Weekly Vulnerabilities Reports > July 2 to 8, 2007

Overview

118 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 50 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 83 vendors including Vtiger, SAP, Debian, Phpids, and QT Cute. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "SQL Injection", "Code Injection", and "Numeric Errors".

  • 110 reported vulnerabilities are remotely exploitables.
  • 40 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 97 reported vulnerabilities are exploitable by an anonymous user.
  • Vtiger has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Sweetphp has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-03 CVE-2007-3515 Sweetphp SQL Injection vulnerability in TotalCalendar View_Event Script

SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

10.0
2007-07-06 CVE-2007-3611 Vrnews Remote Security vulnerability in Vrnews 1.1.1

admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act parameter.

9.3
2007-07-05 CVE-2007-3572 Yoggie Remote Code Execution vulnerability in Yoggie Pico and Pico Pro Backticks

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`" (backtick) characters (%60 sequences).

9.3
2007-07-03 CVE-2007-3512 Wakwak Remote Security vulnerability in Lhaca File Archiver

Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.

9.3
2007-07-02 CVE-2007-3507 Flac123 Local__VCentry_Parse_Value() Stack Buffer Overflow vulnerability in Flac123

Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.

9.3

50 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-06 CVE-2007-3599 Vtiger Remote Security vulnerability in vtiger CRM

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission.

8.5
2007-07-06 CVE-2007-3597 ZEN Cart Improper Authentication vulnerability in ZEN Cart ZEN Cart

Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows remote attackers to hijack web sessions by setting the Cookie parameter.

8.5
2007-07-03 CVE-2007-3514 Apple Security Bypass vulnerability in Apple Safari 3.0.2

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482.

8.5
2007-07-06 CVE-2007-3615 Microsoft
SAP
Denial of Service vulnerability in SAP products

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache.

7.8
2007-07-03 CVE-2007-3552 Bbs100 Denial of Service vulnerability in BBS100

Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving certain v*printf and shift_StringIO functions.

7.8
2007-07-03 CVE-2007-3550 Microsoft Code Injection vulnerability in Microsoft IE 6.0/7.0

** DISPUTED ** Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service (website suppression and resource consumption), aka "Internet Explorer Zone Domain Specification Dos and Page Suppressing".

7.8
2007-07-03 CVE-2007-3547 QT Cute Local File Include vulnerability in Qt-Cute Quickticket 1.2

Directory traversal vulnerability in qti_checkname.php in QuickTicket 1.2 allows remote attackers to include and execute arbitrary local files a ..

7.8
2007-07-03 CVE-2007-3537 IBM Unspecified vulnerability in IBM OS 400

IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.

7.8
2007-07-03 CVE-2007-3529 Phpdirector Information Disclosure vulnerability in PHPDirector

videos.php in PHPDirector 0.21 and earlier allows remote attackers to obtain sensitive information via an empty value of the id[] parameter, which reveals the path in an error message.

7.8
2007-07-03 CVE-2007-3525 Ripe Website Manager Remote File Include and Information Disclosure vulnerability in Ripe Website Manager

Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function.

7.8
2007-07-06 CVE-2007-3606 SAP ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP

Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.

7.6
2007-07-06 CVE-2007-3605 SAP Stack Buffer Overflow vulnerability in SAP EnjoySAP KWEdit.DLL ActiveX Control

Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.

7.6
2007-07-04 CVE-2007-3554 HP Buffer Overflow vulnerability in HP Instant Support ActiveX Control Driver Check

Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control in sdd.dll in HP Instant Support - Driver Check before 1.5.0.3 allows remote attackers to execute arbitrary code via a long argument to the queryHub function.

7.6
2007-07-03 CVE-2007-3536 AMX Buffer Overflow vulnerability in AMX Netlinx VNC Activex Control 1.0.13.0

Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.

7.6
2007-07-06 CVE-2007-3614 SAP Buffer Overflow vulnerability in SAP DB Web Server WAHTTP.EXE

Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."

