Weekly Vulnerabilities Reports > June 11 to 17, 2007
Overview
125 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 87 vendors including Microsoft, Apple, Xoops, Jffnms, and Wordpress. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Authentication", and "Use of Uninitialized Resource".
- 115 reported vulnerabilities are remotely exploitables.
- 25 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 122 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-15 | CVE-2007-3232 | IBM | Remote Telnet Backdoor vulnerability in IBM Totalstorage Ds400 4.15 The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | 10.0 |
2007-06-14 | CVE-2007-3216 | Broadcom | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Arcserve Backup Laptops Desktops 11.1 Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands. | 10.0 |
2007-06-12 | CVE-2007-3193 | Phpwiki | Unspecified vulnerability in PHPwiki lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. | 10.0 |
2007-06-12 | CVE-2007-3181 | Bakbone Firebirdsql | Remote Buffer Overflow vulnerability in Firebird SQL Fbserver Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." Failed exploit attempts will likely cause a denial of service on the server. | 10.0 |
2007-06-11 | CVE-2007-3155 | Egroupware | Multiple Unspecified vulnerability in EGroupWare WZ_ToolTips ADODB Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb. | 10.0 |
2007-06-11 | CVE-2007-3154 | Egroupware | Multiple Unspecified vulnerability in EGroupWare WZ_ToolTips ADODB Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors. | 10.0 |
2007-06-12 | CVE-2007-3192 | Jffnms | Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3 admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request. | 9.4 |
2007-06-12 | CVE-2007-3191 | Jffnms | Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3 Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function. | 9.4 |
2007-06-12 | CVE-2007-3180 | HP | Buffer Errors vulnerability in HP Help and Support Center 4.4B Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors. | 9.4 |
2007-06-14 | CVE-2007-2921 | Corel | Buffer Overflow vulnerability in Corel ActiveCGM Browser ActiveX Control Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-06-14 | CVE-2007-3210 | Cellosoft | Stack Buffer Overflow vulnerability in Cellosoft Tokens Object 2.0.0.6 Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. | 9.3 |
2007-06-12 | CVE-2007-3186 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | 9.3 |
2007-06-12 | CVE-2007-0245 | Openoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. | 9.3 |
2007-06-12 | CVE-2007-2219 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function. | 9.3 |
2007-06-12 | CVE-2007-3027 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | 9.3 |
2007-06-12 | CVE-2007-2222 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | 9.3 |
2007-06-12 | CVE-2007-2218 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | 9.3 |
2007-06-12 | CVE-2007-1751 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
2007-06-12 | CVE-2007-1750 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | 9.3 |
2007-06-12 | CVE-2007-0936 | Microsoft | Remote Code Execution vulnerability in Microsoft Visio Packed Objects Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability." | 9.3 |
2007-06-12 | CVE-2007-0934 | Microsoft | Remote Code Execution vulnerability in Microsoft Visio 2002 Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption. | 9.3 |
2007-06-12 | CVE-2007-0218 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | 9.3 |
2007-06-11 | CVE-2007-3169 | Edraw | Buffer Errors vulnerability in Edraw Office Viewer Component 4.0.5.20 Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method. | 9.3 |
2007-06-11 | CVE-2007-2920 | Zoomify | Buffer Overflow vulnerability in Zoomify Viewer ActiveX Control Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2007-06-11 | CVE-2007-3150 | Remote Security vulnerability in Desktop Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. | 9.3 | |
2007-06-11 | CVE-2007-3148 | Yahoo | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method. | 9.3 |
2007-06-11 | CVE-2007-3147 | Yahoo | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. | 9.3 |
30 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-14 | CVE-2007-3223 | SUN | Denial of Service vulnerability in Sun Solaris NFS Server XDR Handling Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. | 7.8 |
2007-06-14 | CVE-2007-3219 | Invision Power Services | Unspecified vulnerability in Invision Power Services Invision Power Board 2.2/2.2.1/2.2.2 Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity. | 7.8 |
2007-06-14 | CVE-2007-3209 | Nongnu | Information Disclosure vulnerability in Nongnu Mail Notification 4.0 Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.8 |
2007-06-12 | CVE-2007-3185 | Apple | Resource Management Errors vulnerability in Apple Safari 3.0.1 Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | 7.8 |
2007-06-12 | CVE-2007-2796 | Arris | Denial Of Service vulnerability in Arris Cadant C3 CTMS IP Packet Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. | 7.8 |
