Weekly Vulnerabilities Reports > June 18 to 24, 2007
Overview
109 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 77 vendors including Microsoft, IBM, Ingres, Scriptdevelopers NET, and Livecms. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".
- 105 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 103 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 7 reported vulnerabilities.
- Ingres has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-22 | CVE-2007-3363 | Ageet | Remote Security vulnerability in AGEphone Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | 10.0 |
| 2007-06-22 | CVE-2007-3357 | Scriptdevelopers NET | Remote Security vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | 10.0 |
| 2007-06-22 | CVE-2007-3338 | Ingres | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres Database Server Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. | 10.0 |
| 2007-06-22 | CVE-2007-3336 | Ingres | Remote vulnerability in Ingress Database Server Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. | 10.0 |
| 2007-06-22 | CVE-2006-7207 | Ageet | Remote Security vulnerability in AGEphone Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | 10.0 |
| 2007-06-21 | CVE-2007-3341 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5/6.0/7.0 Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | 10.0 |
| 2007-06-21 | CVE-2007-3334 | Microsoft CA Ingres | Remote vulnerability in Ingress Database Server Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2007-06-19 | CVE-2007-3279 | Postgresql | Remote Security vulnerability in Postgresql 8.1 PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. | 10.0 |
| 2007-06-19 | CVE-2007-3277 | Wikindx | Authentication Bypass vulnerability in WIKINDX Localization Module Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | 10.0 |
| 2007-06-19 | CVE-2007-3270 | Phpmyinventory | Remote File Include vulnerability in PHPmyinventory 2.8 PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter. | 10.0 |
| 2007-06-19 | CVE-2007-2924 | Realnetworks | Buffer Overflow vulnerability in RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2007-06-19 | CVE-2007-3264 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | 10.0 |
| 2007-06-19 | CVE-2007-3263 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | 10.0 |
| 2007-06-22 | CVE-2007-3360 | Bitchx | Remote Buffer Overflow vulnerability in Bitchx 1.1Final hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | 9.3 |
| 2007-06-21 | CVE-2007-3316 | Videolan | Format String vulnerability in VLC Media Player 0.8.6A/0.8.6B Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | 9.3 |
| 2007-06-21 | CVE-2007-3305 | Cerulean Studios | Buffer Overflow vulnerability in Cerulean Studios Trillian 3.1 Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | 9.3 |
| 2007-06-20 | CVE-2007-3300 | F Secure | Anti-Virus Products LHA and RAR Archives Scan Bypass vulnerability in F-Secure Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. | 9.3 |
| 2007-06-20 | CVE-2007-3296 | Xunlei | Unspecified vulnerability in Xunlei web Thunderbolt 1.7.3.109 The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods. | 9.3 |
| 2007-06-20 | CVE-2007-3290 | Livecms | Input Validation vulnerability in LiveCMS categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | 9.3 |
| 2007-06-18 | CVE-2007-2923 | Novell | Remote Command Execution vulnerability in Novell Extend Director 4.1 The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. | 9.3 |
| 2007-06-21 | CVE-2007-3312 | Efstratios Geroulis | Input Validation vulnerability in Efstratios Geroulis Jasmine CMS 1.0 Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. | 9.0 |
| 2007-06-19 | CVE-2007-3280 | Postgresql | Remote Security vulnerability in Postgresql 8.1 The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. | 9.0 |
| 2007-06-19 | CVE-2007-3266 | Ifnet | Local File Include vulnerability in WebIf OutConfig Parameter Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. | 9.0 |
| 2007-06-19 | CVE-2007-3260 | HP | Remote Privilege Escalation vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | 9.0 |
41 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-22 | CVE-2007-3367 | Cpanel | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. | 7.8 |
