Weekly Vulnerabilities Reports > June 4 to 10, 2007
Overview
120 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 83 vendors including Microsoft, Symantec, Clam Anti Virus, IBM, and Mozilla. Vulnerabilities are notably categorized as "Resource Management Errors", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Information Exposure", and "SQL Injection".
- 112 reported vulnerabilities are remotely exploitables.
- 20 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 114 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Symantec has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
18 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-08 | CVE-2007-1685 | Bluecoat | Remote Buffer Overflow vulnerability in Bluecoat K9 web Protection 3.2.36 Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | 10.0 |
| 2007-06-07 | CVE-2007-3111 | Microsoft Provideo | Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value. | 10.0 |
| 2007-06-07 | CVE-2007-3023 | Clam Anti Virus | Multiple Unspecified vulnerability in ClamAV unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. | 10.0 |
| 2007-06-06 | CVE-2007-3093 | SUN | Remote Privilege Escalation vulnerability in Sun Solaris Management Console Logging Mechanism Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. | 10.0 |
| 2007-06-06 | CVE-2007-2863 | Broadcom CA | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file. | 10.0 |
| 2007-06-06 | CVE-2007-2419 | Macrovision | Unspecified vulnerability in Macrovision Flexnet Connect and Update Service Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) third parameter to the AddFileEx method, a different vulnerability than CVE-2007-0328. | 10.0 |
| 2007-06-05 | CVE-2007-3047 | Vonage | Remote Security vulnerability in Voip Telephone Adapter The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. | 10.0 |
| 2007-06-04 | CVE-2007-2387 | Apple | Remote Privilege Escalation vulnerability in Apple Xserve Lights-Out Management Firmware0 Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | 10.0 |
| 2007-06-07 | CVE-2007-2948 | Mplayer | CDDB Parsing Buffer Overflow vulnerability in Mplayer 1.0Rc1 Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | 9.3 |
| 2007-06-06 | CVE-2007-2919 | E Book Systems | Buffer Overflow vulnerability in E-Book Systems FlipViewer FlipViewerX.DLL ActiveX Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties. | 9.3 |
| 2007-06-06 | CVE-2007-3092 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. | 9.3 |
| 2007-06-06 | CVE-2007-2864 | Broadcom CA | Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file. | 9.3 |
| 2007-06-06 | CVE-2007-0068 | IBM | Local Privilege Escalation vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2 IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. | 9.3 |
| 2007-06-06 | CVE-2007-3071 | Digital River | Buffer Overflow vulnerability in Digital River Esellerate SDK 3.6.5.0 Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. | 9.3 |
| 2007-06-06 | CVE-2007-2514 | Centennial Numara Symantec | Remote Buffer Overflow vulnerability in Multiple Vendor XFERWAN.EXE Filename Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. | 9.3 |
| 2007-06-04 | CVE-2007-2279 | Symantec | Permissions, Privileges, and Access Controls vulnerability in Symantec Veritas Storage Foundation 5.0 The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. | 9.3 |
| 2007-06-06 | CVE-2007-3095 | Symantec | Authentication Bypass vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors. | 9.0 |
| 2007-06-06 | CVE-2007-3094 | SUN | Remote Privilege Escalation vulnerability in Sun Solaris Management Console Authentication Mechanism Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. | 9.0 |
38 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-07 | CVE-2007-3115 | Maradns | Resource Management Errors vulnerability in Maradns Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116. | 7.8 |
| 2007-06-07 | CVE-2007-3112 | THE Cacti Group | Denial-Of-Service vulnerability in Cacti graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113. | 7.8 |
| 2007-06-06 | CVE-2007-3087 | Peercast | Information Disclosure vulnerability in Peercast Peercast places a cleartext password in a query string, which might allow attackers to obtain sensitive information by sniffing the network, or obtaining Referer or browser history information. | 7.8 |
| 2007-06-06 | CVE-2007-3083 | Rainbowsoft | Information Disclosure vulnerability in Rainbowsoft Z-Blog 1.7 Z-Blog 1.7 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for zblog.mdb. | 7.8 |
