007-06-01 | CVE-2007-2867 | Mozilla | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. | 9.3 |
2007-06-01 | CVE-2007-0328 | Macrovision | Unspecified vulnerability in Macrovision Flexnet Connect and Update Service The DWUpdateService ActiveX control in the agent (agent.exe) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allows remote attackers to execute arbitrary commands via (1) the Execute method, and obtain the exit status using (2) the GetExitCode method. | 9.3 |
2007-05-30 | CVE-2007-2884 | Microsoft | Improper Input Validation vulnerability in Microsoft Visual Basic 6.0 Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field. | 9.3 |
2007-05-29 | CVE-2007-2388 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations. | 9.3 |
37 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-30 | CVE-2007-2911 | Jelsoft | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin before 3.6.6 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached After" field (GPC['search']['datelineafter'] variable), a related issue to CVE-2007-1573. | 8.5 |
2007-06-01 | CVE-2007-2989 | SUN | Denial of Service vulnerability in SUN Solaris 9.0 The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. | 7.8 |
2007-06-01 | CVE-2007-2979 | Techno Dreams | Information Disclosure vulnerability in Techno Dreams web Directory 2.0 Techno Dreams Web Directory / Search Engine 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database.mdb. | 7.8 |
2007-06-01 | CVE-2007-2977 | Domjudge | Denial-Of-Service vulnerability in DOMjudge Buffer overflow in the receive function in submit/submitcommon.c in the submit daemon in DOMjudge before 2.0.0RC1 allows remote attackers to cause a denial of service or have other unspecified impact. | 7.8 |
2007-06-01 | CVE-2007-2973 | Avira | Remote vulnerability in Avira Antivir Antivirus Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed TAR archive. | 7.8 |
2007-06-01 | CVE-2007-2972 | Avira | Remote vulnerability in Avira Antivir Antivirus The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 allows remote attackers to cause a denial of service (application crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | 7.8 |
2007-05-31 | CVE-2007-2934 | Windy Road | Directory Traversal vulnerability in Windy Road Vistered Little 1.6A Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-05-30 | CVE-2007-2888 | EZB Systems | Stack Buffer Overflow vulnerability in UltraISO Cue File Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. | 7.6 |
2007-06-01 | CVE-2007-2988 | Inout Scripts | Remote PHP Code Execution vulnerability in Inout Metasearch Engine Create_Engine.PHP A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a request to admin/generate_tabs.php. | 7.5 |
2007-06-01 | CVE-2007-2986 | Nexen | Remote Security vulnerability in Nexen Adminbot MX 9.0.5 PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. | 7.5 |
2007-06-01 | CVE-2007-2975 | Ignite Realtime | Permissions, Privileges, and Access Controls vulnerability in Ignite Realtime Openfire The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in web.xml, which allows remote attackers to gain privileges and execute arbitrary code by accessing functionality that is exposed through DWR, as demonstrated using the downloader. | 7.5 |
2007-06-01 | CVE-2007-2971 | Greg Neustaetter | SQL Injection vulnerability in gCards GetNewsItem.PHP SQL injection vulnerability in getnewsitem.php in gCards 1.46 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | 7.5 |
2007-06-01 | CVE-2007-2969 | Wanewsletter | Remote File Include vulnerability in WANewsletter Waroot Parameter PHP remote file inclusion vulnerability in newsletter.php in WAnewsletter 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the waroot parameter. | 7.5 |
2007-05-31 | CVE-2007-2966 | F Secure | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in F-Secure products Buffer overflow in the LHA decompression component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335. | 7.5 |
2007-05-31 | CVE-2007-2961 | Filecloset | Arbitrary File Upload vulnerability in Filecloset 1.1.5 Unrestricted file upload vulnerability in FileCloset before 1.1.5 allows remote attackers to upload arbitrary PHP files via unspecified vectors. | 7.5 |
2007-05-31 | CVE-2007-2960 | Scallywag ORG | File-Upload vulnerability in Scallywag.Org Scallywag 20050425 Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2007-05-31 | CVE-2007-2959 | Cpcommerce | SQL Injection vulnerability in CPCommerce Manufacturer.PHP SQL injection vulnerability in manufacturer.php in cpCommerce before 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id_manufacturer parameter. | 7.5 |
2007-05-31 | CVE-2007-2947 | David Branco | Remote File Include vulnerability in David Branco Openbase 0.6Alpha Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the root_prefix parameter to (1) index.php, (2) email_subscribe.php, (3) download.php, or (4) development.php. | 7.5 |
