Weekly Vulnerabilities Reports > June 18 to 24, 2007
Overview
127 new vulnerabilities reported during this period, including 24 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 89 vendors including Microsoft, IBM, Avaya, Ingres, and Scriptdevelopers NET. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Cross-site Scripting", and "Resource Management Errors".
- 121 reported vulnerabilities are remotely exploitables.
- 23 reported vulnerabilities have public exploit available.
- 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 121 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Ingres has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
24 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-22 | CVE-2007-3363 | Ageet | Remote Security vulnerability in AGEphone Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 allow remote attackers to have an unknown impact via malformed SIP packets. | 10.0 |
2007-06-22 | CVE-2007-3357 | Scriptdevelopers NET | Remote Security vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 NetClassifieds Premium Edition does not use encryption for (1) stored passwords or (2) sensitive data, which might allow attackers to obtain information via certain vectors. | 10.0 |
2007-06-22 | CVE-2007-3338 | Ingres | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres Database Server Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or (2) duve_get_args functions. | 10.0 |
2007-06-22 | CVE-2007-3336 | Ingres | Remote vulnerability in Ingress Database Server Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server Process (iigcc), which calls the (1) QUinsert or (2) QUremove functions with attacker-controlled input. | 10.0 |
2007-06-22 | CVE-2006-7207 | Ageet | Remote Security vulnerability in AGEphone Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | 10.0 |
2007-06-21 | CVE-2007-3341 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 5/6.0/7.0 Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. | 10.0 |
2007-06-21 | CVE-2007-3334 | Microsoft CA Ingres | Remote vulnerability in Ingress Database Server Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager r8 on Windows, allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2007-06-19 | CVE-2007-3279 | Postgresql | Remote Security vulnerability in Postgresql 8.1 PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. | 10.0 |
2007-06-19 | CVE-2007-3277 | Wikindx | Authentication Bypass vulnerability in WIKINDX Localization Module Unspecified vulnerability in the localization before 1.2 module for WIKINDX allows attackers to access certain administrative capabilities via unknown vectors. | 10.0 |
2007-06-19 | CVE-2007-3270 | Phpmyinventory | Remote File Include vulnerability in PHPmyinventory 2.8 PHP remote file inclusion vulnerability in Includes/global.inc.php in phpMyInventory 2.8 allows remote attackers to execute arbitrary PHP code via a URL in the strIncludePrefix parameter. | 10.0 |
2007-06-19 | CVE-2007-2924 | Realnetworks | Buffer Overflow vulnerability in RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2007-06-19 | CVE-2007-3264 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | 10.0 |
2007-06-19 | CVE-2007-3263 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | 10.0 |
2007-06-22 | CVE-2007-3360 | Bitchx | Remote Buffer Overflow vulnerability in Bitchx 1.1Final hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands. | 9.3 |
2007-06-21 | CVE-2007-3316 | Videolan | Format String vulnerability in VLC Media Player 0.8.6A/0.8.6B Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets. | 9.3 |
2007-06-21 | CVE-2007-3305 | Cerulean Studios | Buffer Overflow vulnerability in Cerulean Studios Trillian 3.1 Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper memory allocation for word wrapping when a window width is used as a buffer size, a different vulnerability than CVE-2007-2478. | 9.3 |
2007-06-20 | CVE-2007-3300 | F Secure | Anti-Virus Products LHA and RAR Archives Scan Bypass vulnerability in F-Secure Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive. | 9.3 |
2007-06-20 | CVE-2007-3296 | Xunlei | Unspecified vulnerability in Xunlei web Thunderbolt 1.7.3.109 The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods. | 9.3 |
2007-06-20 | CVE-2007-3290 | Livecms | Input Validation vulnerability in LiveCMS categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message. | 9.3 |
2007-06-18 | CVE-2007-2923 | Novell | Remote Command Execution vulnerability in Novell Extend Director 4.1 The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands. | 9.3 |
2007-06-21 | CVE-2007-3312 | Efstratios Geroulis | Input Validation vulnerability in Efstratios Geroulis Jasmine CMS 1.0 Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. | 9.0 |
