Weekly Vulnerabilities Reports > June 18 to 24, 2007

Overview

127 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 107 products from 86 vendors including Microsoft, IBM, Avaya, Ingres, and Scriptdevelopers NET. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Resource Management Errors".

  • 121 reported vulnerabilities are remotely exploitables.
  • 23 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 121 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Ingres has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

24 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-22 CVE-2007-3363 Ageet Remote Security vulnerability in AGEphone

Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets.

10.0
2007-06-22 CVE-2007-3357 Scriptdevelopers NET Remote Security vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1

NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors.

10.0
2007-06-22 CVE-2007-3338 Ingres Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres Database Server

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions.

10.0
2007-06-22 CVE-2007-3336 Ingres Remote vulnerability in Ingress Database Server

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input.

10.0
2007-06-22 CVE-2006-7207 Ageet Remote Security vulnerability in AGEphone

Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.

10.0
2007-06-21 CVE-2007-3341 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5/6.0/7.0

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217.

10.0
2007-06-21 CVE-2007-3334 Microsoft
CA
Ingres
Remote vulnerability in Ingress Database Server

Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2007-06-19 CVE-2007-3279 Postgresql Remote Security vulnerability in Postgresql 8.1

PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection.

10.0
2007-06-19 CVE-2007-3277 Wikindx Authentication Bypass vulnerability in WIKINDX Localization Module

Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors.

10.0
2007-06-19 CVE-2007-3270 Phpmyinventory Remote File Include vulnerability in PHPmyinventory 2.8

PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter.

10.0
2007-06-19 CVE-2007-2924 Realnetworks Buffer Overflow vulnerability in RealNetworks GameHouse GHDLCTL.DLL ActiveX Control

Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.

10.0
2007-06-19 CVE-2007-3264 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.

10.0
2007-06-19 CVE-2007-3263 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."

10.0
2007-06-22 CVE-2007-3360 Bitchx Remote Buffer Overflow vulnerability in Bitchx 1.1Final

hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands.

9.3
2007-06-21 CVE-2007-3316 Videolan Format String vulnerability in VLC Media Player 0.8.6A/0.8.6B

Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.

9.3
2007-06-21 CVE-2007-3305 Cerulean Studios Buffer Overflow vulnerability in Cerulean Studios Trillian 3.1

Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478.

9.3
2007-06-20 CVE-2007-3300 F Secure Anti-Virus Products LHA and RAR Archives Scan Bypass vulnerability in F-Secure

Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.

9.3
2007-06-20 CVE-2007-3296 Xunlei Unspecified vulnerability in Xunlei web Thunderbolt 1.7.3.109

The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods.

9.3
2007-06-20 CVE-2007-3290 Livecms Input Validation vulnerability in LiveCMS

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.

9.3
2007-06-18 CVE-2007-2923 Novell Remote Command Execution vulnerability in Novell Extend Director 4.1

The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.

9.3
2007-06-21 CVE-2007-3312 Efstratios Geroulis Input Validation vulnerability in Efstratios Geroulis Jasmine CMS 1.0

Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a ..

9.0
2007-06-19 CVE-2007-3280 Postgresql Remote Security vulnerability in Postgresql 8.1

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.

9.0
2007-06-19 CVE-2007-3266 Ifnet Local File Include vulnerability in WebIf OutConfig Parameter

Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a ..

9.0
2007-06-19 CVE-2007-3260 HP Remote Privilege Escalation vulnerability in HP System Management Homepage

HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.

9.0

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-22 CVE-2007-3369 Polycom Buffer Errors vulnerability in Polycom Soundpoint IP 601 1.6.3.0067Bootrom3.0.0

Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header.

7.8
2007-06-22 CVE-2007-3368 Polycom Remote Denial of Service vulnerability in Polycom Soundpoint IP 650 Bootrom3.0.0

Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter.

7.8
2007-06-22 CVE-2007-3367 Cpanel Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap

Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message.

7.8
2007-06-22 CVE-2007-3365 Myserver Information Disclosure vulnerability in MyServer Filename Parse Error

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI.

7.8
2007-06-22 CVE-2007-3362 Microsoft
HTC
Ageet
Denial of Service vulnerability in AGEPhone SIP Soft Phone Message Parsing

ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter.

7.8
2007-06-22 CVE-2007-3361 Nortel Denial of Service vulnerability in Nortel PC Client Soft Phone SIP 4.1

The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header.

