Weekly Vulnerabilities Reports > June 25 to July 1, 2007

Overview

150 new vulnerabilities reported during this period, including 16 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 118 products from 86 vendors including Microsoft, WEB APP ORG, Debian, Apple, and Wireshark. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 139 reported vulnerabilities are remotely exploitables.
  • 32 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 135 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 14 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

16 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-29 CVE-2007-3500 Xeforum Permissions, Privileges, and Access Controls vulnerability in Xeforum

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

10.0
2007-06-29 CVE-2007-3488 Sony Buffer Overflow vulnerability in Sony Network Camera Snc-P5 1.0

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.

10.0
2007-06-28 CVE-2007-3483 RIM Remote Security vulnerability in Blackberry Enterprise Server 4.0/4.1

Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.

10.0
2007-06-27 CVE-2007-3465 Sofaware Remote Security vulnerability in Safe At Office 500 Utm

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, has a certain default password.

10.0
2007-06-27 CVE-2007-3455 Trend Micro Permissions, Privileges, and Access Controls vulnerability in Trend Micro Officescan 8.0

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string, related to "stored decrypted user logon information."

10.0
2007-06-27 CVE-2007-3454 Trend Micro Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trend Micro Officescan 7.3/8.0

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified CGI programs that use this library.

10.0
2007-06-26 CVE-2007-2442 MIT
Debian
Canonical
The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.
10.0
2007-06-30 CVE-2007-3504 Microsoft
SUN
Path Traversal vulnerability in SUN Jdk, JRE and SDK

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself.

9.3
2007-06-29 CVE-2007-3489 Checkpoint Cross-Site Request Forgery vulnerability in Checkpoint Vpn-1 UTM Edge 7.0.33

Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account.

9.3
2007-06-27 CVE-2007-3435 RKD Software Buffer Overflow vulnerability in RKD Software Barcode Activex 4.9

Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.

9.3
2007-06-26 CVE-2007-3410 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products

Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.

9.3
2007-06-26 CVE-2007-2951 Kvirc Remote Command Execution vulnerability in Kvirc IRC Client 3.2.0

The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.

9.3
2007-06-26 CVE-2007-3400 Nctsoft Improper Input Validation vulnerability in Nctsoft Nctaudioeditor and Nctaudiostudio

The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.

9.3
2007-06-25 CVE-2007-3376 Microsoft
Apple
Buffer Overflow vulnerability in Apple Safari 3.0.2

Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds the page as a bookmark.

9.3
2007-06-25 CVE-2007-2399 Apple Remote Code Execution vulnerability in Apple WebKit Invalid Type Conversion

WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

9.3
2007-06-26 CVE-2007-2798 MIT
Canonical
Debian
Out-Of-Bounds Write vulnerability in multiple products

Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.

9.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-27 CVE-2007-3464 Sofaware Denial-Of-Service vulnerability in Safe At Office 500 Utm

Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.

8.5
2007-06-26 CVE-2007-2443 MIT
Debian
Canonical
Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.
8.3
2007-06-29 CVE-2006-7214 Firebirdsql Remote vulnerability in Firebirdsql Firebird 1.5

Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.

7.8
2007-06-28 CVE-2007-3482 Microsoft
Apple
Cross-Site Scripting vulnerability in Apple Safari

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.

7.8
2007-06-28 CVE-2007-3470 SUN Buffer Denial of Service vulnerability in SUN Solaris 10.0

Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors related to "memory buffers" of Secure Socket Layer (SSL) records.

7.8
2007-06-27 CVE-2007-3468 Videolan Denial-Of-Service vulnerability in VLC media player

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.

7.8
2007-06-27 CVE-2007-3467 Videolan Denial-Of-Service vulnerability in VLC media player

Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.

7.8
2007-06-27 CVE-2007-1792 Symantec Remote Denial Of Service vulnerability in Symantec Mail Security 5.0.0/5.0.1

libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".

7.8
2007-06-27 CVE-2007-3438 Nortel Remote Security vulnerability in Nortel SIP Softphone 4.13.5.208

Buffer overflow in the SIP header parsing module in the Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows remote attackers to execute arbitrary code via a malformed message, a different vulnerability than CVE-2007-3361.

7.8
2007-06-27 CVE-2007-3437 Microsoft
AOL
Denial-Of-Service vulnerability in AOL Instant Messenger 6.1.32.1

AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote attackers to cause a denial of service (application crash) via a malformed header value in a SIP INVITE message, a different vulnerability than CVE-2007-3350.