| 2007-06-22 | CVE-2007-3356 | Scriptdevelopers NET | Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | 7.8 |
| 2007-06-22 | CVE-2007-3346 | PHP Accounts | Local File Include vulnerability in PHP Accounts PHP Accounts 0.5 Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter. | 7.8 |
| 2007-06-22 | CVE-2006-7206 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. | 7.8 |
| 2007-06-21 | CVE-2007-3340 | Bughunter | Buffer Errors vulnerability in Bughunter Http Server 1.6.2 BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. | 7.8 |
| 2007-06-21 | CVE-2007-2833 | Debian Mandrakesoft GNU | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
| 2007-06-19 | CVE-2007-3284 | Apple | Denial of Service vulnerability in Apple Safari 3.0.1 corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | 7.8 |
| 2007-06-19 | CVE-2007-3282 | Microsoft | Denial-Of-Service vulnerability in Office Msodatasourcecontrol Activex Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | 7.8 |
| 2007-06-19 | CVE-2007-3272 | Minibb | Local File Include vulnerability in Minibb 2.0.5 Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2007-06-19 | CVE-2007-3262 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | 7.8 |
| 2007-06-18 | CVE-2007-3253 | Astaro | Remote Denial of Service vulnerability in Astaro Security Gateway 7.0 Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session. | 7.8 |
| 2007-06-18 | CVE-2007-3252 | Portalapp | Information Disclosure vulnerability in Portalapp PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | 7.8 |
| 2007-06-18 | CVE-2007-3251 | E Vision | Input Validation vulnerability in E-Vision CMS Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. | 7.8 |
| 2007-06-18 | CVE-2007-3248 | SUN | Remote IPv6 IPSec Packet Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | 7.8 |
| 2007-06-22 | CVE-2007-3371 | Powl | Remote File Include vulnerability in Powl 0.94 PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | 7.5 |
| 2007-06-22 | CVE-2007-3370 | KIM Kyoung MIN | Remote File Include vulnerability in KIM Kyoung MIN SUN Board 1.00.00Alpha Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | 7.5 |
| 2007-06-22 | CVE-2007-3365 | Myserverproject | Improper Handling of Case Sensitivity vulnerability in Myserverproject Myserver 0.8.9 MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. | 7.5 |
| 2007-06-22 | CVE-2007-3354 | Scriptdevelopers NET | Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1/1.5.1/1.9.6.3 Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. | 7.5 |
| 2007-06-22 | CVE-2007-3345 | PHP Accounts | SQL-Injection vulnerability in PHP Accounts PHP Accounts 0.5 Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | 7.5 |
| 2007-06-21 | CVE-2007-3335 | Phpecho CMS | SQL-Injection vulnerability in PHPEcho CMS Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-06-21 | CVE-2007-3325 | LMS | Remote File Include vulnerability in LMS LAN Management System Language.PHP PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | 7.5 |
| 2007-06-21 | CVE-2007-3323 | Comersus Open Technologies | Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. | 7.5 |
| 2007-06-21 | CVE-2007-3313 | Efstratios Geroulis | SQL-Injection vulnerability in Efstratios Geroulis Jasmine CMS 1.0 Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php. | 7.5 |
| 2007-06-21 | CVE-2007-3311 | Xoops | SQL-Injection vulnerability in Articles Module SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-06-21 | CVE-2007-3309 | Simple Machines | Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2 Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. | 7.5 |
| 2007-06-21 | CVE-2007-3308 | Simple Machines | Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2 Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. | 7.5 |
| 2007-06-21 | CVE-2007-3307 | Solar Empire | SQL Injection vulnerability in Solar Empire Game_Listing.PHP SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
| 2007-06-21 | CVE-2007-3306 | Ultrize | Remote Security vulnerability in Ultrize Minibill 1.2.5 PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489. | 7.5 |
| 2007-06-20 | CVE-2007-3301 | Fusetalk | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. | 7.5 |
| 2007-06-20 | CVE-2007-3298 | Spey | SQL-Injection vulnerability in Spey SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | 7.5 |
