Weekly Vulnerabilities Reports > July 2 to 8, 2007
Overview
110 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 48 high severity vulnerabilities. This weekly summary report vulnerabilities in 96 products from 80 vendors including Vtiger, SAP, Debian, QT Cute, and Vastal I Tech. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Integer Overflow or Wraparound", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 103 reported vulnerabilities are remotely exploitables.
- 40 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 89 reported vulnerabilities are exploitable by an anonymous user.
- Vtiger has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Sweetphp has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
5 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-03 | CVE-2007-3515 | Sweetphp | SQL Injection vulnerability in TotalCalendar View_Event Script SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 10.0 |
2007-07-06 | CVE-2007-3611 | Vrnews | Remote Security vulnerability in Vrnews 1.1.1 admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter. | 9.3 |
2007-07-05 | CVE-2007-3572 | Yoggie | Remote Code Execution vulnerability in Yoggie Pico and Pico Pro Backticks Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences). | 9.3 |
2007-07-03 | CVE-2007-3512 | Wakwak | Remote Security vulnerability in Lhaca File Archiver Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375. | 9.3 |
2007-07-02 | CVE-2007-3507 | Flac123 | Local__VCentry_Parse_Value() Stack Buffer Overflow vulnerability in Flac123 Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length. | 9.3 |
48 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-06 | CVE-2007-3599 | Vtiger | Remote Security vulnerability in vtiger CRM vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. | 8.5 |
2007-07-06 | CVE-2007-3597 | ZEN Cart | Improper Authentication vulnerability in ZEN Cart ZEN Cart Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter. | 8.5 |
2007-07-03 | CVE-2007-3514 | Apple | Security Bypass vulnerability in Apple Safari 3.0.2 Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. | 8.5 |
2007-07-06 | CVE-2007-3615 | Microsoft SAP | Denial of Service vulnerability in SAP products Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. | 7.8 |
2007-07-03 | CVE-2007-3552 | Bbs100 | Denial of Service vulnerability in BBS100 Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions. | 7.8 |
2007-07-03 | CVE-2007-3547 | QT Cute | Local File Include vulnerability in Qt-Cute Quickticket 1.2 Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a .. | 7.8 |
2007-07-03 | CVE-2007-3537 | IBM | Unspecified vulnerability in IBM OS 400 IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | 7.8 |
2007-07-03 | CVE-2007-3529 | Phpdirector | Information Disclosure vulnerability in PHPDirector videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message. | 7.8 |
2007-07-03 | CVE-2007-3525 | Ripe Website Manager | Remote File Include and Information Disclosure vulnerability in Ripe Website Manager Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 7.8 |
2007-07-06 | CVE-2007-3606 | SAP | ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function. | 7.6 |
2007-07-06 | CVE-2007-3605 | SAP | Stack Buffer Overflow vulnerability in SAP EnjoySAP KWEdit.DLL ActiveX Control Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function. | 7.6 |
2007-07-04 | CVE-2007-3554 | HP | Buffer Overflow vulnerability in HP Instant Support ActiveX Control Driver Check Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function. | 7.6 |
2007-07-03 | CVE-2007-3536 | AMX | Buffer Overflow vulnerability in AMX Netlinx VNC Activex Control 1.0.13.0 Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values. | 7.6 |
2007-07-06 | CVE-2007-3614 | SAP | Buffer Overflow vulnerability in SAP DB Web Server WAHTTP.EXE Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields." | 7.5 |
2007-07-06 | CVE-2007-3612 | Visual IRC | Buffer Overflow vulnerability in Visual IRC Visual IRC 2.0 Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command. | 7.5 |
2007-07-06 | CVE-2007-3610 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech PHPvid 0.9.9 SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2007-07-06 | CVE-2007-3609 | Emeeting | SQL Injection vulnerability in Emeeting Online Dating Software 5.2 Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors. | 7.5 |
2007-07-05 | CVE-2007-3589 | B1G | SQL Injection vulnerability in B1G B1Gbb 2.24 Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php. | 7.5 |