7.8
2007-06-26 CVE-2007-3391 Wireshark Improper Input Validation vulnerability in Wireshark 0.99.5

Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.

7.8
2007-06-30 CVE-2007-3502 Kaspersky LAB Authentication Bypass vulnerability in Kaspersky Anti-Spam Unauthorized Directory Access

Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.

7.5
2007-06-29 CVE-2007-3493 Microsoft
Nctsoft Products
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
7.5
2007-06-29 CVE-2007-3491 Progress Remote Security vulnerability in Progress Openedge 10.1A/10.1B/9.1E

Buffer overflow in _mprosrv in Progress Software OpenEdge before 9.1E0422, and 10.x before 10.1B01, allows remote attackers to have an unknown impact via a malformed TCP/IP message.

7.5
2007-06-29 CVE-2007-3490 Microsoft Remote Denial Of Service vulnerability in Microsoft Excel 2003

Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.

7.5
2007-06-27 CVE-2007-3461 Elkagroup SQL Injection vulnerability in Elkagroup Image Gallery 1.0

SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2007-06-27 CVE-2007-3460 EVA WEB Remote File Include vulnerability in Eva-Web Index.PHP3

Multiple PHP remote file inclusion vulnerabilities in index.php3 in EVA-Web 1.1 through 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) aide or (2) perso parameter.

7.5
2007-06-27 CVE-2007-3453 Papoo SQL Injection vulnerability in Papoo SelmenuID Parameter

SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.

7.5
2007-06-27 CVE-2007-3452 Edocstore SQL-Injection vulnerability in eDocStore

SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.

7.5
2007-06-27 CVE-2007-3446 Bugmall Unspecified vulnerability in Bugmall Shopping Cart

BugMall Shopping Cart 2.5 and earlier has a default username "demo" and password "demo," which allows remote attackers to obtain login access.

7.5
2007-06-27 CVE-2007-3433 Netart Media SQL Injection vulnerability in Pharmacy System

SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.

7.5
2007-06-27 CVE-2007-3432 Pluxml File-Upload vulnerability in Pluxml 0.3.1

Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.

7.5
2007-06-27 CVE-2007-3430 Simple Invoices SQL Injection vulnerability in Simple Invoices Simple Invoices 20070525

SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.

7.5
2007-06-27 CVE-2007-3428 Zoneo Soft Remote Security vulnerability in phpTrafficA

Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

7.5
2007-06-27 CVE-2007-3427 Zoneo Soft SQL-Injection vulnerability in phpTrafficA

SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.

7.5
2007-06-26 CVE-2007-3424 WEB APP ORG Remote Security vulnerability in WebAPP

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3423 WEB APP ORG Remote Security vulnerability in WebAPP

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3422 WEB APP ORG Remote Security vulnerability in WebAPP

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid URL encoding sequences, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3421 WEB APP ORG Remote Security vulnerability in WebAPP

The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3420 WEB APP ORG Remote Security vulnerability in WebAPP

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3419 WEB APP ORG Remote Security vulnerability in WebAPP

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.

7.5
2007-06-26 CVE-2007-3415 Phpraider SQL Injection vulnerability in PHPraider 1.0.0Rc8

Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.

7.5
2007-06-26 CVE-2007-3411 Clicktech SQL-Injection vulnerability in Clicktech Clickgallery 5.1

SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

7.5
2007-06-26 CVE-2007-3408 DIA Remote Security vulnerability in DIA

Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have unspecified attack vectors and impact, probably involving the use of vulnerable FreeType libraries that contain CVE-2007-2754 and/or CVE-2007-1351.

7.5
2007-06-26 CVE-2007-3403 Dreamlog Unspecified vulnerability in Dreamlog 0.5

Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.

7.5
2007-06-26 CVE-2007-3402 Pagetool SQL Injection vulnerability in Pagetool 1.07

SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.

7.5
2007-06-26 CVE-2007-3401 B1G Remote File Include vulnerability in B1G B1Gbb 2.24

PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter.

7.5
2007-06-26 CVE-2007-3399 Phpee SQL Injection vulnerability in PHPee Power Phlogger 2.2.2/2.2.3/2.2.4

SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.

7.5
2007-06-26 CVE-2007-3394 Endonesia Scripts Multiple SQL Injection vulnerability in Endonesia 8.4

Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to banners.php in a click action.