2007-06-19 | CVE-2007-3280 | Postgresql | Remote Security vulnerability in Postgresql 8.1 The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. | 9.0 |
2007-06-19 | CVE-2007-3266 | Ifnet | Local File Include vulnerability in WebIf OutConfig Parameter Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. | 9.0 |
2007-06-19 | CVE-2007-3260 | HP | Remote Privilege Escalation vulnerability in HP System Management Homepage HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges. | 9.0 |
53 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-22 | CVE-2007-3369 | Polycom | Buffer Errors vulnerability in Polycom Soundpoint IP 601 1.6.3.0067Bootrom3.0.0 Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ and SIP version 1.6.3.0067 allows remote attackers to cause a denial of service (device hang or reboot) via an INVITE message with a long Via header. | 7.8 |
2007-06-22 | CVE-2007-3368 | Polycom | Remote Denial of Service vulnerability in Polycom Soundpoint IP 650 Bootrom3.0.0 Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 SIP phone with BootROM 3.0.x+ allows remote attackers to cause a denial of service (device reboot) via a malformed CGI parameter. | 7.8 |
2007-06-22 | CVE-2007-3367 | Cpanel | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. | 7.8 |
2007-06-22 | CVE-2007-3365 | Myserver | Information Disclosure vulnerability in MyServer Filename Parse Error MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information (script source code) via a modified extension, as demonstrated by post.mscgI. | 7.8 |
2007-06-22 | CVE-2007-3362 | Microsoft HTC Ageet | Denial of Service vulnerability in AGEPhone SIP Soft Phone Message Parsing ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC HyTN Pocket PC device, allows remote attackers to (1) cause a denial of service (call disruption and device hang) via a SIP message with a malformed header and (2) cause a denial of service (call disruption, false ring indication, and device outage) via a SIP message with a malformed SDP delimiter. | 7.8 |
2007-06-22 | CVE-2007-3361 | Nortel | Denial of Service vulnerability in Nortel PC Client Soft Phone SIP 4.1 The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to cause a denial of service (device crash) via a SIP message with a malformed header. | 7.8 |
2007-06-22 | CVE-2007-3356 | Scriptdevelopers NET | Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 NetClassifieds Premium Edition allows remote attackers to obtain sensitive information via certain requests that reveal the path in an error message, related to the display_errors setting in (1) Common.php and (2) imageresizer.php, and (3) the use of __FILE__ in error reporting by imageresizer.php; and (4) via certain requests that reveal the table name and complete query, related to the Halt_On_Error setting in Mysql_db.php. | 7.8 |
2007-06-22 | CVE-2007-3351 | Microsoft Dell SJ Labs | Denial Of Service vulnerability in SJ Labs Sjphone 1.60.303C The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim X3 running Windows Mobile 2003, allows remote attackers to cause a denial of service (device hang and traffic amplification) via a direct crafted INVITE transaction, which causes the phone to transmit many RTP packets. | 7.8 |
2007-06-22 | CVE-2007-3350 | Microsoft AOL | Denial of Service vulnerability in AOL Instant Messenger 6.1.32.1 AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application hang) via a flood of spoofed SIP INVITE requests. | 7.8 |
2007-06-22 | CVE-2007-3349 | Aastra Telecom | Denial Of Service vulnerability in Aastra Telecom 9112I SIP Phone 1.4.0.1048 The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to (1) cause a denial of service (device freeze) via a malformed SIP message of a certain length or (2) cause a denial of service (continuous ring) via a malformed SIP message of a certain other length. | 7.8 |
2007-06-22 | CVE-2007-3348 | D Link | Denial Of Service vulnerability in D-Link DPH-540/DPH-541 Wi-Fi Phones SDP Header The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a denial of service (device outage) via a malformed SDP header in a SIP INVITE message. | 7.8 |
2007-06-22 | CVE-2007-3347 | D Link | Unspecified vulnerability in D-Link Dph-540 and Dph-541 The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. | 7.8 |
2007-06-22 | CVE-2007-3346 | PHP Accounts | Local File Include vulnerability in PHP Accounts PHP Accounts 0.5 Directory traversal vulnerability in index.php in PHPAccounts 0.5 allows remote attackers to include arbitrary local files via unspecified manipulations of the page parameter. | 7.8 |
2007-06-22 | CVE-2006-7206 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899. | 7.8 |