2007-05-31 | CVE-2007-2942 | MY Little Homepage | SQL Injection vulnerability in My Little Forum User.PHP SQL injection vulnerability in user.php in My Little Forum 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-05-31 | CVE-2007-2941 | Michael Brandon | Remote File Include vulnerability in Michael Brandon Vbgsitemap 2.41 Multiple PHP remote file inclusion vulnerabilities in the creator in vBulletin Google Yahoo Site Map (vBGSiteMap) 2.41 for vBulletin allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) vbgsitemap/vbgsitemap-config.php or (2) vbgsitemap/vbgsitemap-vbseo.php. | 7.5 |
2007-05-31 | CVE-2007-2937 | Troforum | Remote File Include vulnerability in Troforum 0.1 PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. | 7.5 |
2007-05-31 | CVE-2007-2936 | Frequency Clock | Remote File Include vulnerability in Frequency Clock Frequency Clock 0.1Beta Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. | 7.5 |
2007-05-31 | CVE-2007-2935 | Fundanemt | Remote Command Execution vulnerability in Fundanemt SpellCheck.PHP core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. | 7.5 |
2007-05-31 | CVE-2007-2933 | Phil A Form | SQL-Injection vulnerability in Phil-A-Form 1.2.0.0 SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. | 7.5 |
2007-05-30 | CVE-2007-2905 | 2Z Project | SQL-Injection vulnerability in 2Z Project 2Z Project 0.9.5 SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the post_id parameter. | 7.5 |
2007-05-30 | CVE-2007-2902 | Dokeos | SQL-Injection vulnerability in Dokeos SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course parameter. | 7.5 |
2007-05-30 | CVE-2007-2899 | Navboard | Code Injection vulnerability in Navboard 16 Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. | 7.5 |
2007-05-30 | CVE-2007-2898 | 2Z Project | SQL Injection vulnerability in 2Z Project 2Z Project 0.9.5 SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | 7.5 |
2007-05-30 | CVE-2007-2897 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Server 6.0 Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests. | 7.5 |
2007-05-30 | CVE-2007-2895 | Lead Technologies | Buffer Overflow vulnerability in Lead Technologies Leadtools Raster Dialog File Object 14.5.0.44 Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 in LeadTools Raster Dialog File Object allows remote attackers to execute arbitrary code via a long Directory property value. | 7.5 |
2007-05-30 | CVE-2007-2891 | Firmworx | Remote File Include vulnerability in Firmworx 0.1.2 Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bank_data[root] parameter to modules/bank/includes/design/main.inc.php, or the (2) fm_data[root] parameter to (a) includes/config/master.inc.php or (b) includes/functions/master.inc.php. | 7.5 |
2007-05-30 | CVE-2007-2890 | Cpcommerce | SQL Injection vulnerability in CPCommerce Category.PHP SQL injection vulnerability in category.php in cpCommerce 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id_category parameter. | 7.5 |
2007-05-30 | CVE-2007-2889 | Dokeos | SQL Injection vulnerability in Dokeos CourseLog.PHP SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. | 7.5 |
2007-05-31 | CVE-2007-2965 | F Secure | Local Security vulnerability in Internet Gatekeeper Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space." | 7.2 |
2007-05-30 | CVE-2007-2893 | Bochs Project | Buffer Errors vulnerability in Bochs Project Bochs 2.3 Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow." | 7.2 |
2007-05-29 | CVE-2007-2877 | TCL TK | Local Security vulnerability in Tcl Tk Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 allows local users to gain privileges via long registry key paths. | 7.2 |
2007-05-29 | CVE-2007-2389 | Apple Microsoft | Information Disclosure vulnerability in Apple Quicktime 7.1.6 Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | 7.1 |
50 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-01 | CVE-2007-2984 | Media Technology Group | Buffer Errors vulnerability in Media Technology Group Cdpass Activex Control 1.0.0.13 Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method. | 6.8 |
2007-06-01 | CVE-2007-2980 | Lead Technologies | Buffer Errors vulnerability in Lead Technologies products Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS LEAD Raster ISIS Object (LTRIS14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long DriverName property, a different ActiveX control than CVE-2007-2827. | 6.8 |
2007-06-01 | CVE-2007-2978 | Eggblog | Link Following vulnerability in Eggblog Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 6.8 |
