Weekly Vulnerabilities Reports > June 11 to 17, 2007

Overview

125 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 30 high severity vulnerabilities. This weekly summary report vulnerabilities in 109 products from 87 vendors including Microsoft, Apple, Xoops, Jffnms, and Wordpress. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Authentication", and "Use of Uninitialized Resource".

  • 115 reported vulnerabilities are remotely exploitables.
  • 25 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 122 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 9 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-15 CVE-2007-3232 IBM Remote Telnet Backdoor vulnerability in IBM Totalstorage Ds400 4.15

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000.

10.0
2007-06-14 CVE-2007-3216 Broadcom Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Arcserve Backup Laptops Desktops 11.1

Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.

10.0
2007-06-12 CVE-2007-3193 Phpwiki Unspecified vulnerability in PHPwiki

lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.

10.0
2007-06-12 CVE-2007-3181 Bakbone
Firebirdsql
Remote Buffer Overflow vulnerability in Firebird SQL Fbserver

Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll." Failed exploit attempts will likely cause a denial of service on the server.

10.0
2007-06-11 CVE-2007-3155 Egroupware Multiple Unspecified vulnerability in EGroupWare WZ_ToolTips ADODB

Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown impact and attack vectors related to ADOdb.

10.0
2007-06-11 CVE-2007-3154 Egroupware Multiple Unspecified vulnerability in EGroupWare WZ_ToolTips ADODB

Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.

10.0
2007-06-12 CVE-2007-3192 Jffnms Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3

admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.

9.4
2007-06-12 CVE-2007-3191 Jffnms Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3

Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.

9.4
2007-06-12 CVE-2007-3180 HP Buffer Errors vulnerability in HP Help and Support Center 4.4B

Buffer overflow in Help and Support Center before 4.4 C on HP Windows systems allows remote attackers to read or write arbitrary files via unknown vectors.

9.4
2007-06-14 CVE-2007-2921 Corel Buffer Overflow vulnerability in Corel ActiveCGM Browser ActiveX Control

Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-06-14 CVE-2007-3210 Cellosoft Stack Buffer Overflow vulnerability in Cellosoft Tokens Object 2.0.0.6

Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method.

9.3
2007-06-12 CVE-2007-3186 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Safari

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

9.3
2007-06-12 CVE-2007-0245 Openoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Openoffice

Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

9.3
2007-06-12 CVE-2007-2219 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.

9.3
2007-06-12 CVE-2007-3027 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0

Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

9.3
2007-06-12 CVE-2007-2222 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 5.01/6/7.0

Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.

9.3
2007-06-12 CVE-2007-2218 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.

9.3
2007-06-12 CVE-2007-1751 Microsoft Use of Uninitialized Resource vulnerability in Microsoft Internet Explorer 5.01/6/7.0

Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability."

9.3
2007-06-12 CVE-2007-1750 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/6/7.0

Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption.

9.3
2007-06-12 CVE-2007-0936 Microsoft Remote Code Execution vulnerability in Microsoft Visio Packed Objects

Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."

9.3
2007-06-12 CVE-2007-0934 Microsoft Remote Code Execution vulnerability in Microsoft Visio 2002

Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.

9.3
2007-06-12 CVE-2007-0218 Microsoft Code Injection vulnerability in Microsoft Internet Explorer 5.01/6/7.0

Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.

9.3
2007-06-11 CVE-2007-3169 Edraw Buffer Errors vulnerability in Edraw Office Viewer Component 4.0.5.20

Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long first argument to the HttpDownloadFile method.

9.3
2007-06-11 CVE-2007-2920 Zoomify Buffer Overflow vulnerability in Zoomify Viewer ActiveX Control

Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.

9.3
2007-06-11 CVE-2007-3150 Google Remote Security vulnerability in Desktop

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.

9.3
2007-06-11 CVE-2007-3148 Yahoo Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger

Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.

9.3
2007-06-11 CVE-2007-3147 Yahoo Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger

Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method.

9.3

30 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-14 CVE-2007-3223 SUN Denial of Service vulnerability in Sun Solaris NFS Server XDR Handling

Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions.