2007-06-21 | CVE-2007-3340 | Bughunter | Buffer Errors vulnerability in Bughunter Http Server 1.6.2 BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. | 7.8 |
2007-06-21 | CVE-2007-2833 | Debian Mandrakesoft GNU | Remote Denial of Service vulnerability in GNU Emacs Image Processing Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation. | 7.8 |
2007-06-21 | CVE-2007-3317 | Avaya | Denial Of Service vulnerability in Avaya One-X Desktop Edition SIP Header The Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (device crash) via a malformed SIP message. | 7.8 |
2007-06-19 | CVE-2007-3284 | Apple | Denial of Service vulnerability in Apple Safari 3.0.1 corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | 7.8 |
2007-06-19 | CVE-2007-3282 | Microsoft | Denial-Of-Service vulnerability in Office Msodatasourcecontrol Activex Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method. | 7.8 |
2007-06-19 | CVE-2007-3272 | Minibb | Local File Include vulnerability in Minibb 2.0.5 Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. | 7.8 |
2007-06-19 | CVE-2007-3262 | IBM | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | 7.8 |
2007-06-18 | CVE-2007-3253 | Astaro | Remote Denial of Service vulnerability in Astaro Security Gateway 7.0 Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) before 7.005 allow remote attackers to cause a denial of service via (1) certain email, which stops the SMTP Proxy during scanning; (2) certain HTTP traffic, which stops or slows down the HTTP proxy during HTTP responses containing virus scanned web pages; and (3) a disconnection during a streaming session. | 7.8 |
2007-06-18 | CVE-2007-3252 | Portalapp | Information Disclosure vulnerability in Portalapp PortalApp stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for 8691.mdb, a different vector than CVE-2004-1786. | 7.8 |
2007-06-18 | CVE-2007-3251 | E Vision | Input Validation vulnerability in E-Vision CMS Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. | 7.8 |
2007-06-18 | CVE-2007-3248 | SUN | Remote IPv6 IPSec Packet Denial of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote attackers to cause a denial of service (system crash) via certain network traffic. | 7.8 |
2007-06-22 | CVE-2007-3371 | Powl | Remote File Include vulnerability in Powl 0.94 PHP remote file inclusion vulnerability in plugins/widgets/htmledit/htmledit.php in Powl 0.94 allows remote attackers to execute arbitrary PHP code via a URL in the _POWL[installPath] parameter. | 7.5 |
2007-06-22 | CVE-2007-3370 | KIM Kyoung MIN | Remote File Include vulnerability in KIM Kyoung MIN SUN Board 1.00.00Alpha Multiple PHP remote file inclusion vulnerabilities in Sun Board 1.00.00 Alpha allow remote attackers to execute arbitrary PHP code via a URL in (1) the sunPath parameter to include.php or (2) the dir parameter to skin/board/default/doctype.php. | 7.5 |
2007-06-22 | CVE-2007-3354 | Scriptdevelopers NET | Input Validation vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1/1.5.1/1.9.6.3 Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. | 7.5 |
2007-06-22 | CVE-2007-3353 | Mywebland | Unspecified vulnerability in Mywebland Myevent 1.6 ** DISPUTED ** PHP remote file inclusion vulnerability in includes/template.php in MyEvent 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter. | 7.5 |
2007-06-22 | CVE-2007-3345 | PHP Accounts | SQL-Injection vulnerability in PHP Accounts PHP Accounts 0.5 Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Client_ID, (5) Invoice_ID, or (6) Vendor_ID parameter. | 7.5 |
2007-06-21 | CVE-2007-3335 | Phpecho CMS | SQL-Injection vulnerability in PHPEcho CMS Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-06-21 | CVE-2007-3325 | LMS | Remote File Include vulnerability in LMS LAN Management System Language.PHP PHP remote file inclusion vulnerability in lib/language.php in LAN Management System (LMS) 1.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _LIB_DIR parameter, a different vector than CVE-2007-1643 and CVE-2007-2205. | 7.5 |
2007-06-21 | CVE-2007-3323 | Comersus Open Technologies | Input Validation vulnerability in Comersus Open Technologies Comersus Cart 7.07 SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. | 7.5 |
2007-06-21 | CVE-2007-3319 | Avaya | Authentication Spoofing vulnerability in Avaya 4602Sw IP Phone R2.2 The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle attacks and hijack or intercept communications. | 7.5 |
2007-06-21 | CVE-2007-3313 | Efstratios Geroulis | SQL-Injection vulnerability in Efstratios Geroulis Jasmine CMS 1.0 Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php. | 7.5 |