| 2007-06-06 | CVE-2007-3082 | Sendcard | Local File Include vulnerability in SendCard Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.8 |
| 2007-06-06 | CVE-2007-3076 | Zenturi | Unspecified vulnerability in Zenturi Programchecker A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function. | 7.8 |
| 2007-06-06 | CVE-2007-3075 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. | 7.8 |
| 2007-06-06 | CVE-2007-3073 | Apple Unix Mozilla | Directory Traversal vulnerability in Firefox Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | 7.8 |
| 2007-06-06 | CVE-2007-0067 | IBM | Remote Denial of Service vulnerability in IBM Lotus Domino Web Server Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x before 6.5.6, and 7.0.x before 7.0.3 allows remote attackers to cause a denial of service (daemon crash) via requests for URLs that reference certain files. | 7.8 |
| 2007-06-06 | CVE-2007-3061 | Cactusoft | Credentials Management vulnerability in Cactusoft Cactushop Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. | 7.8 |
| 2007-06-05 | CVE-2007-0933 | Microsoft D Link | Buffer Overflow vulnerability in D-Link DWL-G650 TIM Information Element Wireless Driver Beacon Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ (Rev. | 7.8 |
| 2007-06-08 | CVE-2007-3138 | Open Solution | Local File Include vulnerability in Quick.Cart Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2007-06-08 | CVE-2007-3136 | Newssync | Remote File Include vulnerability in Newssync 1.5.0Rc6 PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. | 7.5 |
| 2007-06-07 | CVE-2007-3121 | Zapping | Denial-Of-Service vulnerability in Zapping Vbi Library Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. | 7.5 |
| 2007-06-07 | CVE-2007-3119 | Kartli Alisveris Sistemi | SQL Injection vulnerability in Kartli Alisveris Sistemi Kartli Alisveris Sistemi 1.0 SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
| 2007-06-07 | CVE-2007-3118 | K Letter | Remote File Include vulnerability in K-Letter 1.0 Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter (K-letter) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the scdir parameter to (1) action.php, (2) subs.php, or (3) unsubs.php. | 7.5 |
| 2007-06-07 | CVE-2007-2512 | Alcatel Lucent | Unspecified vulnerability in Alcatel-Lucent Omnipcx 7.0 Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and later enables the mini switch by default, which allows attackers to gain access to the voice VLAN via daisy-chained systems. | 7.5 |
| 2007-06-06 | CVE-2007-3097 | F5 | Remote Command Injection vulnerability in F5 FirePass 4100 SSL VPN My.Activiation.PHP3 my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3088 | Gaya Design | SQL Injection vulnerability in ComicSense SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3085 | Pbsite | Remote Security vulnerability in PBSite Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, (c) setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, (r) help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php. | 7.5 |
| 2007-06-06 | CVE-2007-3084 | Comdev | Remote Security vulnerability in Comdev web Blogger 4.1 PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. | 7.5 |
| 2007-06-06 | CVE-2007-3081 | Comdev | Remote Security vulnerability in Comdev Ecommerce 4.1 PHP remote file inclusion vulnerability in sampleecommerce.php in Comdev eCommerce 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3080 | Hunkaray Okul | SQL Injection vulnerability in Hunkaray Okul Portaly 1.1 SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3077 | Eqdkp | SQL Injection vulnerability in EQDKP Listmembers.PHP SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3066 | Phpreactor | Remote Security vulnerability in Phpreactor Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and (4) polls.inc.php in inc/; and other unspecified files, different vectors than CVE-2006-3983. | 7.5 |
| 2007-06-06 | CVE-2007-3065 | Particle Soft | SQL Injection vulnerability in Particle Soft Particle Gallery 1.0.0/1.0.1 SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. | 7.5 |
| 2007-06-06 | CVE-2007-3063 | Mealex | SQL Injection vulnerability in Mealex MY Databook NIL SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3053 | Calimero CMS | Remote Security vulnerability in Calimero.CMS Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3052 | Postnuke Software Foundation | SQL Injection vulnerability in PostNuke PNPHPBB2 Module SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 |