7.5
2007-06-28 CVE-2007-3471 SUN Local Buffer Overflow vulnerability in SUN Solaris 10.0/8.0/9.0

Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors.

7.2
2007-06-28 CVE-2007-3480 PC Soft Denial-Of-Service vulnerability in PC Soft Windev 11

PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.

7.1

89 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-29 CVE-2007-3494 Papoo Authentication Bypass vulnerability in Papoo Plugin.PHP

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to (1) read the entire database by accessing the database backup plugin via a devtools/templates/newdump_backend.html argument in the template parameter to interna/plugin.php, (2) create plugins, (3) remove plugins, (4) enable debug mode, and have other unspecified impact.

6.8
2007-06-29 CVE-2007-3492 Conti Denial of Service vulnerability in Conti Ftpserver 1.0

Conti FtpServer 1.0 allows remote authenticated users to cause a denial of service (daemon crash) via a certain string containing "//A:" in the argument to the LIST command.

6.8
2007-06-29 CVE-2007-3378 PHP Permissions, Privileges, and Access Controls vulnerability in PHP

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

6.8
2007-06-29 CVE-2006-7212 Firebirdsql Remote vulnerability in Firebirdsql Firebird 1.5

Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors.

6.8
2007-06-28 CVE-2007-3479 PC Soft Stack Buffer Overflow vulnerability in PC Soft Windev 11

Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.

6.8
2007-06-27 CVE-2007-3450 Gorani Network SQL-Injection vulnerability in 6Alblog

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter.

6.8
2007-06-27 CVE-2007-3449 Gorani Network SQL Injection vulnerability in 6ALBlog Member.PHP

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

6.8
2007-06-27 CVE-2007-3447 Bugmall SQL Injection vulnerability in Bugmall Shopping Cart 2.5

SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.

6.8
2007-06-27 CVE-2007-3431 Valerio Capello Remote File Include vulnerability in Valerio Capello Dagger - the Cutting Edge R23Jan2007

PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger - The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter.

6.8
2007-06-27 CVE-2007-3429 E107 Unspecified vulnerability in E107

Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.

6.8
2007-06-26 CVE-2006-7208 Adam VAN Dongen Improper Input Validation vulnerability in Adam VAN Dongen COM Forum and PHPbb Component

PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

6.8
2007-06-26 CVE-2007-3183 Vincent HOR SQL Injection vulnerability in Vincent HOR Calendarix 0.7.20070307

Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters to calendar.php and the (3) search string to cal_search.php.

6.8
2007-06-26 CVE-2007-2520 Frank Mancuso SQL Injection vulnerability in Frank Mancuso Mynews 0.10

SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.

6.8
2007-06-25 CVE-2007-3375 Lhaca Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Lhaca File Archiver

Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.

6.8
2007-06-27 CVE-2007-3255 Xythos Input Validation vulnerability in Xythos Enterprise Document Manager

Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header.

6.5
2007-06-27 CVE-2007-3451 Gorani Network Remote File Include vulnerability in 6ALBlog

PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter.

6.5
2007-06-26 CVE-2007-3418 WEB APP ORG Remote Security vulnerability in WebAPP

The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.

6.5
2007-06-29 CVE-2007-3499 Slackroll Denial-Of-Service vulnerability in Slackroll 7

SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as evidence of a valid signature, which allows remote Slackware mirror sites or man-in-the-middle attackers to cause a denial of service (data inconsistency) or possibly install Trojan horse packages via malformed gpg signatures.

6.4
2007-06-29 CVE-2007-3487 HP Path Traversal vulnerability in HP Photo Digital Imaging Activex Control 2.0.0.133

Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.

6.4
2007-06-27 CVE-2007-3459 Civiltech Unspecified vulnerability in Civiltech Avax Vector Activex 1.3

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.

6.4
2007-06-27 CVE-2007-3440 Snom Remote Phone Dialing Unauthorized Access vulnerability in Snom 320 Linux 3.25

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to place calls to arbitrary phone numbers via certain requests to the web server on port 1800.

6.4
2007-06-27 CVE-2007-3462 Sofaware Cross-Site Request Forgery vulnerability in Sofaware Safe AT Office 500 UTM Embeddedngx7.0.39Ga

Cross-site request forgery (CSRF) vulnerability in Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, allows remote attackers to execute commands as arbitrary users, and disable firewalling of the protected network.