2007-06-11 | CVE-2007-3168 | Edraw | Unspecified vulnerability in Edraw Office Viewer Component 4.0.5.20 A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. | 7.8 |
2007-06-11 | CVE-2007-3167 | Vivotek | Buffer Overflow vulnerability in Vivotek Mjpegcontrol 2.0.0.13 Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. | 7.6 |
2007-06-15 | CVE-2007-3244 | Bbpress | SQL Injection vulnerability in Bbpress 0.8 SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug." | 7.5 |
2007-06-15 | CVE-2007-3242 | WEB APP NET WEB APP ORG | Permissions, Privileges, and Access Controls vulnerability in multiple products The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu. | 7.5 |
2007-06-15 | CVE-2007-3236 | Xoops | Remote File Include vulnerability in Xoops Horoscope Module 1.0 PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. | 7.5 |
2007-06-15 | CVE-2007-3234 | Fuzzylime Forum | SQL Injection vulnerability in Fuzzylime Forum Fuzzylime Forum 1.0 SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | 7.5 |
2007-06-14 | CVE-2007-3231 | Mecab | Remote Security vulnerability in Mecab Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. | 7.5 |
2007-06-14 | CVE-2007-3222 | Xoops | Remote File Include vulnerability in Xoops Xfsection Module 1.07 PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. | 7.5 |
2007-06-14 | CVE-2007-3217 | Prototype OF AN PHP Application | Remote File Include vulnerability in Prototype of AN PHP Application Prototype of AN PHP Application 0.1 Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php. | 7.5 |
2007-06-12 | CVE-2007-3204 | Jffnms | SQL-Injection vulnerability in Jffnms Just for FUN Network Management System 0.8.4 SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. | 7.5 |
2007-06-12 | CVE-2007-3203 | Software602 | Remote Email Message Buffer Overflow vulnerability in Software602 602Pro LAN Suite 2003 Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. | 7.5 |
2007-06-12 | CVE-2007-3199 | American Financing | Unspecified vulnerability in American Financing Link Request Contact Form 3.4 Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg. | 7.5 |
2007-06-12 | CVE-2007-3197 | Jelsoft | SQL-Injection vulnerability in Vbsupport Integrated Ticket System SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-06-12 | CVE-2007-3196 | Jelsoft | SQL-Injection vulnerability in Jelsoft Vbsupport Integrated Ticket System 2.0.0Beta1 SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action. | 7.5 |
2007-06-12 | CVE-2007-3188 | Geometrix Download Portal | SQL Injection vulnerability in Geometrix Download Portal Geometrix Download Portal 1.0 SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-06-12 | CVE-2007-3187 | Apple | Denial-Of-Service vulnerability in Apple Safari 3.0 Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. | 7.5 |
2007-06-11 | CVE-2007-3179 | Particle Blogger | SQL-Injection vulnerability in Particle Blogger Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors. | 7.5 |
2007-06-11 | CVE-2007-3178 | Zindizayn Okul WEB Sistemi | SQL Injection vulnerability in Zindizayn Okul web Sistemi Zindizayn Okul web Sistemi 1.0 Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp. | 7.5 |
2007-06-11 | CVE-2007-3175 | W2B | SQL-Injection vulnerability in Online Banking Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b. | 7.5 |
2007-06-11 | CVE-2007-3160 | PHP Real Estate Classifieds | Remote File Include vulnerability in PHP Real Estate Classifieds Header.PHP PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. | 7.5 |
2007-06-11 | CVE-2007-3152 | Daniel Stenberg | Remote Cache Poisoning vulnerability in C-Ares DNS Library c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value. | 7.5 |
2007-06-12 | CVE-2007-3184 | Cisco Apple | Improper Authentication vulnerability in Apple mac OS X Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | 7.2 |
2007-06-12 | CVE-2007-2229 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Vista Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability." | 7.2 |
2007-06-11 | CVE-2007-3149 | MIT Todd Miller | sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. | 7.2 |
2007-06-12 | CVE-2007-3201 | Winpt | Unspecified vulnerability in Winpt 1.2.0 Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID. | 7.1 |
62 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-15 | CVE-2007-3237 | Xoops | Remote Security vulnerability in Xoops Tinycontent Module 1.5 PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 6.8 |
2007-06-14 | CVE-2007-3230 | Simian Systems INC | Remote File Include vulnerability in Simian Systems INC Sitellite 0.6.4 PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. | 6.8 |
2007-06-14 | CVE-2007-3229 | Singapore | Information Disclosure vulnerability in Image Gallery Web Application index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message. | 6.8 |
2007-06-14 | CVE-2007-3228 | Simian Systems INC | Remote File Include vulnerability in Simian Systems INC Sitellite CMS 4.2.12 PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. | 6.8 |
2007-06-14 | CVE-2007-3221 | Xoops | Remote File Include vulnerability in Xoops XT-Conteudo Module Spaw_Control.Class.PHP PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 6.8 |