| 2007-06-06 | CVE-2007-3051 | Revokesoft | SQL Injection vulnerability in RevokeBB Class_Users.PHP SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie. | 7.5 |
| 2007-06-06 | CVE-2007-3050 | Chameleon CMS | Improper Authentication vulnerability in Chameleon CMS Chameleon CMS Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. | 7.5 |
| 2007-06-05 | CVE-2007-3021 | Symantec | Remote Privilege Escalation vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export. | 7.5 |
| 2007-06-04 | CVE-2007-3003 | Mywebland | SQL Injection vulnerability in MyBloggie Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225. | 7.5 |
| 2007-06-04 | CVE-2007-3000 | PHP Jackknife | Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21 Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php. | 7.5 |
| 2007-06-04 | CVE-2007-2994 | Dian Gemilang | SQL Injection vulnerability in Dian Gemilang Dgnews 2.1 SQL injection vulnerability in news.php in DGNews 2.1 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a fullnews action, a different vector than CVE-2007-0693. | 7.5 |
| 2007-06-04 | CVE-2007-2992 | Omegasoft | Input Validation vulnerability in Omegasoft Insel Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to execute arbitrary SQL commands via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | 7.5 |
| 2007-06-06 | CVE-2007-3079 | Eqdkp | Information Disclosure vulnerability in EQdkp listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to obtain sensitive information via an invalid compare parameter, which reveals the path. | 7.1 |
| 2007-06-06 | CVE-2007-3072 | Mozilla | Path Traversal vulnerability in Mozilla Firefox Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. | 7.1 |
62 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-08 | CVE-2007-3139 | Open Solution | Remote Security vulnerability in Quick.Cart config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. | 6.8 |
| 2007-06-08 | CVE-2007-3133 | W1L3D4 | SQL Injection vulnerability in W1L3D4 Webmarket 0.1 SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2007-06-08 | CVE-2007-3130 | Joomla | Code Injection vulnerability in Joomla Jd-Wiki 1.0.2 Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. | 6.8 |
| 2007-06-07 | CVE-2007-3113 | THE Cacti Group | Denial-Of-Service vulnerability in Cacti Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112. | 6.8 |
| 2007-06-06 | CVE-2007-3096 | Pblang | Local File Include vulnerability in PBLang Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2007-06-06 | CVE-2007-3068 | DVD X Studios | Buffer Overflow vulnerability in DVD X Studios DVD X Player 4.1 Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. | 6.8 |
| 2007-06-06 | CVE-2007-3058 | Madirish Webmail | Unspecified vulnerability in Madirish Webmail Madirish Webmail 2.0 Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different vectors than CVE-2007-2826. | 6.8 |
| 2007-06-06 | CVE-2007-3057 | Xoops | Module Spaw_Control.Class.PHP Remote File Include vulnerability in Xoops Icontent Module 4.5 PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 6.8 |
| 2007-06-04 | CVE-2007-3006 | Acoustica | Buffer Overflow vulnerability in Acoustica MP3 CD Burner 4.32 Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. | 6.8 |
| 2007-06-04 | CVE-2007-2996 | IBM | Local Arbitrary Code Execution vulnerability in IBM AIX Perl Interpreter Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl." | 6.6 |
| 2007-06-08 | CVE-2007-3140 | Wordpress | SQL Injection vulnerability in Wordpress 2.2 SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897. | 6.5 |
| 2007-06-07 | CVE-2007-3109 | Microsoft | Remote Security vulnerability in Microsoft Frontpage and Office The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATH_INFO. | 6.4 |
| 2007-06-04 | CVE-2007-2452 | GNU | Local Buffer Overflow vulnerability in GNU Locate Old Format Locate Database Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036. | 6.0 |
| 2007-06-06 | CVE-2007-2237 | Microsoft | Divide By Zero vulnerability in Microsoft Windows XP Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error. | 5.5 |
| 2007-06-08 | CVE-2007-3132 | Symantec | Denial of Service vulnerability in Symantec Ghost Solutions Suite and Norton Ghost Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to the daemon port, 1346/udp or 1347/udp. | 5.0 |
| 2007-06-08 | CVE-2007-3126 | Gimp | Unspecified vulnerability in Gimp Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237. | 5.0 |
| 2007-06-07 | CVE-2007-3025 | SUN Clam Anti Virus | Denial-Of-Service vulnerability in ClamAV Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. | 5.0 |