6.0
2007-06-29 CVE-2006-7213 Firebirdsql Remote vulnerability in Firebirdsql Firebird 1.5

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.

5.5
2007-06-29 CVE-2007-3497 Microsoft Remote Security vulnerability in Microsoft IE 7.0

Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.

5.0
2007-06-28 CVE-2007-3481 Microsoft Buffer Errors vulnerability in Microsoft IE 6/7

** DISPUTED ** Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.

5.0
2007-06-28 CVE-2007-3477 Libgd Resource Management Errors vulnerability in Libgd GD Graphics Library 2.0.33/2.0.34/2.0.35

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

5.0
2007-06-28 CVE-2007-2800 Eticket Information Disclosure vulnerability in eTicket

index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.

5.0
2007-06-27 CVE-2007-3258 Vincent HOR Information Disclosure vulnerability in Vincent HOR Calendarix 0.7.20070307

calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call, and reveals the installation path in the error message.

5.0
2007-06-27 CVE-2007-1863 Apple Unspecified vulnerability in Apple mac OS X Server

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

5.0
2007-06-27 CVE-2006-7210 Microsoft Denial of Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.

5.0
2007-06-27 CVE-2007-3441 Aastra Telecom Denial-Of-Service vulnerability in Aastra Telecom 9112I SIP Phone Firmware1.4.0.1048

Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349.

5.0
2007-06-27 CVE-2007-3439 Snom Remote Unauthorized Access vulnerability in Snom 320 Linux 3.25

The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, and snom320 jffs23.36, allows remote attackers to read a list of missed calls, received calls, and dialed numbers via a direct request to the web server on port 1800.

5.0
2007-06-27 CVE-2007-3436 Microsoft Denial-Of-Service vulnerability in Microsoft MSN Messenger 4.7

Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to cause a denial of service (resource consumption) via a flood of SIP INVITE requests to the port specified for voice conversation.

5.0
2007-06-27 CVE-2007-3434 Netart Media Information Disclosure vulnerability in Pharmacy System

index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the page parameter, which reveals the table prefix in an error message.

5.0
2007-06-27 CVE-2007-3425 Zoneo Soft Unspecified vulnerability in Zoneo-Soft PHPtraffica

Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.

5.0
2007-06-27 CVE-2007-1665 Debian
EKG
Remote Denial of Service vulnerability in EKG 20050411

Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

5.0
2007-06-27 CVE-2007-1664 Debian
EKG
Remote Denial of Service vulnerability in EKG 20050411

ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.

5.0
2007-06-27 CVE-2007-1663 Debian
EKG
Remote Denial of Service vulnerability in EKG 20050411

Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

5.0
2007-06-26 CVE-2007-3416 WEB APP ORG
WEB APP NET
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Multiple cross-site request forgery (CSRF) vulnerabilities in the administration of (1) polls, (2) profiles, (3) IP bans, and (4) forums in (a) web-app.org WebAPP 0.8 through 0.9.9.6; and (b) web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators.

5.0
2007-06-26 CVE-2007-3407 Sergey Lyubka Information Disclosure vulnerability in Sergey Lyubka Simple Httpd 1.38

Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).

5.0
2007-06-26 CVE-2007-3404 Sitedepth Local File Include vulnerability in Sitedepth CMS 3.44

Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a ..

5.0
2007-06-26 CVE-2007-3398 Perception Remote Denial of Service vulnerability in Perception Liteweb 2.7

LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages.

5.0
2007-06-26 CVE-2007-3397 IBM Information Disclosure vulnerability in IBM WebSphere Application Server Closed Connection

The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information.

5.0
2007-06-26 CVE-2007-3259 Vincent HOR Information Disclosure vulnerability in Vincent HOR Calendarix 0.7.20070307

Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to yearcal.php, or (4) a direct request to cal_functions.inc.php, which reveals the installation path in various error messages.

5.0
2007-06-26 CVE-2007-3393 Wireshark Protocol Denial of Service vulnerability in Wireshark

Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.

5.0
2007-06-26 CVE-2007-3392 Wireshark Protocol Denial of Service vulnerability in Wireshark

Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.

5.0
2007-06-26 CVE-2007-3390 Wireshark Protocol Denial of Service vulnerability in Wireshark

Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.