2007-07-05 | CVE-2007-3588 | Vbzoom | SQL-Injection vulnerability in Vbzoom 1.12 SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. | 7.5 |
2007-07-05 | CVE-2007-3587 | Mycms | Input Validation vulnerability in MyCMS MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php. | 7.5 |
2007-07-05 | CVE-2007-3586 | Mycms | Code Injection vulnerability in Mycms Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. | 7.5 |
2007-07-05 | CVE-2007-3585 | Mycms | Input Validation vulnerability in MyCMS PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | 7.5 |
2007-07-05 | CVE-2007-3584 | Postnuke Software Foundation | SQL-Injection vulnerability in Pnphpbb2 SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. | 7.5 |
2007-07-05 | CVE-2007-3583 | Girlserv | SQL Injection vulnerability in Girlserv Ads Details_News.PHP SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. | 7.5 |
2007-07-05 | CVE-2007-3582 | Inforest Communications | SQL Injection vulnerability in Inforest Communications Supercali 0.4.0 SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. | 7.5 |
2007-07-05 | CVE-2007-3575 | Freedomain CO NR | SQL Injection vulnerability in Freedomain.Co.Nr Clone 1.0 SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. | 7.5 |
2007-07-05 | CVE-2007-3570 | Novell | Security Bypass vulnerability in Novell Access Manager 3 The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request. | 7.5 |
2007-07-05 | CVE-2007-3567 | Mysqldumper | Authentication Bypass vulnerability in MySQLDumper Apache Access Control MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests. | 7.5 |
2007-07-05 | CVE-2007-3011 | Fujitsu | Remote Command Execution vulnerability in Fujitsu ServerView DBASCIIAccess The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter. | 7.5 |
2007-07-04 | CVE-2007-3563 | Avscripts | SQL Injection vulnerability in Avscripts AV Arcade 2.1B SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | 7.5 |
2007-07-04 | CVE-2007-3562 | PHP Director | SQL Injection vulnerability in PHPDirector 'videos.php' SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-04 | CVE-2007-3560 | Esqlanelapse | Multiple Unspecified vulnerability in Esqlanelapse Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors. | 7.5 |
2007-07-04 | CVE-2007-3558 | Coppermine | SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component. | 7.5 |
2007-07-03 | CVE-2007-3549 | Vastal I Tech | SQL Injection vulnerability in Vastal I-Tech Buddy Zone 1.5 SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |
2007-07-03 | CVE-2007-3539 | QT Cute | SQL Injection vulnerability in Qt-Cute Quicktalk Forum and Quickticket Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. | 7.5 |
2007-07-03 | CVE-2007-3538 | QT Cute | SQL Injection vulnerability in Qt-Cute Quicktalk Guestbook 1.2 SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-03 | CVE-2007-3534 | Daniel Toma | SQL Injection vulnerability in Daniel Toma Webchat 0.78 SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | 7.5 |
2007-07-03 | CVE-2007-3526 | Vastal I Tech | SQL Injection vulnerability in Buddy Zone Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php. | 7.5 |
2007-07-03 | CVE-2007-3521 | Arcadebuilder | SQL Injection vulnerability in Arcadebuilder Game Portal Manager 1.7 SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie. | 7.5 |
2007-07-03 | CVE-2007-3520 | Easybe | SQL Injection vulnerability in Easybe 1-2-3 Music Store Process.PHP Script SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | 7.5 |
2007-07-03 | CVE-2007-3519 | Wesmo | SQL Injection vulnerability in PHPEventCalendar Eventdisplay.PHP Script SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-03 | CVE-2007-3518 | Hispah | SQL Injection vulnerability in HispaH Youtube Clone MSG.PHP Script SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-02 | CVE-2007-3506 | Freetype | Remote Buffer Overflow vulnerability in FreeType Bitmap Font Handling The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug." | 7.5 |
2007-07-05 | CVE-2007-2839 | Debian | Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2 gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors. | 7.2 |
2007-07-03 | CVE-2007-3530 | Phpdirector | Local Security vulnerability in PHPDirector PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file. | 7.2 |
2007-07-03 | CVE-2007-2838 | Debian Gsambad | Unspecified vulnerability in Gsambad 0.1.4 The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file. | 7.2 |