| 2007-06-07 | CVE-2007-3123 | Clam Anti Virus | Remote Denial Of Service vulnerability in Clam AntiVirus ClamAV RAR Handling unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. | 5.0 |
| 2007-06-07 | CVE-2007-3122 | Clam Anti Virus | Security Bypass vulnerability in ClamAV The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | 5.0 |
| 2007-06-07 | CVE-2007-3116 | Maradns | Resource Management Errors vulnerability in Maradns 1.2.12.06/1.3.05 Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and CVE-2007-3115. | 5.0 |
| 2007-06-07 | CVE-2007-3114 | Maradns | Resource Management Errors vulnerability in Maradns Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3115 and CVE-2007-3116. | 5.0 |
| 2007-06-06 | CVE-2007-3098 | Castle Rock Computing | Remote Denial of Service vulnerability in SNMPC Username/Password The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. | 5.0 |
| 2007-06-06 | CVE-2007-3059 | Sendcard | Information Disclosure vulnerability in Sendcard 3.3.0 SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. | 5.0 |
| 2007-06-05 | CVE-2007-3046 | Advanced Software Production Line | Denial-Of-Service vulnerability in Vortex Library Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. | 5.0 |
| 2007-06-05 | CVE-2007-3045 | Hitachi HP | Denial-Of-Service vulnerability in Tp1 Net Osi-Tp-Extended Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. | 5.0 |
| 2007-06-05 | CVE-2007-3044 | Hitachi HP | Remote Denial of Service vulnerability in Hitachi XP/W Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to the service port. | 5.0 |
| 2007-06-04 | CVE-2007-3007 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. | 5.0 |
| 2007-06-04 | CVE-2007-3002 | PHP Jackknife | Input Validation vulnerability in PHP Jackknife PHP Jackknife 2.21 PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid value of the iParentUnq[] parameter, or a request to G_Display.php with an invalid (2) iCategoryUnq[] or (3) sSort[] array parameter, which reveals the path in various error messages. | 5.0 |
| 2007-06-04 | CVE-2007-1593 | Symantec | Resource Management Errors vulnerability in Symantec Veritas Volume Replicator The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer. | 5.0 |
| 2007-06-06 | CVE-2007-3086 | Agnitum | Local Denial of Service vulnerability in Agnitum Outpost Firewall Outpost_IPC_HDR Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. | 4.9 |
| 2007-06-04 | CVE-2007-2998 | HP | Local Denial of Service vulnerability in HP Openvms 8.3 The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service (system crash) via certain Pascal code. | 4.9 |
| 2007-06-07 | CVE-2007-3124 | Freevms | Buffer Overflow vulnerability in Freevms 0.3.5 Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt. | 4.6 |
| 2007-06-06 | CVE-2007-3069 | SUN | Local Arbitrary Command Execution vulnerability in SUN Solaris 10.0 xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence. | 4.6 |
| 2007-06-08 | CVE-2007-3137 | Webmaster Solutions | Cross-Site Scripting vulnerability in Webmaster Solutions Wmscms 2.0 Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. | 4.3 |
| 2007-06-08 | CVE-2007-3135 | Atom | Input Validation vulnerability in Atom PhotoBlog AtomPhotoBlog.PHP Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. | 4.3 |
| 2007-06-08 | CVE-2007-3134 | Atom | Cross-Site Scripting vulnerability in Photoblog Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your Comment fields, when using "Approve Comments." | 4.3 |
| 2007-06-08 | CVE-2007-3131 | Public Warehouse | Cross-Site Scripting vulnerability in Public Warehouse Light Blog 4.1 Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2007-06-07 | CVE-2007-3120 | Aiocp | Cross-Site Scripting vulnerability in All In One Control Panel CP_Dpage.PHP Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php in All In One Control Panel (AIOCP) before 1.3.017 allows remote attackers to inject arbitrary web script or HTML via the aiocp_dp parameter. | 4.3 |
| 2007-06-07 | CVE-2007-3117 | Adplan | Cross Site Scripting vulnerability in Adplan SEO 3.0 Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to HTTP headers. | 4.3 |
| 2007-06-07 | CVE-2007-3110 | Beatnik | Remote Script Code Execution vulnerability in Beatnik Player 1.0 Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via an RSS feed. | 4.3 |
| 2007-06-06 | CVE-2007-3089 | Mozilla | Information Disclosure vulnerability in Mozilla Firefox About:Blank IFrame Cross Domain Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | 4.3 |