5.0
2007-06-26 CVE-2007-3389 Wireshark Improper Input Validation vulnerability in Wireshark

Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.

5.0
2007-06-25 CVE-2007-3373 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Cluster Suite

daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear a buffer for reading requests, which might allow local users to obtain sensitive information from previous requests.

5.0
2007-06-29 CVE-2006-7211 Firebirdsql Remote vulnerability in Firebirdsql Firebird 1.5

fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.

4.9
2007-06-28 CVE-2007-3469 SUN Local Denial of Service vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.

4.9
2007-06-27 CVE-2007-3458 SUN Local Denial of Service vulnerability in SUN Solaris 10.0/8.0/9.0

The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.

4.9
2007-06-26 CVE-2007-3104 Linux
Redhat
Resource Management Errors vulnerability in Linux Kernel 2.6.0

The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.

4.9
2007-06-27 CVE-2007-3463 Microsoft Unspecified vulnerability in Microsoft Windows XP

** DISPUTED ** Microsoft Windows XP SP2 allows local users, who have sessions created by another user's RunAs (run as) command, to kill arbitrary processes of this other user, as demonstrated by the taskkill program.

4.6
2007-06-26 CVE-2007-0773 Redhat Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users to cause a denial of service (kernel OOPS from null dereference) via fput in a 32-bit ioctl on 64-bit x86 systems, an incomplete fix of CVE-2005-3044.1.

4.6
2007-06-25 CVE-2007-3374 Redhat Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redhat Cluster Suite

Buffer overflow in cluster/cman/daemon/daemon.c in cman (redhat-cluster-suite) before 20070622 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via long client messages.

4.6
2007-06-30 CVE-2007-3503 Oracle Cross-Site Scripting vulnerability in Oracle JDK 1.5.0/1.6.0

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-06-30 CVE-2007-3501 Directadmin Cross-Site Scripting vulnerability in DirectAdmin Domain Parameter

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.

4.3
2007-06-30 CVE-2007-2801 Eticket Cross-Site Scripting vulnerability in Eticket 1.5.5/1.5.5.1

Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.

4.3
2007-06-29 CVE-2007-3498 Htmlpurifier Cross-Site Scripting vulnerability in Htmlpurifier 2.0.0

Cross-site scripting (XSS) vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped print_r output."

4.3
2007-06-29 CVE-2007-3496 SAP Cross-Site Scripting vulnerability in Netweaver Nw04

Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java (BC-WD-JAV) in SAP NetWeaver Nw04 SP15 through SP19 and Nw04s SP7 through SP11, aka SAP Java Technology Services 640 before SP20 and SAP Web Dynpro Runtime Core Components 700 before SP12, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

4.3
2007-06-29 CVE-2007-3495 SAP Cross-Site Scripting vulnerability in SAP Basis Component 640 and SAP Basis Component 700

Multiple cross-site scripting (XSS) vulnerabilities in the SAP Internet Communication Framework (BC-MID-ICF) in the SAP Basis component 700 before SP12, and 640 before SP20, allow remote attackers to inject arbitrary web script or HTML via certain parameters associated with the default login error page.

4.3
2007-06-28 CVE-2007-3486 Altavista Cross-Site Scripting vulnerability in Search Engine

Cross-site scripting (XSS) vulnerability in AltaVista search engine allows remote attackers to inject arbitrary web script or HTML via the text parameter to the default URI.

4.3
2007-06-28 CVE-2007-3485 Yandex Cross-Site Scripting vulnerability in Yandex.Server

Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.

4.3
2007-06-28 CVE-2007-3484 Google Cross-Site Scripting vulnerability in Google Custom Search Engine

** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2007-06-28 CVE-2007-3478 GD Graphics Library Race Condition vulnerability in GD Graphics Library Gdlib

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

4.3
2007-06-28 CVE-2007-3476 GD Graphics Library Numeric Errors vulnerability in GD Graphics Library Gdlib

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.

4.3
2007-06-28 CVE-2007-3475 GD Graphics Library Multiple vulnerability in GD Graphics Library

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.

4.3
2007-06-28 CVE-2007-3473 Libgd Multiple vulnerability in GD Graphics Library

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

4.3
2007-06-28 CVE-2007-3472 Libgd Numeric Errors vulnerability in Libgd GD Graphics Library 2.0.33/2.0.34/2.0.35

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

4.3
2007-06-27 CVE-2006-5752 Apache Unspecified vulnerability in Apache Http Server 2.2.0/2.2.3/2.2.4

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

4.3
2007-06-27 CVE-2007-3448 Bugmall Cross-Site Scripting vulnerability in Bugmall Shopping Cart

Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter.