2007-06-21 | CVE-2007-3311 | Xoops | SQL-Injection vulnerability in Articles Module SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-06-21 | CVE-2007-3309 | Simple Machines | Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2 Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote attackers to execute arbitrary PHP code during (1) creation or (2) editing of a message. | 7.5 |
2007-06-21 | CVE-2007-3308 | Simple Machines | Remote Security vulnerability in Simple Machines Simple Machines Forum 1.1.2 Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with insufficient randomization when creating a WAV file CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated brute-force attack. | 7.5 |
2007-06-21 | CVE-2007-3307 | Solar Empire | SQL Injection vulnerability in Solar Empire Game_Listing.PHP SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
2007-06-21 | CVE-2007-3306 | Ultrize | Remote Security vulnerability in Ultrize Minibill 1.2.5 PHP remote file inclusion vulnerability in crontab/run_billing.php in MiniBill 1.2.5 allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter, a different vector than CVE-2006-4489. | 7.5 |
2007-06-20 | CVE-2007-3301 | Fusetalk | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. | 7.5 |
2007-06-20 | CVE-2007-3298 | Spey | SQL-Injection vulnerability in Spey SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components. | 7.5 |
2007-06-20 | CVE-2007-3297 | Cybozu Labs | Remote File Include vulnerability in Cybozu Labs Musoo 0.21 Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[ini_array][EXTLIB_PATH] parameter to (1) msDb.php, (2) modules/MusooTemplateLite.php, or (3) modules/SoundImporter.php. | 7.5 |
2007-06-20 | CVE-2007-3294 | PHP | Buffer Errors vulnerability in PHP 5.2.3 Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. | 7.5 |
2007-06-20 | CVE-2007-3293 | Livecms | SQL-Injection vulnerability in LiveCMS SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2007-06-20 | CVE-2007-3292 | Livecms | Input Validation vulnerability in LiveCMS Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article. | 7.5 |
2007-06-20 | CVE-2007-3289 | Xoops | Remote Security vulnerability in Xoops Wiwimod Module 0.4 PHP remote file inclusion vulnerability in spaw/spaw_control.class.php in the WiwiMod 0.4 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. | 7.5 |
2007-06-19 | CVE-2007-3273 | Fusetalk | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-06-19 | CVE-2007-3271 | Yourfreescreamer | Remote File Include vulnerability in Yourfreescreamer 1.0 PHP remote file inclusion vulnerability in templates/2blue/bodyTemplate.php in YourFreeScreamer 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter. | 7.5 |
2007-06-18 | CVE-2007-3250 | Elxis | SQL Injection vulnerability in Elxis CMS Banner Module MB_Tracker SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. | 7.5 |
2007-06-21 | CVE-2007-2398 | Microsoft Apple | Unspecified vulnerability in Apple Safari 3.0.1 Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | 7.1 |
2007-06-19 | CVE-2007-3275 | Mailwasher | Credentials Management vulnerability in Mailwasher Server MailWasher Server before 2.2.1, when used with LDAP or Active Directory (AD), does not properly handle blank passwords, which allows remote attackers to access an arbitrary user account and read the spam e-mail messages stored for that account, possibly related to the LoginCheck::doPost function in mwi/servlet/Login.cpp. | 7.1 |
2007-06-18 | CVE-2007-3207 | Novell | Remote Denial Of Service vulnerability in Novell Client 6.5Sp6 Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare 6.5 SP6, and probably earlier, allows remote attackers to cause a denial of service (abend) via a long path in a mount request. | 7.1 |
46 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-19 | CVE-2007-3278 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql 8.1 PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | 6.9 |
2007-06-22 | CVE-2007-3359 | Iptel | Remote Security vulnerability in SerWeb Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. | 6.8 |
2007-06-22 | CVE-2007-3358 | Iptel | Remote File Include vulnerability in SerWeb Load_Lang.PHP PHP remote file inclusion vulnerability in html/load_lang.php in SerWeb 0.9.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter. | 6.8 |
2007-06-21 | CVE-2007-3329 | Xvid | Remote Code Execution vulnerability in Xvid 1.1.2 Multiple array index errors in the (1) get_intra_block, (2) get_inter_block_h263, and (3) get_inter_block_mpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted (a) Avi, (b) H.263, or (c) MPEG file. | 6.8 |