7.5
2007-07-06 CVE-2007-3612 Visual IRC Buffer Overflow vulnerability in Visual IRC Visual IRC 2.0

Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.

7.5
2007-07-06 CVE-2007-3610 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech PHPvid 0.9.9

SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

7.5
2007-07-06 CVE-2007-3609 Emeeting SQL Injection vulnerability in Emeeting Online Dating Software 5.2

Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, and other unspecified vectors.

7.5
2007-07-05 CVE-2007-3589 B1G SQL Injection vulnerability in B1G B1Gbb 2.24

Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.

7.5
2007-07-05 CVE-2007-3588 Vbzoom SQL-Injection vulnerability in Vbzoom 1.12

SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php.

7.5
2007-07-05 CVE-2007-3587 Mycms Input Validation vulnerability in MyCMS

MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.

7.5
2007-07-05 CVE-2007-3586 Mycms Code Injection vulnerability in Mycms

Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php.

7.5
2007-07-05 CVE-2007-3585 Mycms Input Validation vulnerability in MyCMS

PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

7.5
2007-07-05 CVE-2007-3584 Postnuke Software Foundation SQL-Injection vulnerability in Pnphpbb2

SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.

7.5
2007-07-05 CVE-2007-3583 Girlserv SQL Injection vulnerability in Girlserv Ads Details_News.PHP

SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.

7.5
2007-07-05 CVE-2007-3582 Inforest Communications SQL Injection vulnerability in Inforest Communications Supercali 0.4.0

SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.

7.5
2007-07-05 CVE-2007-3575 Freedomain CO NR SQL Injection vulnerability in Freedomain.Co.Nr Clone 1.0

SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.

7.5
2007-07-05 CVE-2007-3570 Novell Security Bypass vulnerability in Novell Access Manager 3

The Linux Access Gateway in Novell Access Manager before 3.0 SP1 Release Candidate 1 (RC1) allows remote attackers to bypass unspecified security controls via Fullwidth/Halfwidth Unicode encoded data in a HTTP POST request.

7.5
2007-07-05 CVE-2007-3567 Mysqldumper Authentication Bypass vulnerability in MySQLDumper Apache Access Control

MySQLDumper 1.21b through 1.23 REV227 uses a "Limit GET" statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.

7.5
2007-07-05 CVE-2007-3011 Fujitsu Remote Command Execution vulnerability in Fujitsu ServerView DBASCIIAccess

The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens Computers ServerView before 4.50.09 allows remote attackers to execute arbitrary commands via shell metacharacters in the Servername subparameter of the ParameterList parameter.

7.5
2007-07-04 CVE-2007-3563 Avscripts SQL Injection vulnerability in Avscripts AV Arcade 2.1B

SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.

7.5
2007-07-04 CVE-2007-3562 PHP Director SQL Injection vulnerability in PHPDirector 'videos.php'

SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-04 CVE-2007-3560 Esqlanelapse Multiple Unspecified vulnerability in Esqlanelapse

Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have unknown impact and attack vectors.

7.5
2007-07-04 CVE-2007-3558 Coppermine SQL Injection vulnerability in Coppermine Photo Gallery Album Password Cookie

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

7.5
2007-07-03 CVE-2007-3549 Vastal I Tech SQL Injection vulnerability in Vastal I-Tech Buddy Zone 1.5

SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

7.5
2007-07-03 CVE-2007-3539 QT Cute SQL Injection vulnerability in Qt-Cute Quicktalk Forum and Quickticket

Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php.

7.5
2007-07-03 CVE-2007-3538 QT Cute SQL Injection vulnerability in Qt-Cute Quicktalk Guestbook 1.2

SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-03 CVE-2007-3534 Daniel Toma SQL Injection vulnerability in Daniel Toma Webchat 0.78

SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter.

7.5
2007-07-03 CVE-2007-3526 Vastal I Tech SQL Injection vulnerability in Buddy Zone

Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.