7.8
2007-06-14 CVE-2007-3219 Invision Power Services Unspecified vulnerability in Invision Power Services Invision Power Board 2.2/2.2.1/2.2.2

Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user's profile data, such as an AIM screen name or Yahoo! identity.

7.8
2007-06-14 CVE-2007-3209 Nongnu Information Disclosure vulnerability in Nongnu Mail Notification 4.0

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.

7.8
2007-06-12 CVE-2007-3185 Apple Resource Management Errors vulnerability in Apple Safari 3.0.1

Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.

7.8
2007-06-12 CVE-2007-2796 Arris Denial Of Service vulnerability in Arris Cadant C3 CTMS IP Packet

Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.

7.8
2007-06-11 CVE-2007-3168 Edraw Unspecified vulnerability in Edraw Office Viewer Component 4.0.5.20

A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.

7.8
2007-06-11 CVE-2007-3167 Vivotek Buffer Overflow vulnerability in Vivotek Mjpegcontrol 2.0.0.13

Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.

7.6
2007-06-15 CVE-2007-3244 Bbpress SQL Injection vulnerability in Bbpress 0.8

SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.php, as demonstrated by a PRE element, aka the "quircky slashes bug."

7.5
2007-06-15 CVE-2007-3242 WEB APP NET
WEB APP ORG
Permissions, Privileges, and Access Controls vulnerability in multiple products

The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) 0.9.9.3.3 through 0.9.9.8, and (2) web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu.

7.5
2007-06-15 CVE-2007-3236 Xoops Remote File Include vulnerability in Xoops Horoscope Module 1.0

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.

7.5
2007-06-15 CVE-2007-3234 Fuzzylime Forum SQL Injection vulnerability in Fuzzylime Forum Fuzzylime Forum 1.0

SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2007-06-14 CVE-2007-3231 Mecab Remote Security vulnerability in Mecab

Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors.

7.5
2007-06-14 CVE-2007-3222 Xoops Remote File Include vulnerability in Xoops Xfsection Module 1.07

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter.

7.5
2007-06-14 CVE-2007-3217 Prototype OF AN PHP Application Remote File Include vulnerability in Prototype of AN PHP Application Prototype of AN PHP Application 0.1

Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2) identification.php, (3) disconnect.php, (4) loginliste.php, (5) loginmodif.php, (6) index.php, and (7) ident.inc.php in ident/; (8) menuadministration.php and (9) menuprincipal.php in menu/; (10) param.inc.php in param/; (11) index.php in plugins/phpgacl/; and (12) index.php and (13) common.inc.php.

7.5
2007-06-12 CVE-2007-3204 Jffnms SQL-Injection vulnerability in Jffnms Just for FUN Network Management System 0.8.4

SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter.

7.5
2007-06-12 CVE-2007-3203 Software602 Remote Email Message Buffer Overflow vulnerability in Software602 602Pro LAN Suite 2003

Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address.

7.5
2007-06-12 CVE-2007-3199 American Financing Unspecified vulnerability in American Financing Link Request Contact Form 3.4

Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.

7.5
2007-06-12 CVE-2007-3197 Jelsoft SQL-Injection vulnerability in Vbsupport Integrated Ticket System

SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-06-12 CVE-2007-3196 Jelsoft SQL-Injection vulnerability in Jelsoft Vbsupport Integrated Ticket System 2.0.0Beta1

SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.

7.5
2007-06-12 CVE-2007-3188 Geometrix Download Portal SQL Injection vulnerability in Geometrix Download Portal Geometrix Download Portal 1.0

SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-06-12 CVE-2007-3187 Apple Denial-Of-Service vulnerability in Apple Safari 3.0

Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186.

7.5
2007-06-11 CVE-2007-3179 Particle Blogger SQL-Injection vulnerability in Particle Blogger

Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.

7.5
2007-06-11 CVE-2007-3178 Zindizayn Okul WEB Sistemi SQL Injection vulnerability in Zindizayn Okul web Sistemi Zindizayn Okul web Sistemi 1.0

Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogretmenkontrol.asp.