2007-06-14 | CVE-2007-3220 | Xoops | Unspecified vulnerability in Xoops Cjay Content Module 3 PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 6.8 |
2007-06-14 | CVE-2007-3215 | Phpmailer | Remote Shell Command Execution vulnerability in PHPMailer PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. | 6.8 |
2007-06-14 | CVE-2007-3214 | E Vision | Input Validation vulnerability in E-Vision CMS SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. | 6.8 |
2007-06-14 | CVE-2006-4168 | Libexif | Integer Overflow vulnerability in EXIF Library EXIF File Processing Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow. | 6.8 |
2007-06-12 | CVE-2007-3190 | Jffnms | Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3 Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters. | 6.8 |
2007-06-11 | CVE-2007-3166 | Qualcomm | Remote Buffer Overflow vulnerability in Qualcomm Eudora 7.1.0.9 Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. | 6.8 |
2007-06-11 | CVE-2007-3161 | Visicom Media | Buffer Overflow vulnerability in Visicom Media Ace-Ftp 1.24A Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. | 6.8 |
2007-06-11 | CVE-2007-3141 | Phpwebthings | Remote Security vulnerability in PHPwebthings 1.5.2 PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter. | 6.8 |
2007-06-14 | CVE-2007-3225 | SUN | Remote Unauthorized Access vulnerability in Sun Java System Directory Server 5.2/6.0 Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. | 6.4 |
2007-06-11 | CVE-2007-3144 | Mozilla | Authentication Server Domain Spoofing vulnerability in Mozilla 1.7.12 Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 6.4 |
2007-06-11 | CVE-2007-3143 | KDE | Authentication Server Domain Spoofing vulnerability in KDE Konqueror 3.5.5 Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 6.4 |
2007-06-11 | CVE-2007-2876 | Linux | Denial Of Service vulnerability in Linux Kernel SCTP Connection The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference. | 6.1 |
2007-06-15 | CVE-2007-3238 | Wordpress | Input Validation vulnerability in Wordpress 2.2 Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. | 6.0 |
2007-06-11 | CVE-2007-3164 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar. | 5.8 |
2007-06-11 | CVE-2007-3145 | Galeon | Authentication Server Domain Spoofing vulnerability in Galeon Browser 2.0.1 Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 5.8 |
2007-06-11 | CVE-2007-3142 | Opera | Authentication Server Domain Spoofing vulnerability in Opera Browser 9.21 Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 5.8 |
2007-06-15 | CVE-2007-3246 | IRC Services | Denial-Of-Service vulnerability in IRC Services The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password. | 5.0 |
2007-06-15 | CVE-2007-3245 | IRC Services | Remote Security vulnerability in IRC Services IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered. | 5.0 |
2007-06-15 | CVE-2007-3233 | TEC IT | Unspecified vulnerability in Tec-It Tbarcode OCX 7.0.2.3524 The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method. | 5.0 |
2007-06-14 | CVE-2007-3224 | SUN | Information Disclosure vulnerability in SUN Java System Directory Server and ONE Directory Server Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. | 5.0 |
2007-06-13 | CVE-2007-3205 | Hardened PHP Project PHP | Remote Security vulnerability in Hardened-Php The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. | 5.0 |
2007-06-11 | CVE-2007-3177 | Ingate | Improper Authentication vulnerability in Ingate Firewall and Ingate Siparator Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter. | 5.0 |
2007-06-11 | CVE-2007-3173 | Almnzm | Information Disclosure vulnerability in almnzm Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters. | 5.0 |
2007-06-11 | CVE-2007-3172 | Uebimiau | Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9 Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. | 5.0 |
2007-06-11 | CVE-2007-3171 | Uebimiau | Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9 Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages. | 5.0 |
2007-06-11 | CVE-2007-3165 | TOR | Unspecified vulnerability in TOR Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. | 5.0 |
2007-06-11 | CVE-2007-3162 | Westbyte | Buffer Overflow vulnerability in Westbyte Internet Download Accelerator 5.2 Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument. | 5.0 |
2007-06-11 | CVE-2007-3159 | Miniweb Http Server | Remote Denial of Service vulnerability in Miniweb Http Server Miniweb Http Server 0.8.1/0.8.19 http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. | 5.0 |
2007-06-11 | CVE-2007-3158 | Tenyearsgone | Unspecified vulnerability in Tenyearsgone ASP Folder Gallery download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter. | 5.0 |
2007-06-11 | CVE-2007-3157 | Safenet | Remote and SoftRemote IPSecDrv.SYS Remote Denial Of Service vulnerability in Safenet products IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec. | 5.0 |
2007-06-11 | CVE-2007-3153 | Daniel Stenberg | Remote Cache Poisoning vulnerability in C-Ares DNS Library The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values. | 5.0 |
