Weekly Vulnerabilities Reports > June 4 to 10, 2007

Overview

125 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 130 products from 85 vendors including Microsoft, Symantec, Clam Anti Virus, IBM, and Mozilla. Vulnerabilities are notably categorized as "Resource Management Errors", "SQL Injection", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 117 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 119 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • Symantec has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-08 CVE-2007-1685 Bluecoat Remote Buffer Overflow vulnerability in Bluecoat K9 web Protection 3.2.36

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.

10.0
2007-06-07 CVE-2007-3111 Microsoft
Provideo
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
10.0
2007-06-07 CVE-2007-3023 Clam Anti Virus Multiple Unspecified vulnerability in ClamAV

unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

10.0
2007-06-06 CVE-2007-3093 SUN Remote Privilege Escalation vulnerability in Sun Solaris Management Console Logging Mechanism

Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.

10.0
2007-06-06 CVE-2007-2863 Broadcom
CA
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
10.0
2007-06-06 CVE-2007-2419 Macrovision Unspecified vulnerability in Macrovision Flexnet Connect and Update Service

Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328.

10.0
2007-06-05 CVE-2007-3047 Vonage Remote Security vulnerability in Voip Telephone Adapter

The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.

10.0
2007-06-04 CVE-2007-2387 Apple Remote Privilege Escalation vulnerability in Apple Xserve Lights-Out Management Firmware0

Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.

10.0
2007-06-07 CVE-2007-2948 Mplayer CDDB Parsing Buffer Overflow vulnerability in Mplayer 1.0Rc1

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.

9.3
2007-06-06 CVE-2007-2919 E Book Systems Buffer Overflow vulnerability in E-Book Systems FlipViewer FlipViewerX.DLL ActiveX

Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.

9.3
2007-06-06 CVE-2007-3092 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls.

9.3
2007-06-06 CVE-2007-2864 Broadcom
CA
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
9.3
2007-06-06 CVE-2007-0068 IBM Local Privilege Escalation vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2

IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.

9.3
2007-06-06 CVE-2007-3071 Digital River Buffer Overflow vulnerability in Digital River Esellerate SDK 3.6.5.0

Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.

9.3
2007-06-06 CVE-2007-2514 Centennial
Numara
Symantec
Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Filename

Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request.

9.3
2007-06-04 CVE-2007-2279 Symantec Permissions, Privileges, and Access Controls vulnerability in Symantec Veritas Storage Foundation 5.0

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.

9.3
2007-06-06 CVE-2007-3095 Symantec Authentication Bypass vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server

Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.

9.0
2007-06-06 CVE-2007-3094 SUN Remote Privilege Escalation vulnerability in Sun Solaris Management Console Authentication Mechanism

Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.

9.0

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-07 CVE-2007-3115 Maradns Resource Management Errors vulnerability in Maradns

Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116.

7.8
2007-06-07 CVE-2007-3112 THE Cacti Group Denial-Of-Service vulnerability in Cacti

graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.

7.8
2007-06-06 CVE-2007-3087 Peercast Information Disclosure vulnerability in Peercast

Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information.

7.8
2007-06-06 CVE-2007-3083 Rainbowsoft Information Disclosure vulnerability in Rainbowsoft Z-Blog 1.7

Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb.

7.8
2007-06-06 CVE-2007-3082 Sendcard Local File Include vulnerability in SendCard

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.8
2007-06-06 CVE-2007-3076 Zenturi Unspecified vulnerability in Zenturi Programchecker

A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.

7.8
2007-06-06 CVE-2007-3075 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences.

7.8
2007-06-06 CVE-2007-3073 Apple
Unix
Mozilla
Directory Traversal vulnerability in Firefox

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

7.8
2007-06-06 CVE-2007-0067 IBM Remote Denial of Service vulnerability in IBM Lotus Domino Web Server

Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files.

7.8
2007-06-06 CVE-2007-3061 Cactusoft Credentials Management vulnerability in Cactusoft Cactushop

Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb.

7.8
2007-06-05 CVE-2007-0933 Microsoft
D Link
Buffer Overflow vulnerability in D-Link DWL-G650 TIM Information Element Wireless Driver Beacon

Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev.

7.8
2007-06-08 CVE-2007-3138 Open Solution Local File Include vulnerability in Quick.Cart

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a ..

7.5
2007-06-08 CVE-2007-3136 Newssync Remote File Include vulnerability in Newssync 1.5.0Rc6

PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.