2007-06-21 | CVE-2007-3315 | Yourfreescreamer | Remote Security vulnerability in Yourfreescreamer 1.0 Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the serverPath parameter to bodyTemplate.php in (1) templates/Classic/, (2) templates/Classic Guestbook/, (3) templates/DarkNights/, and (4) templates/Simplistic/, different vectors than CVE-2007-3271. | 6.8 |
2007-06-21 | CVE-2007-3314 | Altap | Buffer Overflow vulnerability in Altap Servant Salamander PE File Handling Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file. | 6.8 |
2007-06-20 | CVE-2007-3285 | Microsoft Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. | 6.8 |
2007-06-19 | CVE-2007-3283 | SUN | Local Security vulnerability in SUN Solaris 8.0/9.0 GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. | 6.8 |
2007-06-19 | CVE-2007-3257 | Gnome | Unspecified vulnerability in Gnome Evolution 1.11 Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | 6.8 |
2007-06-18 | CVE-2007-3247 | Virtuemart | SQL Injection vulnerability in VirtueMart SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php. | 6.8 |
2007-06-20 | CVE-2007-3295 | Yabb | Local File Include vulnerability in YABB Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. | 6.5 |
2007-06-19 | CVE-2007-3128 | IBM | SQL Injection vulnerability in IBM Websphere Portal 1.0 SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | 6.4 |
2007-06-21 | CVE-2007-3326 | Jelsoft | Cross-Site Scripting vulnerability in Jelsoft Vbulletin 3.0.0 Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. | 5.8 |
2007-06-21 | CVE-2007-3332 | PHP Nuke | Local File Include vulnerability in Satel Lite Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-06-21 | CVE-2007-3331 | Stphp | Cross-Site Request Forgery vulnerability in Stphp Easynews 4.0 Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news post. | 5.0 |
2007-06-21 | CVE-2007-3327 | Bughunter | Information Disclosure vulnerability in Bughunter Http Server 1.6.2 httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space). | 5.0 |
2007-06-21 | CVE-2007-3322 | Avaya | Denial-Of-Service vulnerability in Avaya 4602Sw IP Phone R2.2 The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware uses a constant media port number for calls, which allows remote attackers to cause a denial of service (audio quality loss) via a flood of packets to the RTP port. | 5.0 |
2007-06-21 | CVE-2007-3321 | Avaya | Denial-Of-Service vulnerability in Avaya 4602Sw IP Phone R2.2 The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware allows remote attackers to cause a denial of service (device reboot) via a flood of packets to the BOOTP port (68/udp). | 5.0 |
2007-06-21 | CVE-2007-3320 | Avaya | Unspecified vulnerability in Avaya 4602Sw IP Phone R2.2 The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware accepts SIP INVITE requests from arbitrary source IP addresses, which allows remote attackers to have an unspecified impact. | 5.0 |
2007-06-21 | CVE-2007-3318 | Avaya | Remote Buffer Overflow vulnerability in Avaya One-X Desktop Edition Phone SIP Buffer overflow in the Session Initiation Protocol (SIP) User Access Client (UAC) message parsing module in Avaya one-X Desktop Edition 2.1.0.70 and earlier allows remote attackers to cause a denial of service (call reception outage) via a malformed SIP message. | 5.0 |
2007-06-19 | CVE-2007-3127 | IBM | Information Disclosure vulnerability in IBM Websphere Portal 1.0 content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to obtain sensitive information via a "';" (quote semicolon) sequence in the page parameter, which reveals the installation path in the resulting forced SQL error message. | 5.0 |
2007-06-20 | CVE-2007-3303 | Apache | Code Injection vulnerability in Apache Http Server 2.0.59/2.2.4 Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. | 4.9 |
2007-06-20 | CVE-2007-3304 | Apache Fedoraproject Redhat Canonical | Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer." | 4.7 |
2007-06-22 | CVE-2007-3366 | Cpanel | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2007-06-22 | CVE-2007-3364 | Myserver | Cross-Site Scripting vulnerability in Myserver 0.8.9 Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content. | 4.3 |
2007-06-22 | CVE-2007-3355 | Scriptdevelopers NET | Cross-Site Scripting vulnerability in Scriptdevelopers.Net Netclassifieds 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds Premium Edition allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-06-22 | CVE-2007-3352 | Stephen Ostermiller | Cross Site Scripting vulnerability in Stephen Ostermiller Contact Form 2.00.02 Cross-site scripting (XSS) vulnerability in the preview form in Stephen Ostermiller Contact Form before 2.00.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that contain an apostrophe. | 4.3 |