7.5
2007-06-11 CVE-2007-3175 W2B SQL-Injection vulnerability in Online Banking

Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocPay.w2b.

7.5
2007-06-11 CVE-2007-3160 PHP Real Estate Classifieds Remote File Include vulnerability in PHP Real Estate Classifieds Header.PHP

PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.

7.5
2007-06-11 CVE-2007-3152 Daniel Stenberg Remote Cache Poisoning vulnerability in C-Ares DNS Library

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.

7.5
2007-06-12 CVE-2007-3184 Cisco
Apple
Improper Authentication vulnerability in Apple mac OS X

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

7.2
2007-06-12 CVE-2007-2229 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Vista

Microsoft Windows Vista uses insecure default permissions for unspecified "local user information data stores" in the registry and the file system, which allows local users to obtain sensitive information such as administrative passwords, aka "Permissive User Information Store ACLs Information Disclosure Vulnerability."

7.2
2007-06-11 CVE-2007-3149 MIT
Todd Miller
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings.
7.2
2007-06-12 CVE-2007-3201 Winpt Unspecified vulnerability in Winpt 1.2.0

Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.

7.1

62 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-15 CVE-2007-3237 Xoops Remote Security vulnerability in Xoops Tinycontent Module 1.5

PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the TinyContent 1.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

6.8
2007-06-14 CVE-2007-3230 Simian Systems INC Remote File Include vulnerability in Simian Systems INC Sitellite 0.6.4

PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter.

6.8
2007-06-14 CVE-2007-3229 Singapore Information Disclosure vulnerability in Image Gallery Web Application

index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message.

6.8
2007-06-14 CVE-2007-3228 Simian Systems INC Remote File Include vulnerability in Simian Systems INC Sitellite CMS 4.2.12

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter.

6.8
2007-06-14 CVE-2007-3221 Xoops Remote File Include vulnerability in Xoops XT-Conteudo Module Spaw_Control.Class.PHP

PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

6.8
2007-06-14 CVE-2007-3220 Xoops Unspecified vulnerability in Xoops Cjay Content Module 3

PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

6.8
2007-06-14 CVE-2007-3215 Phpmailer Remote Shell Command Execution vulnerability in PHPMailer

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

6.8
2007-06-14 CVE-2007-3214 E Vision Input Validation vulnerability in E-Vision CMS

SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.

6.8
2007-06-14 CVE-2006-4168 Libexif Integer Overflow vulnerability in EXIF Library EXIF File Processing

Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.

6.8
2007-06-12 CVE-2007-3190 Jffnms Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3

Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.

6.8
2007-06-11 CVE-2007-3166 Qualcomm Remote Buffer Overflow vulnerability in Qualcomm Eudora 7.1.0.9

Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.

6.8
2007-06-11 CVE-2007-3161 Visicom Media Buffer Overflow vulnerability in Visicom Media Ace-Ftp 1.24A

Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response.

6.8
2007-06-11 CVE-2007-3141 Phpwebthings Remote Security vulnerability in PHPwebthings 1.5.2

PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_top parameter.

6.8
2007-06-14 CVE-2007-3225 SUN Remote Unauthorized Access vulnerability in Sun Java System Directory Server 5.2/6.0

Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors.

6.4
2007-06-11 CVE-2007-3144 Mozilla Authentication Server Domain Spoofing vulnerability in Mozilla 1.7.12

Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

6.4
2007-06-11 CVE-2007-3143 KDE Authentication Server Domain Spoofing vulnerability in KDE Konqueror 3.5.5

Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

6.4
2007-06-11 CVE-2007-2876 Linux Denial Of Service vulnerability in Linux Kernel SCTP Connection

The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of service by causing certain invalid states that trigger a NULL pointer dereference.

6.1
2007-06-15 CVE-2007-3238 Wordpress Input Validation vulnerability in Wordpress 2.2

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622.