2007-07-03 | CVE-2007-3548 | W3Filer | Remote Buffer Overflow vulnerability in W3Filer 2.1.3 Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file. | 7.1 |
2007-07-03 | CVE-2007-3545 | Warzone | Buffer Overflow vulnerability in Warzone Long File Name Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music. | 7.1 |
52 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-05 | CVE-2007-3573 | Akocomment | SQL-Injection vulnerability in Akocomment Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. | 6.8 |
2007-07-04 | CVE-2007-3557 | Wheatblog | SQL Injection vulnerability in Wheatblog 1.1 SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. | 6.8 |
2007-07-04 | CVE-2007-2949 | Gimp Canonical | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. | 6.8 |
2007-07-03 | CVE-2007-3527 | Firebirdsql | Remote Denial Of Service vulnerability in Firebirdsql Firebird 2.0.0 Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data. | 6.8 |
2007-07-03 | CVE-2007-3524 | Ripe Website Manager | Remote File Include and Information Disclosure vulnerability in Ripe Website Manager Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php. | 6.8 |
2007-07-03 | CVE-2007-3522 | Sphpell | Remote File Include vulnerability in Sphpell 1.01 Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php. | 6.8 |
2007-07-03 | CVE-2007-2835 | Debian Unicon Imc2 | Buffer Overflow vulnerability in Unicon-Imc2 3.0.4 Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable. | 6.8 |
2007-07-06 | CVE-2007-3616 | Vtiger | Denial-Of-Service vulnerability in vtiger CRM index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. | 6.5 |
2007-07-06 | CVE-2007-3603 | Vtiger | SQL-Injection vulnerability in vtiger CRM SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. | 6.5 |
2007-07-06 | CVE-2007-3592 | Elite Bulletin Board | Input Validation vulnerability in Elite Bulletin Board PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields. | 6.5 |
2007-07-03 | CVE-2007-3544 | Wordpress | File-Upload vulnerability in WordPress Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. | 6.5 |
2007-07-03 | CVE-2007-3535 | Frank Karau | File-Upload vulnerability in GL-SH Deaf Forum Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-07-03 | CVE-2007-3523 | Groupeclan Free FR | Local File Include vulnerability in Groupeclan.Free.Fr Xcms 1.1 Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-07-02 | CVE-2007-3505 | QT Cute | Local File Include vulnerability in Qt-Cute Quicktalk Forum 1.3 Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-07-02 | CVE-2007-2836 | Hiki | Path Traversal vulnerability in Hiki Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout. | 6.4 |
2007-07-03 | CVE-2007-3551 | Bbs100 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bbs100 Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c. | 6.1 |
2007-07-03 | CVE-2007-3543 | Wordpress | Unspecified vulnerability in Wordpress and Wordpress MU Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. | 6.0 |
2007-07-06 | CVE-2007-3602 | Vtiger | Remote Security vulnerability in vtiger CRM The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. | 5.5 |
2007-07-06 | CVE-2007-3598 | Vtiger | Denial-Of-Service vulnerability in vtiger CRM index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. | 5.5 |
2007-07-06 | CVE-2007-3608 | SAP | ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors. | 5.0 |
2007-07-06 | CVE-2007-3607 | SAP | ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors. | 5.0 |
2007-07-06 | CVE-2007-3591 | Elite Bulletin Board | Input Validation vulnerability in Elite Bulletin Board Elite Bulletin Board 1.0.8/1.0.9 Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks. | 5.0 |
2007-07-05 | CVE-2007-3581 | Jedox | Remote Security vulnerability in Jedox Palo 1.5 The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View. | 5.0 |
2007-07-05 | CVE-2007-3568 | Imlib | Denial of Service vulnerability in ImLib BMP Image _LoadBMP Function The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | 5.0 |
2007-07-05 | CVE-2007-3012 | Fujitsu | Information Disclosure vulnerability in Fujitsu PRIMERGY BX300 Blade Server The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm. | 5.0 |
2007-07-04 | CVE-2007-3556 | Doubleflex | Information Disclosure vulnerability in Liesbeth Base CMS Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc. | 5.0 |
2007-07-03 | CVE-2007-3533 | 3Com | Remote Denial of Service vulnerability in 3Com 3Cnj220 2.0.22 The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field. | 5.0 |