7.5
2007-06-07 CVE-2007-3121 Zapping Denial-Of-Service vulnerability in Zapping Vbi Library

Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error.

7.5
2007-06-07 CVE-2007-3119 Kartli Alisveris Sistemi SQL Injection vulnerability in Kartli Alisveris Sistemi Kartli Alisveris Sistemi 1.0

SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

7.5
2007-06-07 CVE-2007-3118 K Letter Remote File Include vulnerability in K-Letter 1.0

Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php.

7.5
2007-06-07 CVE-2007-2512 Alcatel Lucent Unspecified vulnerability in Alcatel-Lucent Omnipcx 7.0

Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems.

7.5
2007-06-06 CVE-2007-3097 F5 Remote Command Injection vulnerability in F5 FirePass 4100 SSL VPN My.Activiation.PHP3

my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter.

7.5
2007-06-06 CVE-2007-3088 Gaya Design SQL Injection vulnerability in ComicSense

SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.

7.5
2007-06-06 CVE-2007-3085 Pbsite Remote Security vulnerability in PBSite

Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.

7.5
2007-06-06 CVE-2007-3084 Comdev Remote Security vulnerability in Comdev web Blogger 4.1

PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441.

7.5
2007-06-06 CVE-2007-3081 Comdev Remote Security vulnerability in Comdev Ecommerce 4.1

PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.

7.5
2007-06-06 CVE-2007-3080 Hunkaray Okul SQL Injection vulnerability in Hunkaray Okul Portaly 1.1

SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-06-06 CVE-2007-3077 Eqdkp SQL Injection vulnerability in EQDKP Listmembers.PHP

SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.

7.5
2007-06-06 CVE-2007-3066 Phpreactor Remote Security vulnerability in Phpreactor

Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983.

7.5
2007-06-06 CVE-2007-3065 Particle Soft SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1

SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862.

7.5
2007-06-06 CVE-2007-3063 Mealex SQL Injection vulnerability in Mealex MY Databook NIL

SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.

7.5
2007-06-06 CVE-2007-3053 Calimero CMS Remote Security vulnerability in Calimero.CMS

Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

7.5
2007-06-06 CVE-2007-3052 Postnuke Software Foundation SQL Injection vulnerability in PostNuke PNPHPBB2 Module

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.

7.5
2007-06-06 CVE-2007-3051 Revokesoft SQL Injection vulnerability in RevokeBB Class_Users.PHP

SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.

7.5
2007-06-06 CVE-2007-3050 Chameleon CMS Improper Authentication vulnerability in Chameleon CMS Chameleon CMS

Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

7.5
2007-06-05 CVE-2007-3021 Symantec Remote Privilege Escalation vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

7.5
2007-06-04 CVE-2007-3003 Mywebland SQL Injection vulnerability in MyBloggie

Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.

7.5
2007-06-04 CVE-2007-3000 PHP Jackknife Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21

Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.

7.5
2007-06-04 CVE-2007-2997 Salescart SQL Injection vulnerability in Salescart Shopping Cart

** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors.

7.5
2007-06-04 CVE-2007-2994 Dian Gemilang SQL Injection vulnerability in Dian Gemilang Dgnews 2.1

SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693.

7.5
2007-06-04 CVE-2007-2992 Omegasoft Input Validation vulnerability in Omegasoft Insel

Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.

7.5
2007-06-05 CVE-2007-3048 GNU Unspecified vulnerability in GNU Screen 4.0.3

** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt.

7.2
2007-06-06 CVE-2007-3091 Microsoft Race Condition vulnerability in Microsoft products

Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."

7.1
2007-06-06 CVE-2007-2237 Microsoft Remote Denial of Service vulnerability in Microsoft Windows GDI+ ICO File

Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

7.1
2007-06-06 CVE-2007-3079 Eqdkp Information Disclosure vulnerability in EQdkp

listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path.

7.1
2007-06-06 CVE-2007-3072 Mozilla Path Traversal vulnerability in Mozilla Firefox

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

7.1

63 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-08 CVE-2007-3139 Open Solution Remote Security vulnerability in Quick.Cart

config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php.

6.8
2007-06-08 CVE-2007-3133 W1L3D4 SQL Injection vulnerability in W1L3D4 Webmarket 0.1

SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

6.8
2007-06-08 CVE-2007-3130 Joomla Code Injection vulnerability in Joomla Jd-Wiki 1.0.2

Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074.