2007-06-01 | CVE-2007-2918 | Logitech | ActiveX Controls Multiple Buffer Overflow vulnerability in Logitech VideoCall Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in (a) vibecontrol.dll, (2) CallManager and (3) ViewerClient in (b) StarClient.dll, (4) ComLink in (c) uicomlink.dll, and (5) WebCamXMP in (d) wcamxmp.dll in Logitech VideoCall allow remote attackers to cause a denial of service (browser crash) and execute arbitrary code via unspecified vectors. | 6.8 |
2007-05-31 | CVE-2007-2943 | Webavis | Remote Security vulnerability in Webavis PHP remote file inclusion vulnerability in class/class.php in Webavis 0.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | 6.8 |
2007-05-31 | CVE-2007-2940 | Flap | Remote File Include vulnerability in Flap 1.0Beta Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. | 6.8 |
2007-05-31 | CVE-2007-2939 | Mazens PHP Chat | Remote File Include vulnerability in Mazens PHP Chat Mazens PHP Chat 3.0.0 Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php in include/pear/. | 6.8 |
2007-05-30 | CVE-2007-0693 | Dian Gemilang | SQL Injection vulnerability in Dgnews 1.5.1/2.1 SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newslist action. | 6.8 |
2007-05-30 | CVE-2007-2900 | Scallywag ORG | Code Injection vulnerability in Scallywag.Org Scallywag 20050425 Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | 6.8 |
2007-05-29 | CVE-2007-0246 | Gforge | Remote Arbitrary Command Execution vulnerability in GForge plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATH_INFO. | 6.8 |
2007-05-31 | CVE-2007-2964 | F Secure | Remote Denial of Service vulnerability in F-Secure Policy Manager FSMSH.DLL The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. | 5.0 |
2007-05-31 | CVE-2007-2945 | Rmforum | Information Disclosure vulnerability in Rmforum RMForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for rmforum.mdb. | 5.0 |
2007-05-31 | CVE-2007-2944 | Wabcms | Permissions, Privileges, and Access Controls vulnerability in Wabcms 1.0 WabCMS 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/wabcmsn.mdb. | 5.0 |
2007-05-30 | CVE-2007-0692 | Dgnews | Information Disclosure vulnerability in Dgnews 2.1 DGNews 2.1 allows remote attackers to obtain sensitive information via a fullnews request to news.php with an invalid newsid parameter, and other unspecified vectors, which reveal the path in various error messages. | 5.0 |
2007-05-30 | CVE-2007-0690 | Myevent | Information Disclosure vulnerability in Myevent 1.6 myEvent 1.6 allows remote attackers to obtain sensitive information via (1) a Log In action without a password to login.php, or an invalid (2) view[] or (3) monthno[] parameter to myevent.php, which reveals the path in various error messages. | 5.0 |
2007-05-30 | CVE-2007-2912 | Jelsoft | Remote Security vulnerability in vBulletin Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. | 5.0 |
2007-05-30 | CVE-2007-2906 | SUN | Denial-Of-Service vulnerability in SUN Java Embedding Plugin 0.9.6.1 Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. | 5.0 |
2007-05-30 | CVE-2007-2903 | Microsoft | Buffer Overflow vulnerability in Microsoft Office 2000 Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. | 5.0 |
2007-05-30 | CVE-2007-2886 | Nortel | Remote Denial of Service vulnerability in Nortel Communications Server 1000E/1000M/1000S Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service (card hang) via unspecified vectors. | 5.0 |
2007-05-30 | CVE-2007-2882 | SUN | Denial of Service vulnerability in Sun Solaris NFS Client Module ACL(2) Packets Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. | 5.0 |
2007-05-29 | CVE-2007-2451 | Linux | Unspecified vulnerability in Linux Kernel GEODE-AES Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2007-06-01 | CVE-2007-2990 | SUN | Local Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. | 4.9 |
2007-05-30 | CVE-2007-2907 | SSL Explorer | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ssl-Explorer Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote authenticated users to enter redirect URLs containing (1) JavaScript or (2) HTTP headers via an unspecified vector, possibly the forwardTo parameter to redirect.do. | 4.9 |
2007-05-29 | CVE-2007-2878 | Linux | Local Denial of Service vulnerability in Linux Kernel 2.6.21.1 The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors. | 4.9 |
2007-05-30 | CVE-2007-2883 | Credant | Information Disclosure vulnerability in Credant Mobile Guardian Shield Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. | 4.6 |
2007-06-01 | CVE-2007-2976 | Cetrinity | Cross-Site Scripting vulnerability in Cetrinity Firstclass and Server and Internet Services Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
2007-06-01 | CVE-2007-2970 | 8E6 Technologies | Cross-Site Scripting vulnerability in 8e6 R3000 Internet Filter Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi in 8e6 R3000 Internet Filter allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) CAT, and (3) USER parameters. | 4.3 |