7.8
2007-06-22 CVE-2007-3356 Scriptdevelopers NET Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1

NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php.

7.8
2007-06-22 CVE-2007-3351 Microsoft
Dell
SJ Labs
Denial Of Service vulnerability in SJ Labs Sjphone 1.60.303C

The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets.

7.8
2007-06-22 CVE-2007-3350 Microsoft
AOL
Denial of Service vulnerability in AOL Instant Messenger 6.1.32.1

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests.

7.8
2007-06-22 CVE-2007-3349 Aastra Telecom Denial Of Service vulnerability in Aastra Telecom 9112I SIP Phone 1.4.0.1048

The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) via a malformed SIP message of a certain other length.

7.8
2007-06-22 CVE-2007-3348 D Link Denial Of Service vulnerability in D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header

The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message.

7.8
2007-06-22 CVE-2007-3347 D Link Unspecified vulnerability in D-Link Dph-540 and Dph-541

The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID.

7.8
2007-06-22 CVE-2007-3346 PHP Accounts Local File Include vulnerability in PHP Accounts PHP Accounts 0.5

Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter.

7.8
2007-06-22 CVE-2006-7206 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

7.8
2007-06-21 CVE-2007-3340 Bughunter Buffer Errors vulnerability in Bughunter Http Server 1.6.2

BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages.

7.8
2007-06-21 CVE-2007-2833 Debian
Mandrakesoft
GNU
Remote Denial of Service vulnerability in GNU Emacs Image Processing

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

7.8
2007-06-21 CVE-2007-3317 Avaya Denial Of Service vulnerability in Avaya One-X Desktop Edition SIP Header

The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message.

7.8
2007-06-19 CVE-2007-3284 Apple Denial of Service vulnerability in Apple Safari 3.0.1

corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.

7.8
2007-06-19 CVE-2007-3282 Microsoft Denial-Of-Service vulnerability in Office Msodatasourcecontrol Activex

Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.

7.8
2007-06-19 CVE-2007-3272 Minibb Local File Include vulnerability in Minibb 2.0.5

Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a ..

7.8
2007-06-19 CVE-2007-3262 IBM Unspecified vulnerability in IBM Websphere Application Server

Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak.

7.8
2007-06-18 CVE-2007-3253 Astaro Remote Denial of Service vulnerability in Astaro Security Gateway 7.0

Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session.

7.8
2007-06-18 CVE-2007-3252 Portalapp Information Disclosure vulnerability in Portalapp

PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786.

7.8
2007-06-18 CVE-2007-3251 E Vision Input Validation vulnerability in E-Vision CMS

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a ..

7.8
2007-06-18 CVE-2007-3248 SUN Remote IPv6 IPSec Packet Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic.

7.8
2007-06-22 CVE-2007-3371 Powl Remote File Include vulnerability in Powl 0.94

PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter.

7.5
2007-06-22 CVE-2007-3370 KIM Kyoung MIN Remote File Include vulnerability in KIM Kyoung MIN SUN Board 1.00.00Alpha

Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php.

7.5
2007-06-22 CVE-2007-3354 Scriptdevelopers NET Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1/1.5.1/1.9.6.3

Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors.

7.5
2007-06-22 CVE-2007-3353 Mywebland Unspecified vulnerability in Mywebland Myevent 1.6

** DISPUTED ** PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.

7.5
2007-06-22 CVE-2007-3345 PHP Accounts SQL-Injection vulnerability in PHP Accounts PHP Accounts 0.5

Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter.

7.5
2007-06-21 CVE-2007-3335 Phpecho CMS SQL-Injection vulnerability in PHPEcho CMS

Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-06-21 CVE-2007-3325 LMS Remote File Include vulnerability in LMS LAN Management System Language.PHP

PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205.

7.5
2007-06-21 CVE-2007-3323 Comersus Open Technologies Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07

SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter.

7.5
2007-06-21 CVE-2007-3319 Avaya Authentication Spoofing vulnerability in Avaya 4602Sw IP Phone R2.2

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications.

7.5
2007-06-21 CVE-2007-3313 Efstratios Geroulis SQL-Injection vulnerability in Efstratios Geroulis Jasmine CMS 1.0

Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.

7.5
2007-06-21 CVE-2007-3311 Xoops SQL-Injection vulnerability in Articles Module

SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-06-21 CVE-2007-3309 Simple Machines Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2

Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message.

7.5
2007-06-21 CVE-2007-3308 Simple Machines Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2

Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack.