2007-06-11 | CVE-2007-3151 | Packeteer | Remote Denial of Service vulnerability in Packeteer Packetshaper 7.3.0G2/7.5.0G1 rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters. | 5.0 |
2007-06-11 | CVE-2007-3146 | ZEN Help Desk Software | Information Disclosure vulnerability in ZEN Help Desk Software ZEN Help Desk 2.1 Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb. | 5.0 |
2007-06-12 | CVE-2007-3200 | Novell | Local Information Disclosure vulnerability in Novell Modular Authentication Service 3.1.2 NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file. | 4.9 |
2007-06-15 | CVE-2007-3243 | Bbpress | Cross-Site Scripting vulnerability in Bbpress 0.8.1 Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. | 4.3 |
2007-06-15 | CVE-2007-3241 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.2 Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI. | 4.3 |
2007-06-15 | CVE-2007-3240 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.2 Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php. | 4.3 |
2007-06-15 | CVE-2007-3239 | Wordpress | Cross-Site Scripting vulnerability in Wordpress 2.2 Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. | 4.3 |
2007-06-15 | CVE-2007-3235 | Fuzzylime Forum | Cross-Site Scripting vulnerability in Fuzzylime Forum Fuzzylime Forum 1.0 Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. | 4.3 |
2007-06-14 | CVE-2007-3227 | Rubyonrails | Cross-Site Scripting vulnerability in Rubyonrails Rails 1.1.5 Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | 4.3 |
2007-06-14 | CVE-2007-3226 | Dotproject | Parameters Cross-Site Scripting vulnerability in Dotproject 2.1 Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. | 4.3 |
2007-06-14 | CVE-2007-3218 | PHP Live | Cross-Site Scripting vulnerability in PHP Live! Request.PHP Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. | 4.3 |
2007-06-14 | CVE-2007-3213 | Sporum Forum | Remote Cross Site Scripting vulnerability in Sporum Forum Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. | 4.3 |
2007-06-14 | CVE-2007-3212 | Beehive Forum | Cross-Site Scripting vulnerability in Beehive Forum Beehive Forum 0.7.1 Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460. | 4.3 |
2007-06-14 | CVE-2007-3211 | Domain Technologie Control | Cross-Site Scripting vulnerability in Domain Technologie Control 404.PHP Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). | 4.3 |
2007-06-14 | CVE-2007-2391 | Apple | Cross-Site Scripting vulnerability in Apple Safari 3.0.1 Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | 4.3 |
2007-06-12 | CVE-2007-3202 | Bruce Corkhill | HTML Injection vulnerability in Bruce Corkhill web WIZ Rich Text Editor 3.1 Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document. | 4.3 |
2007-06-12 | CVE-2007-3198 | Maran | Cross-Site Scripting vulnerability in Maran Blog Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2007-06-12 | CVE-2007-3195 | Erfan Wiki | Cross-Site Scripting vulnerability in Erfan Wiki Erfan Wiki 1.00 Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 4.3 |
2007-06-12 | CVE-2007-3189 | Jffnms | Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3 Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | 4.3 |
2007-06-12 | CVE-2007-2227 | Microsoft | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." | 4.3 |
2007-06-12 | CVE-2007-2225 | Microsoft | Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability." | 4.3 |
2007-06-11 | CVE-2007-3174 | W2B | Cross-Site Scripting vulnerability in Online Banking Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. | 4.3 |
2007-06-11 | CVE-2007-3170 | Uebimiau | Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9 Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. | 4.3 |
2007-06-11 | CVE-2007-3156 | Webmin | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. | 4.3 |
2007-06-11 | CVE-2006-3974 | 3Com | Cross-Site Scripting vulnerability in 3Com 3Cr860-95 1.04 Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter. | 4.3 |
2007-06-11 | CVE-2007-3176 | Ingate | Remote Security vulnerability in Ingate Siparator Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report. | 4.0 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-14 | CVE-2007-2448 | Subversion | Remote Revision Property Information Disclosure vulnerability in Subversion Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit. | 2.1 |
2007-06-14 | CVE-2007-3100 | Redhat | Local Denial Of Service vulnerability in Redhat Open Iscsi 2.0864 usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore. | 2.1 |
2007-06-14 | CVE-2007-3099 | Redhat | Local Denial Of Service vulnerability in Redhat Enterprise Linux 5.0 usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss). | 2.1 |
2007-06-11 | CVE-2007-2875 | Linux Debian Canonical | Numeric Errors vulnerability in Linux Kernel Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file. | 2.1 |
2007-06-11 | CVE-2007-2873 | Spamassassin | Local Symlink Attack And Denial of Service vulnerability in SpamAssassin SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd. | 1.9 |
2007-06-11 | CVE-2007-2453 | Linux | Unspecified vulnerability in Linux Kernel The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source. | 1.2 |