| 2007-06-20 | CVE-2007-3297 | Cybozu Labs | Remote File Include vulnerability in Cybozu Labs Musoo 0.21 Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php. | 7.5 |
| 2007-06-20 | CVE-2007-3294 | PHP | Buffer Errors vulnerability in PHP 5.2.3 Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. | 7.5 |
| 2007-06-20 | CVE-2007-3293 | Livecms | SQL-Injection vulnerability in LiveCMS SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
| 2007-06-20 | CVE-2007-3292 | Livecms | Input Validation vulnerability in LiveCMS Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article. | 7.5 |
| 2007-06-20 | CVE-2007-3289 | Xoops | Remote Security vulnerability in Xoops Wiwimod Module 0.4 PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 7.5 |
| 2007-06-19 | CVE-2007-3273 | Fusetalk | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-06-19 | CVE-2007-3271 | Yourfreescreamer | Remote File Include vulnerability in Yourfreescreamer 1.0 PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter. | 7.5 |
| 2007-06-18 | CVE-2007-3250 | Elxis | SQL Injection vulnerability in Elxis CMS Banner Module MB_Tracker SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. | 7.5 |
| 2007-06-21 | CVE-2007-2398 | Microsoft Apple | Unspecified vulnerability in Apple Safari 3.0.1 Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | 7.1 |
| 2007-06-19 | CVE-2007-3275 | Mailwasher | Credentials Management vulnerability in Mailwasher Server MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. | 7.1 |
| 2007-06-18 | CVE-2007-3207 | Novell | Remote Denial Of Service vulnerability in Novell Client 6.5Sp6 Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. | 7.1 |
40 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-22 | CVE-2007-3359 | Iptel | Remote Security vulnerability in SerWeb Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. | 6.8 |
| 2007-06-22 | CVE-2007-3358 | Iptel | Remote File Include vulnerability in SerWeb Load_Lang.PHP PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | 6.8 |
| 2007-06-21 | CVE-2007-3329 | Xvid | Remote Code Execution vulnerability in Xvid 1.1.2 Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file. | 6.8 |
| 2007-06-21 | CVE-2007-3315 | Yourfreescreamer | Remote Security vulnerability in Yourfreescreamer 1.0 Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. | 6.8 |
| 2007-06-21 | CVE-2007-3314 | Altap | Buffer Overflow vulnerability in Altap Servant Salamander PE File Handling Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file. | 6.8 |
| 2007-06-20 | CVE-2007-3285 | Microsoft Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | 6.8 |
| 2007-06-19 | CVE-2007-3283 | SUN | Local Security vulnerability in SUN Solaris 8.0/9.0 GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. | 6.8 |
| 2007-06-19 | CVE-2007-3257 | Gnome | Unspecified vulnerability in Gnome Evolution 1.11 Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | 6.8 |
| 2007-06-18 | CVE-2007-3247 | Virtuemart | SQL Injection vulnerability in VirtueMart SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php. | 6.8 |
| 2007-06-20 | CVE-2007-3295 | Yabb | Local File Include vulnerability in YABB Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. | 6.5 |
| 2007-06-19 | CVE-2007-3128 | IBM | SQL Injection vulnerability in IBM Websphere Portal 1.0 SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | 6.4 |
| 2007-06-21 | CVE-2007-3326 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0 Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. | 5.8 |
| 2007-06-21 | CVE-2007-3332 | PHP Nuke | Local File Include vulnerability in Satel Lite Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-06-21 | CVE-2007-3331 | Stphp | Cross-Site Request Forgery vulnerability in Stphp Easynews 4.0 Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post. | 5.0 |
| 2007-06-21 | CVE-2007-3327 | Bughunter | Information Disclosure vulnerability in Bughunter Http Server 1.6.2 httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | 5.0 |
| 2007-06-19 | CVE-2007-3127 | IBM | Information Disclosure vulnerability in IBM Websphere Portal 1.0 content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | 5.0 |
| 2007-06-20 | CVE-2007-3303 | Apache | Code Injection vulnerability in Apache Http Server 2.0.59/2.2.4 Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. | 4.9 |