7.5
2007-06-21 CVE-2007-3307 Solar Empire SQL Injection vulnerability in Solar Empire Game_Listing.PHP

SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

7.5
2007-06-21 CVE-2007-3306 Ultrize Remote Security vulnerability in Ultrize Minibill 1.2.5

PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489.

7.5
2007-06-20 CVE-2007-3301 Fusetalk SQL Injection vulnerability in Fusetalk 2.0

SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter.

7.5
2007-06-20 CVE-2007-3298 Spey SQL-Injection vulnerability in Spey

SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.

7.5
2007-06-20 CVE-2007-3297 Cybozu Labs Remote File Include vulnerability in Cybozu Labs Musoo 0.21

Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php.

7.5
2007-06-20 CVE-2007-3294 PHP Buffer Errors vulnerability in PHP 5.2.3

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function.

7.5
2007-06-20 CVE-2007-3293 Livecms SQL-Injection vulnerability in LiveCMS

SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2007-06-20 CVE-2007-3292 Livecms Input Validation vulnerability in LiveCMS

Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.

7.5
2007-06-20 CVE-2007-3289 Xoops Remote Security vulnerability in Xoops Wiwimod Module 0.4

PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.

7.5
2007-06-19 CVE-2007-3273 Fusetalk SQL Injection vulnerability in Fusetalk 2.0

SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-06-19 CVE-2007-3271 Yourfreescreamer Remote File Include vulnerability in Yourfreescreamer 1.0

PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter.

7.5
2007-06-18 CVE-2007-3250 Elxis SQL Injection vulnerability in Elxis CMS Banner Module MB_Tracker

SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie.

7.5
2007-06-21 CVE-2007-2398 Microsoft
Apple
Unspecified vulnerability in Apple Safari 3.0.1

Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.

7.1
2007-06-19 CVE-2007-3275 Mailwasher Credentials Management vulnerability in Mailwasher Server

MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp.

7.1
2007-06-18 CVE-2007-3207 Novell Remote Denial Of Service vulnerability in Novell Client 6.5Sp6

Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request.

7.1

46 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-19 CVE-2007-3278 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql 8.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1.

6.9
2007-06-22 CVE-2007-3359 Iptel Remote Security vulnerability in SerWeb

Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php.

6.8
2007-06-22 CVE-2007-3358 Iptel Remote File Include vulnerability in SerWeb Load_Lang.PHP

PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter.

6.8
2007-06-21 CVE-2007-3329 Xvid Remote Code Execution vulnerability in Xvid 1.1.2

Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file.

6.8
2007-06-21 CVE-2007-3315 Yourfreescreamer Remote Security vulnerability in Yourfreescreamer 1.0

Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271.

6.8
2007-06-21 CVE-2007-3314 Altap Buffer Overflow vulnerability in Altap Servant Salamander PE File Handling

Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.

6.8
2007-06-20 CVE-2007-3285 Microsoft
Mozilla
Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would.

6.8
2007-06-19 CVE-2007-3283 SUN Local Security vulnerability in SUN Solaris 8.0/9.0

GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console.

6.8
2007-06-19 CVE-2007-3257 Gnome Unspecified vulnerability in Gnome Evolution 1.11

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

6.8
2007-06-18 CVE-2007-3247 Virtuemart SQL Injection vulnerability in VirtueMart

SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.

6.8
2007-06-20 CVE-2007-3295 Yabb Local File Include vulnerability in YABB

Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a ..

6.5
2007-06-19 CVE-2007-3128 IBM SQL Injection vulnerability in IBM Websphere Portal 1.0

SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.

6.4
2007-06-21 CVE-2007-3326 Jelsoft Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0

Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a ..

5.8
2007-06-21 CVE-2007-3332 PHP Nuke Local File Include vulnerability in Satel Lite

Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a ..

5.0
2007-06-21 CVE-2007-3331 Stphp Cross-Site Request Forgery vulnerability in Stphp Easynews 4.0

Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post.

5.0
2007-06-21 CVE-2007-3327 Bughunter Information Disclosure vulnerability in Bughunter Http Server 1.6.2

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).

5.0
2007-06-21 CVE-2007-3322 Avaya Denial-Of-Service vulnerability in Avaya 4602Sw IP Phone R2.2

The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port.

5.0
2007-06-21 CVE-2007-3321 Avaya Denial-Of-Service vulnerability in Avaya 4602Sw IP Phone R2.2

The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp).