6.0
2007-06-11 CVE-2007-3164 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

5.8
2007-06-11 CVE-2007-3145 Galeon Authentication Server Domain Spoofing vulnerability in Galeon Browser 2.0.1

Visual truncation vulnerability in Galeon 2.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

5.8
2007-06-11 CVE-2007-3142 Opera Authentication Server Domain Spoofing vulnerability in Opera Browser 9.21

Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.

5.8
2007-06-15 CVE-2007-3246 IRC Services Denial-Of-Service vulnerability in IRC Services

The do_set_password function in modules/chanserv/set.c in IRC Services before 5.0.60 preserves channel founder privileges across a channel password change (ChanServ SET PASSWORD), which allows remote authenticated users to obtain the new password through automated e-mail, or perform privileged actions without knowing the new password.

5.0
2007-06-15 CVE-2007-3245 IRC Services Remote Security vulnerability in IRC Services

IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote attackers to disconnect users with guest nicknames by linking a guest nickname to a nickname that is already registered.

5.0
2007-06-15 CVE-2007-3233 TEC IT Unspecified vulnerability in Tec-It Tbarcode OCX 7.0.2.3524

The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method.

5.0
2007-06-14 CVE-2007-3224 SUN Information Disclosure vulnerability in SUN Java System Directory Server and ONE Directory Server

Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors.

5.0
2007-06-13 CVE-2007-3205 Hardened PHP Project
PHP
Remote Security vulnerability in Hardened-Php

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed.

5.0
2007-06-11 CVE-2007-3177 Ingate Improper Authentication vulnerability in Ingate Firewall and Ingate Siparator

Ingate Firewall and SIParator before 4.5.2 allow remote attackers to bypass SIP authentication via a certain maddr parameter.

5.0
2007-06-11 CVE-2007-3173 Almnzm Information Disclosure vulnerability in almnzm

Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to '[' and ']' characters.

5.0
2007-06-11 CVE-2007-3172 Uebimiau Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9

Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and ..

5.0
2007-06-11 CVE-2007-3171 Uebimiau Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9

Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.

5.0
2007-06-11 CVE-2007-3165 TOR Unspecified vulnerability in TOR

Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.

5.0
2007-06-11 CVE-2007-3162 Westbyte Buffer Overflow vulnerability in Westbyte Internet Download Accelerator 5.2

Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.

5.0
2007-06-11 CVE-2007-3159 Miniweb Http Server Remote Denial of Service vulnerability in Miniweb Http Server Miniweb Http Server 0.8.1/0.8.19

http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.

5.0
2007-06-11 CVE-2007-3158 Tenyearsgone Unspecified vulnerability in Tenyearsgone ASP Folder Gallery

download_script.asp in ASP Folder Gallery allows remote attackers to read arbitrary files via a filename in the file parameter.

5.0
2007-06-11 CVE-2007-3157 Safenet Remote and SoftRemote IPSecDrv.SYS Remote Denial Of Service vulnerability in Safenet products

IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec.

5.0
2007-06-11 CVE-2007-3153 Daniel Stenberg Remote Cache Poisoning vulnerability in C-Ares DNS Library

The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.

5.0
2007-06-11 CVE-2007-3151 Packeteer Remote Denial of Service vulnerability in Packeteer Packetshaper 7.3.0G2/7.5.0G1

rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.

5.0
2007-06-11 CVE-2007-3146 ZEN Help Desk Software Information Disclosure vulnerability in ZEN Help Desk Software ZEN Help Desk 2.1

Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.

5.0
2007-06-12 CVE-2007-3200 Novell Local Information Disclosure vulnerability in Novell Modular Authentication Service 3.1.2

NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and earlier on NetWare logs its invoking command line to NMASINST.LOG, which might allow local users to obtain the admin username and password by reading this file.

4.9
2007-06-15 CVE-2007-3243 Bbpress Cross-Site Scripting vulnerability in Bbpress 0.8.1

Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter.

4.3
2007-06-15 CVE-2007-3241 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.2

Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.

4.3
2007-06-15 CVE-2007-3240 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.2

Cross-site scripting (XSS) vulnerability in 404.php in the Vistered-Little theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI) that accesses index.php.