2007-06-01 | CVE-2007-2968 | Cpcommerce | HTML Injection vulnerability in CPCommerce Full Name Field Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field). | 4.3 |
2007-06-01 | CVE-2007-2871 | Mozilla | Remote vulnerability in Mozilla Products Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. | 4.3 |
2007-06-01 | CVE-2007-2870 | Mozilla | Remote vulnerability in Mozilla Products Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. | 4.3 |
2007-06-01 | CVE-2007-2869 | Mozilla | Remote vulnerability in Mozilla Products The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. | 4.3 |
2007-06-01 | CVE-2007-1362 | Mozilla | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." | 4.3 |
2007-05-31 | CVE-2007-2963 | Invision Power Services | Cross-Site Scripting vulnerability in Invision Power Board Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. | 4.3 |
2007-05-31 | CVE-2007-2962 | Particle Soft | Cross-Site Scripting vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1 Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter. | 4.3 |
2007-05-31 | CVE-2007-2932 | Boastmachine | Unspecified vulnerability in Boastmachine 3.1 Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. | 4.3 |
2007-05-30 | CVE-2007-0694 | Dian Gemilang | Cross-Site Scripting vulnerability in Dian Gemilang Dgnews 2.1 Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 allows remote attackers to inject arbitrary web script or HTML via the copyright parameter. | 4.3 |
2007-05-30 | CVE-2007-2916 | Gmtt | Cross-Site Scripting vulnerability in Gmtt Music Distro 1.2 Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. | 4.3 |
2007-05-30 | CVE-2007-2915 | RM Easymail | Cross-Site Scripting vulnerability in Rm Easymail Plus Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. | 4.3 |
2007-05-30 | CVE-2007-2914 | Psychostats | Cross-Site Scripting vulnerability in Psychostats 3.0.6B Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | 4.3 |
2007-05-30 | CVE-2007-2913 | Clonuswiki | Cross-Site Scripting vulnerability in Clonuswiki 0.5 Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
2007-05-30 | CVE-2007-2910 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |
2007-05-30 | CVE-2007-2908 | Jelsoft | HTML Injection vulnerability in VBulletin Calendar.PHP Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action. | 4.3 |
2007-05-30 | CVE-2007-2904 | SUN | Cross-Site Scripting vulnerability in Java System Messaging Server Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. | 4.3 |
2007-05-30 | CVE-2007-2901 | Dokeos | SQL Injection and Cross-Site Scripting vulnerability in Dokeos Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors. | 4.3 |
2007-05-30 | CVE-2007-2896 | Microsoft Symantec | Denial of Service vulnerability in Symantec Enterprise Security Manager 6.5.3 Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 managers and agents on Windows before 20070524 allows remote attackers to cause a denial of service (CPU consumption and application hang) via certain network scans to ESM ports. | 4.3 |
2007-05-30 | CVE-2007-2892 | ASP Nuke | Cross-Site Scripting vulnerability in Asp-Nuke 2.0.7 Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2007-05-30 | CVE-2007-2887 | Forsnet | Cross-Site Scripting vulnerability in Forsnet web Icerik Yonetim Sistemi 1.0 Cross-site scripting (XSS) vulnerability in index.php in Web Icerik Yonetim Sistemi (WIYS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the No parameter in the Sayfa page. | 4.3 |
2007-05-30 | CVE-2007-2885 | Microsoft | Buffer Overflow vulnerability in Microsoft Visual Database Tools Database Designer 7.0 The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in VDT70.DLL in Microsoft Visual Database Tools (MSVDT) Database Designer 7.0 allows remote attackers to cause a denial of service (Internet Explorer 6 crash) via a long argument. | 4.3 |
2007-05-29 | CVE-2007-2880 | Digiappz | Cross-Site Scripting vulnerability in Digiappz Digirez 3.4 Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Room_name parameter to room/info_book.asp or the (2) curYear parameter to room/week.asp. | 4.3 |
2007-05-29 | CVE-2007-2879 | Gnuturk | Cross-Site Scripting vulnerability in Gnuturk Portal System 3G Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk Portal System 3G allows remote attackers to inject arbitrary web script or HTML via the month parameter. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-05-30 | CVE-2007-2909 | Jelsoft | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update. | 3.5 |
2007-05-30 | CVE-2007-2894 | Bochs Project | Buffer Overflow and Denial Of Service vulnerability in Bochs Project Bochs 2.3 The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. | 2.1 |