4.3
2007-06-27 CVE-2007-3445 Microsoft
SJ Labs
Securecomputing
Denial-Of-Service vulnerability in SJ Labs Sjphone 1.60.303C

Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows Mobile 2003 on the Samsung SCH-i730 phone, allows remote attackers to cause a denial of service (device hang and call termination) via a malformed SIP INVITE message, a different vulnerability than CVE-2007-3351.

4.3
2007-06-27 CVE-2007-3444 RIM Unspecified vulnerability in RIM Blackberry 7270 and Blackberry Software

The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows remote attackers to cause a denial of service (blocked call reception) via a malformed SIP invite message, possibly related to multiple format string specifiers in the From field, a spoofed source IP address, and limitations of the function stack frame.

4.3
2007-06-27 CVE-2007-3426 Zoneo Soft Cross-Site Scripting vulnerability in phpTrafficA

Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2007-06-27 CVE-2006-7209 Zoneo Soft Cross-Site Scripting vulnerability in phpTrafficA

Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.

4.3
2007-06-26 CVE-2007-3417 WEB APP ORG Cross-Site Scripting vulnerability in WebAPP

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the (1) process_search or (2) show_recent_searches function.

4.3
2007-06-26 CVE-2007-3414 Access2Asp Cross-Site Scripting vulnerability in access2asp

Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp.

4.3
2007-06-26 CVE-2007-3413 Bitego Cross-Site Scripting vulnerability in Bosdatagrid

Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GridSearch, (2) gsearch, or (3) ParentID parameter to an unspecified component.

4.3
2007-06-26 CVE-2007-3412 Clicktech Cross-Site Scripting vulnerability in Clicktech Clickgallery 5.1

Cross-site scripting (XSS) vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter.

4.3
2007-06-26 CVE-2007-3409 Nlnet Labs Multiple vulnerability in Perl Net::DNS Remote

Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.

4.3
2007-06-26 CVE-2007-3406 Microsoft Unspecified vulnerability in Microsoft IE 6

Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.

4.3
2007-06-26 CVE-2007-3405 Lebisoft Cross-Site Scripting vulnerability in Lebisoft Zdefter 4.0

Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters.

4.3
2007-06-26 CVE-2007-3396 KEY Focus Cross-Site Scripting vulnerability in KEY Focus KF web Server 3.1.0

Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter.

4.3
2007-06-26 CVE-2007-3182 Vincent HOR Cross-Site Scripting vulnerability in Vincent HOR Calendarix 0.7.20070307

Multiple cross-site scripting (XSS) vulnerabilities in Calendarix 0.7.20070307, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) month parameters to calendar.php, and the (3) leftfooter parameter to cal_footer.inc.php.

4.3
2007-06-25 CVE-2007-3377 Nlnet Labs Multiple vulnerability in Perl Net::DNS Remote

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

4.3
2007-06-25 CVE-2007-2401 Apple Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server

CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function.

4.3
2007-06-25 CVE-2007-2400 Apple
Microsoft
Race Condition vulnerability in Apple Iphone and Safari

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

4.3
2007-06-27 CVE-2007-3256 Xythos Input Validation vulnerability in Xythos products

Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution.

4.0

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-06-27 CVE-2007-3254 Xythos Input Validation vulnerability in Xythos Enterprise Document Manager 5.0/6.0

Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file.

3.5
2007-06-28 CVE-2007-3474 Libgd Multiple vulnerability in Libgd GD Graphics Library 2.0.33/2.0.34/2.0.35

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.

2.6
2007-06-27 CVE-2007-3443 Research IN Motion Limited Denial Of Service vulnerability in BlackBerry 7270 SIP Header

The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does not properly manage transaction states, which allows remote attackers to cause a denial of service (temporary device hang) by sending a certain SIP INVITE message, but not providing an ACK when the call is answered.

2.3
2007-06-27 CVE-2007-3442 Research IN Motion Limited Denial-Of-Service vulnerability in Blackberry 7270

Format string vulnerability on the Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 allows remote attackers to cause a denial of service (blocked call reception and calling) via format string specifiers in an SIP INVITE message that lacks a host name in the Contact header.

2.3