2007-07-03 | CVE-2007-3528 | DAR | Unspecified vulnerability in DAR The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. | 5.0 |
2007-07-03 | CVE-2007-3513 | Linux | Denial Of Service vulnerability in Linux Kernel USBLCD Memory Consumption The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption). | 4.9 |
2007-07-06 | CVE-2007-3613 | SAP | Cross-Site Scripting vulnerability in SAP Internet Graphics Server PARAMS Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | 4.3 |
2007-07-06 | CVE-2007-3596 | Izzysoft | Unspecified vulnerability in PHPVideoPro inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS). | 4.3 |
2007-07-06 | CVE-2007-3593 | Adventnet | Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 5 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp. | 4.3 |
2007-07-05 | CVE-2007-3590 | B1G | Cross-Site Scripting vulnerability in B1G B1Gbb 2.24 Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | 4.3 |
2007-07-05 | CVE-2007-3574 | Linksys | Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06 Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. | 4.3 |
2007-07-05 | CVE-2007-3571 | Novell | Information Disclosure vulnerability in Groupwise The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address. | 4.3 |
2007-07-05 | CVE-2007-3569 | Softlink Europe | Cross-Site Scripting vulnerability in Oliver Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on. | 4.3 |
2007-07-04 | CVE-2007-3561 | Webixir | Cross-Site Scripting vulnerability in Webixir Efendy Blog 1.0 Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter. | 4.3 |
2007-07-04 | CVE-2007-3555 | Moodle | Cross-Site Scripting vulnerability in Moodle 1.7.1 Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | 4.3 |
2007-07-03 | CVE-2007-3553 | Oracle | Cross-Site Scripting vulnerability in Oracle Application Server and Rapid Install web Server Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. | 4.3 |
2007-07-03 | CVE-2007-3546 | Nessus | Script HTML Injection vulnerability in Nessus Windows GUI Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-03 | CVE-2007-3542 | Pluxml | Cross-Site Scripting vulnerability in Pluxml 0.3.1 Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
2007-07-03 | CVE-2007-3541 | Kurinton | Cross Site Scripting vulnerability in SHTTPd Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-03 | CVE-2007-3540 | Rainworx | Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 5.0 Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060. | 4.3 |
2007-07-03 | CVE-2007-3517 | Claroline | Cross-Site Scripting vulnerability in Claroline 1.8.3 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts. | 4.3 |
2007-07-03 | CVE-2007-3516 | Gorki Online | Cross-Site Scripting vulnerability in Gorki Online Santrac Sitesi Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp. | 4.3 |
2007-07-06 | CVE-2007-3617 | Vtiger | Remote Security vulnerability in vtiger CRM The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. | 4.0 |
2007-07-06 | CVE-2007-3604 | Vtiger | Remote Security vulnerability in vtiger CRM vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. | 4.0 |
2007-07-06 | CVE-2007-3600 | Vtiger | Remote Security vulnerability in vtiger CRM WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. | 4.0 |
2007-07-06 | CVE-2006-7219 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft. | 4.0 |
2007-07-06 | CVE-2006-7218 | EZ | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy. | 4.0 |
2007-07-05 | CVE-2006-7217 | Apache | Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | 4.0 |
2007-07-05 | CVE-2006-7216 | Apache | Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-03 | CVE-2007-2837 | Debian Fireflier | Unspecified vulnerability in Fireflier 1.1.6 The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. | 3.6 |
2007-07-04 | CVE-2007-3559 | PHP Fusion | Cross-Site Scripting vulnerability in PHP-Fusion 6.01.10/6.01.9 Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. | 3.5 |
2007-07-06 | CVE-2007-3594 | Adventnet | Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 6/7 Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do. | 2.6 |
2007-07-06 | CVE-2007-3601 | Vtiger | Remote Security vulnerability in vtiger CRM vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. | 2.1 |
2007-07-03 | CVE-2006-7215 | Intel | Local Denial Of Service vulnerability in Intel products The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. | 2.1 |