7.5
2007-07-03 CVE-2007-3521 Arcadebuilder SQL Injection vulnerability in Arcadebuilder Game Portal Manager 1.7

SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.

7.5
2007-07-03 CVE-2007-3520 Easybe SQL Injection vulnerability in Easybe 1-2-3 Music Store Process.PHP Script

SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

7.5
2007-07-03 CVE-2007-3519 Wesmo SQL Injection vulnerability in PHPEventCalendar Eventdisplay.PHP Script

SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-03 CVE-2007-3518 Hispah SQL Injection vulnerability in HispaH Youtube Clone MSG.PHP Script

SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-02 CVE-2007-3506 Freetype Remote Buffer Overflow vulnerability in FreeType Bitmap Font Handling

The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."

7.5
2007-07-05 CVE-2007-2839 Debian Local Arbitrary Command Execution vulnerability in Debian Gfax 0.4.2

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors.

7.2
2007-07-03 CVE-2007-3508 Gentoo Numeric Errors vulnerability in Gentoo Glibc 2.5

** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value.

7.2
2007-07-03 CVE-2007-3530 Phpdirector Local Security vulnerability in PHPDirector

PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file.

7.2
2007-07-03 CVE-2007-2838 Debian
Gsambad
Unspecified vulnerability in Gsambad 0.1.4

The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.

7.2
2007-07-03 CVE-2007-3548 W3Filer Remote Buffer Overflow vulnerability in W3Filer 2.1.3

Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.

7.1
2007-07-03 CVE-2007-3545 Warzone Buffer Overflow vulnerability in Warzone Long File Name

Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename when setting background music.

7.1

58 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-05 CVE-2007-3573 Akocomment SQL-Injection vulnerability in Akocomment

Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.

6.8
2007-07-04 CVE-2007-3557 Wheatblog SQL Injection vulnerability in Wheatblog 1.1

SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.

6.8
2007-07-04 CVE-2007-2949 Ubuntu
THE Gimp Team
Integer Overflow vulnerability in GIMP PSD File

Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

6.8
2007-07-03 CVE-2007-3527 Firebirdsql Remote Denial Of Service vulnerability in Firebirdsql Firebird 2.0.0

Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.

6.8
2007-07-03 CVE-2007-3524 Ripe Website Manager Remote File Include and Information Disclosure vulnerability in Ripe Website Manager

Multiple PHP remote file inclusion vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) admin/includes/author_panel_header.php or (2) admin/includes/admin_header.php.

6.8
2007-07-03 CVE-2007-3522 Sphpell Remote File Include vulnerability in Sphpell 1.01

Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.

6.8
2007-07-03 CVE-2007-2835 Debian
Unicon Imc2
Buffer Overflow vulnerability in Unicon-Imc2 3.0.4

Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.

6.8
2007-07-06 CVE-2007-3616 Vtiger Denial-Of-Service vulnerability in vtiger CRM

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module.

6.5
2007-07-06 CVE-2007-3603 Vtiger SQL-Injection vulnerability in vtiger CRM

SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php.

6.5
2007-07-06 CVE-2007-3592 Elite Bulletin Board Input Validation vulnerability in Elite Bulletin Board

PM.php in Elite Bulletin Board before 1.0.10 allows remote authenticated users to delete arbitrary PM messages and conduct other attacks via modified id fields.

6.5
2007-07-03 CVE-2007-3544 Wordpress File-Upload vulnerability in WordPress

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts.

6.5
2007-07-03 CVE-2007-3535 Frank Karau File-Upload vulnerability in GL-SH Deaf Forum

Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a ..

6.4
2007-07-03 CVE-2007-3523 Groupeclan Free FR Local File Include vulnerability in Groupeclan.Free.Fr Xcms 1.1

Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a ..

6.4
2007-07-02 CVE-2007-3505 QT Cute Local File Include vulnerability in Qt-Cute Quicktalk Forum 1.3

Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 allow remote attackers to include and execute arbitrary local files via a ..