6.8
2007-06-07 CVE-2007-3113 THE Cacti Group Denial-Of-Service vulnerability in Cacti

Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112.

6.8
2007-06-06 CVE-2007-3096 Pblang Local File Include vulnerability in PBLang

Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a ..

6.8
2007-06-06 CVE-2007-3068 DVD X Studios Buffer Overflow vulnerability in DVD X Studios DVD X Player 4.1

Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.

6.8
2007-06-06 CVE-2007-3058 Madirish Webmail Unspecified vulnerability in Madirish Webmail Madirish Webmail 2.0

Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826.

6.8
2007-06-06 CVE-2007-3057 Xoops Module Spaw_Control.Class.PHP Remote File Include vulnerability in Xoops Icontent Module 4.5

PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

6.8
2007-06-04 CVE-2007-3006 Acoustica Buffer Overflow vulnerability in Acoustica MP3 CD Burner 4.32

Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute.

6.8
2007-06-04 CVE-2007-2872 PHP Numeric Errors vulnerability in PHP

Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.

6.8
2007-06-04 CVE-2007-2996 IBM Local Arbitrary Code Execution vulnerability in IBM AIX Perl Interpreter

Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."

6.6
2007-06-08 CVE-2007-3140 Wordpress SQL Injection vulnerability in Wordpress 2.2

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.

6.5
2007-06-07 CVE-2007-3109 Microsoft Remote Security vulnerability in Microsoft Frontpage and Office

The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO.

6.4
2007-06-04 CVE-2007-2452 GNU Local Buffer Overflow vulnerability in GNU Locate Old Format Locate Database

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

6.0
2007-06-08 CVE-2007-3132 Symantec Denial of Service vulnerability in Symantec Ghost Solutions Suite and Norton Ghost

Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp.

5.0
2007-06-08 CVE-2007-3126 THE Gimp Team Denial-Of-Service vulnerability in the Gimp Team Gimp 2.3.14

Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.

5.0
2007-06-07 CVE-2007-3025 SUN
Clam Anti Virus
Denial-Of-Service vulnerability in ClamAV

Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

5.0
2007-06-07 CVE-2007-3123 Clam Anti Virus Remote Denial Of Service vulnerability in Clam AntiVirus ClamAV RAR Handling

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

5.0
2007-06-07 CVE-2007-3122 Clam Anti Virus Security Bypass vulnerability in ClamAV

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

5.0
2007-06-07 CVE-2007-3116 Maradns Resource Management Errors vulnerability in Maradns 1.2.12.06/1.3.05

Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and CVE-2007-3115.

5.0
2007-06-07 CVE-2007-3114 Maradns Resource Management Errors vulnerability in Maradns

Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3115 and CVE-2007-3116.

5.0
2007-06-06 CVE-2007-3098 Castle Rock Computing Remote Denial of Service vulnerability in SNMPC Username/Password

The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.

5.0
2007-06-06 CVE-2007-3059 Sendcard Information Disclosure vulnerability in Sendcard 3.3.0

SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message.

5.0
2007-06-05 CVE-2007-3046 Advanced Software Production Line Denial-Of-Service vulnerability in Vortex Library

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer.

5.0
2007-06-05 CVE-2007-3045 Hitachi
HP
Denial-Of-Service vulnerability in Tp1 Net Osi-Tp-Extended

Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port.

5.0
2007-06-05 CVE-2007-3044 Hitachi
HP
Remote Denial of Service vulnerability in Hitachi XP/W

Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port.

5.0
2007-06-04 CVE-2007-1862 Apache Unspecified vulnerability in Apache Http Server 2.2.4

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.

5.0
2007-06-04 CVE-2007-3007 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string.

5.0
2007-06-04 CVE-2007-3002 PHP Jackknife Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21

PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages.

5.0
2007-06-04 CVE-2007-1593 Symantec Resource Management Errors vulnerability in Symantec Veritas Volume Replicator

The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.

5.0
2007-06-06 CVE-2007-3086 Agnitum Local Denial of Service vulnerability in Agnitum Outpost Firewall Outpost_IPC_HDR

Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex.

4.9
2007-06-04 CVE-2007-2998 HP Local Denial of Service vulnerability in HP Openvms 8.3

The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code.

4.9
2007-06-07 CVE-2007-3124 Freevms Buffer Overflow vulnerability in Freevms 0.3.5

Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt.

4.6
2007-06-06 CVE-2007-3069 SUN Local Arbitrary Command Execution vulnerability in SUN Solaris 10.0

xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence.