4.3
2007-06-15 CVE-2007-3239 Wordpress Cross-Site Scripting vulnerability in Wordpress 2.2

Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php.

4.3
2007-06-15 CVE-2007-3235 Fuzzylime Forum Cross-Site Scripting vulnerability in Fuzzylime Forum Fuzzylime Forum 1.0

Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter.

4.3
2007-06-14 CVE-2007-3227 Rubyonrails Cross-Site Scripting vulnerability in Rubyonrails Rails 1.1.5

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

4.3
2007-06-14 CVE-2007-3226 Dotproject Parameters Cross-Site Scripting vulnerability in Dotproject 2.1

Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.

4.3
2007-06-14 CVE-2007-3218 PHP Live Cross-Site Scripting vulnerability in PHP Live! Request.PHP

Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter.

4.3
2007-06-14 CVE-2007-3213 Sporum Forum Remote Cross Site Scripting vulnerability in Sporum Forum

Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters.

4.3
2007-06-14 CVE-2007-3212 Beehive Forum Cross-Site Scripting vulnerability in Beehive Forum Beehive Forum 0.7.1

Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than CVE-2005-4460.

4.3
2007-06-14 CVE-2007-3211 Domain Technologie Control Cross-Site Scripting vulnerability in Domain Technologie Control 404.PHP

Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI).

4.3
2007-06-14 CVE-2007-2391 Apple Cross-Site Scripting vulnerability in Apple Safari 3.0.1

Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page.

4.3
2007-06-12 CVE-2007-3202 Bruce Corkhill HTML Injection vulnerability in Bruce Corkhill web WIZ Rich Text Editor 3.1

Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.

4.3
2007-06-12 CVE-2007-3198 Maran Cross-Site Scripting vulnerability in Maran Blog

Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP Blog (Maran Blog), possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2007-06-12 CVE-2007-3195 Erfan Wiki Cross-Site Scripting vulnerability in Erfan Wiki Erfan Wiki 1.00

Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

4.3
2007-06-12 CVE-2007-3189 Jffnms Remote vulnerability in Jffnms Just for FUN Network Management System 0.8.3

Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2007-06-12 CVE-2007-2227 Microsoft Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail

The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability."

4.3
2007-06-12 CVE-2007-2225 Microsoft Information Disclosure vulnerability in Microsoft Outlook Express and Windows Mail

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."

4.3
2007-06-11 CVE-2007-3174 W2B Cross-Site Scripting vulnerability in Online Banking

Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980.

4.3
2007-06-11 CVE-2007-3170 Uebimiau Input Validation vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9

Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php.

4.3
2007-06-11 CVE-2007-3156 Webmin Cross-Site Scripting vulnerability in Webmin Usermin and Webmin

Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter.

4.3
2007-06-11 CVE-2006-3974 3Com Cross-Site Scripting vulnerability in 3Com 3Cr860-95 1.04

Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.

4.3
2007-06-11 CVE-2007-3176 Ingate Remote Security vulnerability in Ingate Siparator

Unspecified vulnerability in Ingate Firewall and SIParator before 4.5.2 allows remote authenticated users without full privileges to download a Support Report.

4.0

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-14 CVE-2007-2448 Subversion Remote Revision Property Information Disclosure vulnerability in Subversion

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

2.1
2007-06-14 CVE-2007-3100 Redhat Local Denial Of Service vulnerability in Redhat Open Iscsi 2.0864

usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaphore.

2.1
2007-06-14 CVE-2007-3099 Redhat Local Denial Of Service vulnerability in Redhat Enterprise Linux 5.0

usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).

2.1
2007-06-11 CVE-2007-2875 Linux
Debian
Canonical
Numeric Errors vulnerability in Linux Kernel

Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.

2.1
2007-06-11 CVE-2007-2873 Spamassassin Local Symlink Attack And Denial of Service vulnerability in SpamAssassin

SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.

1.9
2007-06-11 CVE-2007-2453 Linux Unspecified vulnerability in Linux Kernel

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

1.2