6.4
2007-07-02 CVE-2007-2836 Hiki Path Traversal vulnerability in Hiki

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

6.4
2007-07-03 CVE-2007-3551 Bbs100 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bbs100

Buffer overflow in bbs100 before 3.2 allows remote attackers to cause a denial of service (crash) by attempting to login as the Guest user when another Guest user is already logged in, possibly related to the state_login_prompt function in state_login.c.

6.1
2007-07-03 CVE-2007-3543 Wordpress Unspecified vulnerability in Wordpress and Wordpress MU

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

6.0
2007-07-06 CVE-2007-3602 Vtiger Remote Security vulnerability in vtiger CRM

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.

5.5
2007-07-06 CVE-2007-3598 Vtiger Denial-Of-Service vulnerability in vtiger CRM

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module.

5.5
2007-07-06 CVE-2007-3608 SAP ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP

Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.

5.0
2007-07-06 CVE-2007-3607 SAP ActiveX Controls Multiple Unspecified vulnerability in EnjoySAP

Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.

5.0
2007-07-06 CVE-2007-3591 Elite Bulletin Board Input Validation vulnerability in Elite Bulletin Board Elite Bulletin Board 1.0.8/1.0.9

Unspecified vulnerability in Profile.php in Elite Bulletin Board before 1.0.10 allows remote attackers to modify profile information via unspecified vectors related to "a remote form," probably related to direct requests and missing authorization checks.

5.0
2007-07-05 CVE-2007-3581 Jedox Remote Security vulnerability in Jedox Palo 1.5

The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a cube, and performing an Insert View.

5.0
2007-07-05 CVE-2007-3568 Imlib Denial of Service vulnerability in ImLib BMP Image _LoadBMP Function

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

5.0
2007-07-05 CVE-2007-3012 Fujitsu Information Disclosure vulnerability in Fujitsu PRIMERGY BX300 Blade Server

The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch Blade allows remote attackers to obtain sensitive information by canceling the authentication dialog when accessing a sub-page, which still displays the form field contents of the sub-page, as demonstrated using (1) config/ip_management.htm and (2) config/snmp_config.htm.

5.0
2007-07-04 CVE-2007-3556 Doubleflex Information Disclosure vulnerability in Liesbeth Base CMS

Liesbeth base CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an include file containing account credentials via a direct request for config.inc.

5.0
2007-07-03 CVE-2007-3533 3Com Remote Denial of Service vulnerability in 3Com 3Cnj220 2.0.22

The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.

5.0
2007-07-03 CVE-2007-3528 DAR Unspecified vulnerability in DAR

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.

5.0
2007-07-03 CVE-2007-3513 Linux Denial Of Service vulnerability in Linux Kernel USBLCD Memory Consumption

The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).

4.9
2007-07-06 CVE-2007-3613 SAP Cross-Site Scripting vulnerability in SAP Internet Graphics Server PARAMS

Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

4.3
2007-07-06 CVE-2007-3596 Izzysoft Unspecified vulnerability in PHPVideoPro

inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric characters in the sess_id parameter, which has unknown impact and remote attack vectors, probably cross-site scripting (XSS).

4.3
2007-07-06 CVE-2007-3593 Adventnet Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 5

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp.

4.3
2007-07-05 CVE-2007-3590 B1G Cross-Site Scripting vulnerability in B1G B1Gbb 2.24

Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB 2.24.0 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

4.3
2007-07-05 CVE-2007-3580 Phpids Cross-Site Scripting vulnerability in Phpids

PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script.

4.3
2007-07-05 CVE-2007-3579 Phpids Cross-Site Scripting vulnerability in Phpids

PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script.

4.3
2007-07-05 CVE-2007-3578 Phpids Cross-Site Scripting vulnerability in Phpids

PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.

4.3
2007-07-05 CVE-2007-3577 Phpids Cross-Site Scripting vulnerability in Phpids

PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.

4.3
2007-07-05 CVE-2007-3576 Microsoft Unspecified vulnerability in Microsoft IE 6

** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme names with 10 or more characters, which might allow remote attackers to bypass certain XSS protection schemes.