2007-06-22 | CVE-2007-3344 | Netjukebox | Cross-Site Scripting vulnerability in Netjukebox 4.01B Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a) index.php; and the (6) url parameter to (b) ridirect.php. | 4.3 |
2007-06-22 | CVE-2007-3343 | Raidenhttpd | Cross Site Scripting vulnerability in RaidenHTTPD Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-06-21 | CVE-2007-3342 | SIX Apart | Cross-Site Scripting vulnerability in Movable Type Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in a javascript: URI or (2) an attribute in an element that lacks the '>' character at the end of the start tag, a different vulnerability than CVE-2007-0231. | 4.3 |
2007-06-21 | CVE-2007-3339 | Fusetalk | Cross-Site Scripting vulnerability in Fusetalk Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | 4.3 |
2007-06-21 | CVE-2007-3330 | Stphp | Script HTML Injection vulnerability in Stphp Easynews 4.0 Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization. | 4.3 |
2007-06-21 | CVE-2007-3328 | Interact | Cross-Site Scripting vulnerability in Interact 2.4Beta1 Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) module_key parameter to (a) kb/kb.php, (b) quiz/runquiz.php, (c) quiz/quiz.php, (d) forum/forum.php, (e) forum/byname.php, and (f) journal/journalview.php in modules/, and unspecified other scripts; the (2) tag_key parameter to modules/journal/journalview.php; the (3) user_group_key parameter to (g) users/secureaccounts.php; and (4) the request_uri parameter to (h) login.php. | 4.3 |
2007-06-21 | CVE-2007-3324 | Comersus Open Technologies | Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Cart 7.07 Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart 7.07 allow remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter to (1) comersus_customerAuthenticateForm.asp or (2) comersus_message.asp, different vectors than CVE-2004-0681. | 4.3 |
2007-06-21 | CVE-2007-3310 | Tdizin | Cross-Site Scripting vulnerability in TDizin Arama.ASP Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. | 4.3 |
2007-06-20 | CVE-2007-3299 | Awffull | Cross-Site Scripting vulnerability in AWFFull Log File Referer Field Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string. | 4.3 |
2007-06-20 | CVE-2007-3291 | Livecms | Cross-Site Scripting vulnerability in Livecms Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | 4.3 |
2007-06-20 | CVE-2007-3288 | Skeltoac | HTML Injection vulnerability in Skeltoac Automattic Stats 1.0 Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. | 4.3 |
2007-06-19 | CVE-2007-3281 | PHP Hosting Biller | Cross-Site Scripting vulnerability in PHP Hosting Biller PHP Hosting Biller 1.0 Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
2007-06-19 | CVE-2007-3276 | Siteatschool | Cross-Site Scripting vulnerability in Siteatschool 2.4.10 Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
2007-06-19 | CVE-2007-3274 | Microsoft Apple | Resource Management Errors vulnerability in Apple Safari 3.0/3.0.1 Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | 4.3 |
2007-06-19 | CVE-2007-3267 | Fuzzylime Forum | Cross-Site Scripting vulnerability in Fuzzylime forum Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | 4.3 |
2007-06-19 | CVE-2007-3265 | IBM | Cross-Site Scripting vulnerability in Websphere Application Server Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-06-19 | CVE-2007-3261 | Dkret | HTML Injection vulnerability in DKret Search Widget Cross-site scripting (XSS) vulnerability in widgets/widget_search.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | 4.3 |
2007-06-18 | CVE-2007-3249 | Joomla | Cross-Site Scripting vulnerability in Joomla! Letterman Subscriber Module Mod_Lettermansubscribe.PHP Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter. | 4.3 |
2007-06-18 | CVE-2007-3101 | Apache | Cross-Site Scripting vulnerability in Apache Myfaces Tomahawk 1.1.5 Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-06-19 | CVE-2007-3269 | Papoo | HTML Injection vulnerability in Papoo CMS Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 before 20070611 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in a GET request or (2) the Title field of a visitor comment, and (3) allow remote authenticated users to inject arbitrary web script or HTML via a message to another user. | 3.5 |
2007-06-19 | CVE-2007-3129 | Utopia Software | Cross-Site Scripting vulnerability in Utopia News Pro Login.PHP Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter. | 2.6 |
2007-06-22 | CVE-2007-3372 | Avahi | Denial Of Service vulnerability in Avahi Empty TXT Data The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. | 2.1 |
2007-06-22 | CVE-2007-3337 | Ingres | Remote vulnerability in Ingress Database Server wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file. | 2.1 |