5.0
2007-06-21 CVE-2007-3320 Avaya Unspecified vulnerability in Avaya 4602Sw IP Phone R2.2

The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact.

5.0
2007-06-21 CVE-2007-3318 Avaya Remote Buffer Overflow vulnerability in Avaya One-X Desktop Edition Phone SIP

Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message.

5.0
2007-06-19 CVE-2007-3127 IBM Information Disclosure vulnerability in IBM Websphere Portal 1.0

content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message.

5.0
2007-06-20 CVE-2007-3303 Apache Code Injection vulnerability in Apache Http Server 2.0.59/2.2.4

Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.

4.9
2007-06-20 CVE-2007-3304 Apache Unspecified vulnerability in Apache Http Server 1.3.37/2.0.59/2.2.4

Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."

4.7
2007-06-22 CVE-2007-3366 Cpanel Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap

Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3
2007-06-22 CVE-2007-3364 Myserver Cross-Site Scripting vulnerability in Myserver 0.8.9

Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content.

4.3
2007-06-22 CVE-2007-3355 Scriptdevelopers NET Cross-Site Scripting vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-22 CVE-2007-3352 Stephen Ostermiller Cross Site Scripting vulnerability in Stephen Ostermiller Contact Form 2.00.02

Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe.

4.3
2007-06-22 CVE-2007-3344 Netjukebox Cross-Site Scripting vulnerability in Netjukebox 4.01B

Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php.

4.3
2007-06-22 CVE-2007-3343 Raidenhttpd Cross Site Scripting vulnerability in RaidenHTTPD

Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-21 CVE-2007-3342 SIX Apart Cross-Site Scripting vulnerability in Movable Type

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231.

4.3
2007-06-21 CVE-2007-3339 Fusetalk Cross-Site Scripting vulnerability in Fusetalk

Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm.

4.3
2007-06-21 CVE-2007-3330 Stphp Script HTML Injection vulnerability in Stphp Easynews 4.0

Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.

4.3
2007-06-21 CVE-2007-3328 Interact Cross-Site Scripting vulnerability in Interact 2.4Beta1

Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php.

4.3
2007-06-21 CVE-2007-3324 Comersus Open Technologies Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07

Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681.

4.3
2007-06-21 CVE-2007-3310 Tdizin Cross-Site Scripting vulnerability in TDizin Arama.ASP

Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter.

4.3
2007-06-20 CVE-2007-3299 Awffull Cross-Site Scripting vulnerability in AWFFull Log File Referer Field

Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.

4.3
2007-06-20 CVE-2007-3291 Livecms Cross-Site Scripting vulnerability in Livecms

Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php.

4.3
2007-06-20 CVE-2007-3288 Skeltoac HTML Injection vulnerability in Skeltoac Automattic Stats 1.0

Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field.

4.3
2007-06-19 CVE-2007-3281 PHP Hosting Biller Cross-Site Scripting vulnerability in PHP Hosting Biller PHP Hosting Biller 1.0

Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3
2007-06-19 CVE-2007-3276 Siteatschool Cross-Site Scripting vulnerability in Siteatschool 2.4.10

Cross-site scripting (XSS) vulnerability in index.php in [email protected] ([email protected]) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2007-06-19 CVE-2007-3274 Microsoft
Apple
Resource Management Errors vulnerability in Apple Safari 3.0/3.0.1

Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.

4.3
2007-06-19 CVE-2007-3267 Fuzzylime Forum Cross-Site Scripting vulnerability in Fuzzylime forum

Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.

4.3
2007-06-19 CVE-2007-3265 IBM Cross-Site Scripting vulnerability in Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-19 CVE-2007-3261 Dkret HTML Injection vulnerability in DKret Search Widget

Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

4.3
2007-06-18 CVE-2007-3249 Joomla Cross-Site Scripting vulnerability in Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP

Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.

4.3
2007-06-18 CVE-2007-3101 Apache Cross-Site Scripting vulnerability in Apache Myfaces Tomahawk 1.1.5

Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-19 CVE-2007-3269 Papoo HTML Injection vulnerability in Papoo CMS

Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user.

3.5
2007-06-19 CVE-2007-3129 Utopia Software Cross-Site Scripting vulnerability in Utopia News Pro Login.PHP

Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.

2.6
2007-06-22 CVE-2007-3372 Avahi Denial Of Service vulnerability in Avahi Empty TXT Data

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.

2.1
2007-06-22 CVE-2007-3337 Ingres Remote vulnerability in Ingress Database Server

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file.

2.1