4.6
2007-06-08 CVE-2007-3137 Webmaster Solutions Cross-Site Scripting vulnerability in Webmaster Solutions Wmscms 2.0

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter.

4.3
2007-06-08 CVE-2007-3135 Atom Input Validation vulnerability in Atom PhotoBlog AtomPhotoBlog.PHP

Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

4.3
2007-06-08 CVE-2007-3134 Atom Cross-Site Scripting vulnerability in Photoblog

Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments."

4.3
2007-06-08 CVE-2007-3131 Public Warehouse Cross-Site Scripting vulnerability in Public Warehouse Light Blog 4.1

Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-06-07 CVE-2007-3120 Aiocp Cross-Site Scripting vulnerability in All In One Control Panel CP_Dpage.PHP

Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter.

4.3
2007-06-07 CVE-2007-3117 Adplan Cross Site Scripting vulnerability in Adplan SEO 3.0

Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers.

4.3
2007-06-07 CVE-2007-3110 Beatnik Remote Script Code Execution vulnerability in Beatnik Player 1.0

Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

4.3
2007-06-06 CVE-2007-3089 Mozilla Information Disclosure vulnerability in Mozilla Firefox About:Blank IFrame Cross Domain

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568.

4.3
2007-06-06 CVE-2007-3078 Aigaion HTML-injection vulnerability in Aigaion

Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php.

4.3
2007-06-06 CVE-2007-3074 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.

4.3
2007-06-06 CVE-2007-3070 Bdigital WEB Solutions Cross-Site Scripting vulnerability in WebStudio CMS

Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.

4.3
2007-06-06 CVE-2007-3067 Eqdkp Cross-Site Scripting vulnerability in Attunement And Key

Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php.

4.3
2007-06-06 CVE-2007-3064 Mealex Cross-Site Scripting vulnerability in Mealex MY Datebook

Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.

4.3
2007-06-06 CVE-2007-3062 HP Cross Site Scripting vulnerability in HP System Management Homepage (SMH)

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-06 CVE-2007-3060 OSI Codes INC Scripts Multiple Cross-Site Scripting vulnerability in OSI Codes Inc. PHPlive 3.2.2

Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769.

4.3
2007-06-06 CVE-2007-3056 Websvn Cross-Site Scripting vulnerability in Websvn 1.61/2.0

Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter.

4.3
2007-06-06 CVE-2007-3055 Codelib Cross-Site Scripting vulnerability in Codelib Linker

Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

4.3
2007-06-06 CVE-2007-3054 Codelib Cross-Site Scripting vulnerability in Codelib Linker

Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter.

4.3
2007-06-06 CVE-2007-3049 Buttercup WFM Cross-Site Scripting vulnerability in Buttercup WFM Buttercup WFM May2007

Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2007-06-05 CVE-2007-3043 Hitachi Cross-Site Scripting vulnerability in Hitachi products

Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-05 CVE-2007-3042 Meneame Cross-Site Scripting vulnerability in Meneame 1

Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-05 CVE-2007-3022 Symantec Information Disclosure vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.

4.3
2007-06-04 CVE-2007-3009 Mbedthis Software Unspecified vulnerability in Mbedthis Software Mbedthis Appweb Http Server 2.0.54

Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request.

4.3
2007-06-04 CVE-2007-3008 Mbedthis Software Information Exposure vulnerability in Mbedthis Software Mbedthis Appweb Http Server

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.

4.3
2007-06-04 CVE-2007-3001 PHP Jackknife Cross-Site Scripting vulnerability in PHP Jackknife PHP Jackknife 2.21

Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.

4.3
2007-06-04 CVE-2007-2995 IBM Remote Security vulnerability in IBM AIX 5.2.0/5.3

Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.

4.3
2007-06-04 CVE-2007-2993 Omegasoft Cross-Site Scripting vulnerability in Interneserviceslosungen

Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields.

4.3
2007-06-04 CVE-2007-2991 Evenzia Cross-Site Scripting vulnerability in Evenzia Content Management Systems (CMS)

Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2007-06-04 CVE-2007-2513 Novell Man In The Middle vulnerability in Novell Groupwise 6.5/7.0

Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-07 CVE-2007-3024 Clam Anti Virus Multiple Unspecified vulnerability in ClamAV

libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

2.1
2007-06-04 CVE-2007-2999 Microsoft Unspecified vulnerability in Microsoft Windows 2003 Server Gold/Sp1/Sp2

Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.

1.8