| 2007-06-06 | CVE-2007-3078 | Aigaion | HTML-injection vulnerability in Aigaion Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. | 4.3 |
| 2007-06-06 | CVE-2007-3074 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. | 4.3 |
| 2007-06-06 | CVE-2007-3070 | Bdigital WEB Solutions | Cross-Site Scripting vulnerability in WebStudio CMS Cross-site scripting (XSS) vulnerability in index.php in BDigital Web Solutions WebStudio allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3067 | Eqdkp | Cross-Site Scripting vulnerability in Attunement And Key Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow, (2) sortkey, and (3) show parameters to index.php. | 4.3 |
| 2007-06-06 | CVE-2007-3064 | Mealex | Cross-Site Scripting vulnerability in Mealex MY Datebook Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3062 | HP | Cross Site Scripting vulnerability in HP System Management Homepage (SMH) Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-06 | CVE-2007-3060 | OSI Codes INC | Scripts Multiple Cross-Site Scripting vulnerability in OSI Codes Inc. PHPlive 3.2.2 Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to (b) help.php, the (4) admin[name] parameter to (c) admin/header.php, and the (5) BASE_URL parameter to (d) super/info.php, and in some cases, the LANG[DEFAULT_BRANDING], PHPLIVE_VERSION, and (6) nav_line parameters to setup/footer.php, different vectors than CVE-2006-6769. | 4.3 |
| 2007-06-06 | CVE-2007-3056 | Websvn | Cross-Site Scripting vulnerability in Websvn 1.61/2.0 Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3055 | Codelib | Cross-Site Scripting vulnerability in Codelib Linker Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3054 | Codelib | Cross-Site Scripting vulnerability in Codelib Linker Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3049 | Buttercup WFM | Cross-Site Scripting vulnerability in Buttercup WFM Buttercup WFM May2007 Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 4.3 |
| 2007-06-05 | CVE-2007-3043 | Hitachi | Cross-Site Scripting vulnerability in Hitachi products Cross-site scripting (XSS) vulnerability in Collaboration - File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client - Forum/File Sharing up to 07-30-/C, uCosminexus Collaboration Portal up to 06-30-/D, and uCosminexus Collaboration Portal - Forum/File Sharing up to 06-30-/C on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-05 | CVE-2007-3042 | Meneame | Cross-Site Scripting vulnerability in Meneame 1 Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-05 | CVE-2007-3022 | Symantec | Information Disclosure vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks. | 4.3 |
| 2007-06-04 | CVE-2007-3009 | Mbedthis Software | Unspecified vulnerability in Mbedthis Software Mbedthis Appweb Http Server 2.0.54 Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in the HTTP scheme, as demonstrated by a "GET %n://localhost:80/" request. | 4.3 |
| 2007-06-04 | CVE-2007-3008 | Mbedthis Software | Information Exposure vulnerability in Mbedthis Software Mbedthis Appweb Http Server Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398. | 4.3 |
| 2007-06-04 | CVE-2007-3001 | PHP Jackknife | Cross-Site Scripting vulnerability in PHP Jackknife PHP Jackknife 2.21 Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239. | 4.3 |
| 2007-06-04 | CVE-2007-2995 | IBM | Remote Security vulnerability in IBM AIX 5.2.0/5.3 Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | 4.3 |
| 2007-06-04 | CVE-2007-2993 | Omegasoft | Cross-Site Scripting vulnerability in Interneserviceslosungen Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allow remote attackers to inject arbitrary web script or HTML via (1) user-created text fields; the (2) F05003, (3) F05005, and (4) F05015 fields; and other unspecified standard fields. | 4.3 |
| 2007-06-04 | CVE-2007-2991 | Evenzia | Cross-Site Scripting vulnerability in Evenzia Content Management Systems (CMS) Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2007-06-04 | CVE-2007-2513 | Novell | Man In The Middle vulnerability in Novell Groupwise 6.5/7.0 Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack. | 4.3 |
2 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-07 | CVE-2007-3024 | Clam Anti Virus | Multiple Unspecified vulnerability in ClamAV libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | 2.1 |
| 2007-06-04 | CVE-2007-2999 | Microsoft | Unspecified vulnerability in Microsoft Windows 2003 Server Gold/Sp1/Sp2 Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names. | 1.8 |