4.3
2007-07-05 CVE-2007-3574 Linksys Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06

Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.

4.3
2007-07-05 CVE-2007-3571 Novell Information Disclosure vulnerability in Groupwise

The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.

4.3
2007-07-05 CVE-2007-3569 Softlink Europe Cross-Site Scripting vulnerability in Oliver

Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the (1) updateform and (2) displayform parameter to (a) gateway/gateway.exe; the (3) TERMS, (4) database, (5) srchad, (6) SuggestedSearch, and (7) searchform parameters to the (b) "Basic Search page"; and (8) username parameter when (c) logging on.

4.3
2007-07-04 CVE-2007-3561 Webixir Cross-Site Scripting vulnerability in Webixir Efendy Blog 1.0

Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 allows remote attackers to inject arbitrary web script or HTML via the ara parameter.

4.3
2007-07-04 CVE-2007-3555 Moodle Cross-Site Scripting vulnerability in Moodle 1.7.1

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

4.3
2007-07-03 CVE-2007-3553 Oracle Cross-Site Scripting vulnerability in Oracle Application Server and Rapid Install web Server

Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/.

4.3
2007-07-03 CVE-2007-3546 Nessus Script HTML Injection vulnerability in Nessus Windows GUI

Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus Vulnerability Scanner before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-03 CVE-2007-3542 Pluxml Cross-Site Scripting vulnerability in Pluxml 0.3.1

Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2007-07-03 CVE-2007-3541 Kurinton Cross Site Scripting vulnerability in SHTTPd

Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-03 CVE-2007-3540 Rainworx Cross-Site Scripting vulnerability in Rainworx Rwauction PRO 5.0

Multiple cross-site scripting (XSS) vulnerabilities in search.asp in rwAuction Pro 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) show, (3) searchtype, (4) catid, and (5) searchtxt parameters, a different version and vectors than CVE-2005-4060.

4.3
2007-07-03 CVE-2007-3517 Claroline Cross-Site Scripting vulnerability in Claroline 1.8.3

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF) to (1) index.php, (2) demo/claroline170/index.php, and possibly other scripts.

4.3
2007-07-03 CVE-2007-3516 Gorki Online Cross-Site Scripting vulnerability in Gorki Online Santrac Sitesi

Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp.

4.3
2007-07-03 CVE-2007-3511 Mozilla Unspecified vulnerability in Mozilla Firefox and Seamonkey

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

4.3
2007-07-06 CVE-2007-3617 Vtiger Remote Security vulnerability in vtiger CRM

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries.

4.0
2007-07-06 CVE-2007-3604 Vtiger Remote Security vulnerability in vtiger CRM

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.

4.0
2007-07-06 CVE-2007-3600 Vtiger Remote Security vulnerability in vtiger CRM

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module.

4.0
2007-07-06 CVE-2006-7219 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.

4.0
2007-07-06 CVE-2006-7218 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.

4.0
2007-07-05 CVE-2006-7217 Apache Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.

4.0
2007-07-05 CVE-2006-7216 Apache Remote Security vulnerability in Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-03 CVE-2007-2837 Debian
Fireflier
Unspecified vulnerability in Fireflier 1.1.6

The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.

3.6
2007-07-04 CVE-2007-3559 PHP Fusion Cross-Site Scripting vulnerability in PHP-Fusion 6.01.10/6.01.9

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

3.5
2007-07-06 CVE-2007-3594 Adventnet Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 6/7

Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) displayName, and (4) selectedNode parameters to (c) reports/ReportViewAction.do; the (5) operation parameter to (d) admin/ServiceConfiguration.do; and the (6) selectedNode and (7) selectedTab parameters to (e) admin/DeviceAssociation.do.

2.6
2007-07-06 CVE-2007-3601 Vtiger Remote Security vulnerability in vtiger CRM

vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view.

2.1
2007-07-03 CVE-2006-7215 Intel Local Denial Of Service vulnerability in Intel products

The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.

2.1