| 2007-06-22 | CVE-2007-3366 | Cpanel | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
| 2007-06-22 | CVE-2007-3364 | Myserver | Cross-Site Scripting vulnerability in Myserver 0.8.9 Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. | 4.3 |
| 2007-06-22 | CVE-2007-3355 | Scriptdevelopers NET | Cross-Site Scripting vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-22 | CVE-2007-3352 | Stephen Ostermiller | Cross Site Scripting vulnerability in Stephen Ostermiller Contact Form 2.00.02 Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe. | 4.3 |
| 2007-06-22 | CVE-2007-3344 | Netjukebox | Cross-Site Scripting vulnerability in Netjukebox 4.01B Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. | 4.3 |
| 2007-06-22 | CVE-2007-3343 | Raidenhttpd | Cross Site Scripting vulnerability in RaidenHTTPD Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-21 | CVE-2007-3342 | SIX Apart | Cross-Site Scripting vulnerability in Movable Type Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. | 4.3 |
| 2007-06-21 | CVE-2007-3339 | Fusetalk | Cross-Site Scripting vulnerability in Fusetalk Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | 4.3 |
| 2007-06-21 | CVE-2007-3330 | Stphp | Script HTML Injection vulnerability in Stphp Easynews 4.0 Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. | 4.3 |
| 2007-06-21 | CVE-2007-3328 | Interact | Cross-Site Scripting vulnerability in Interact 2.4Beta1 Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | 4.3 |
| 2007-06-21 | CVE-2007-3324 | Comersus Open Technologies | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07 Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. | 4.3 |
| 2007-06-21 | CVE-2007-3310 | Tdizin | Cross-Site Scripting vulnerability in TDizin Arama.ASP Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. | 4.3 |
| 2007-06-20 | CVE-2007-3299 | Awffull | Cross-Site Scripting vulnerability in AWFFull Log File Referer Field Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string. | 4.3 |
| 2007-06-20 | CVE-2007-3291 | Livecms | Cross-Site Scripting vulnerability in Livecms Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | 4.3 |
| 2007-06-20 | CVE-2007-3288 | Skeltoac | HTML Injection vulnerability in Skeltoac Automattic Stats 1.0 Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. | 4.3 |
| 2007-06-19 | CVE-2007-3281 | PHP Hosting Biller | Cross-Site Scripting vulnerability in PHP Hosting Biller PHP Hosting Biller 1.0 Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2007-06-19 | CVE-2007-3276 | Siteatschool | Cross-Site Scripting vulnerability in Siteatschool 2.4.10 Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
| 2007-06-19 | CVE-2007-3274 | Microsoft Apple | Resource Management Errors vulnerability in Apple Safari 3.0/3.0.1 Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | 4.3 |
| 2007-06-19 | CVE-2007-3267 | Fuzzylime Forum | Cross-Site Scripting vulnerability in Fuzzylime forum Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | 4.3 |
| 2007-06-19 | CVE-2007-3265 | IBM | Cross-Site Scripting vulnerability in Websphere Application Server Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-06-19 | CVE-2007-3261 | Dkret | HTML Injection vulnerability in DKret Search Widget Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | 4.3 |
| 2007-06-18 | CVE-2007-3249 | Joomla | Cross-Site Scripting vulnerability in Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | 4.3 |
| 2007-06-18 | CVE-2007-3101 | Apache | Cross-Site Scripting vulnerability in Apache Myfaces Tomahawk 1.1.5 Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. | 4.3 |
4 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2007-06-19 | CVE-2007-3269 | Papoo | HTML Injection vulnerability in Papoo CMS Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. | 3.5 |
| 2007-06-19 | CVE-2007-3129 | Utopia Software | Cross-Site Scripting vulnerability in Utopia News Pro Login.PHP Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | 2.6 |
| 2007-06-22 | CVE-2007-3372 | Avahi | Denial Of Service vulnerability in Avahi Empty TXT Data The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. | 2.1 |
| 2007-06-22 | CVE-2007-3337 | Ingres | Remote vulnerability in Ingress Database Server wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. | 2.1 |