Weekly Vulnerabilities Reports > July 9 to 15, 2007
Overview
159 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 154 products from 87 vendors including Microsoft, SUN, Apple, Squirrelmail, and Freebsd. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Information Exposure", and "Resource Management Errors".
- 141 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities have public exploit available.
- 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 148 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 15 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
25 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-15 | CVE-2007-3794 | Microsoft Hitachi Linux HP IBM SUN | Buffer Overflow vulnerability in Multiple Hitachi Products GIF Image Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. | 10.0 |
2007-07-15 | CVE-2006-5278 | Cisco | Heap Buffer Overflow vulnerability in Cisco products Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. | 10.0 |
2007-07-15 | CVE-2007-2417 | RSA Progress | Buffer Overflow vulnerability in Progress and OpenEdge _mprosrv Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. | 10.0 |
2007-07-11 | CVE-2007-3695 | Broadcom | Unspecified vulnerability in Broadcom Erwin Process Modeler 7.1 Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename. | 10.0 |
2007-07-10 | CVE-2007-0040 | Microsoft | Remote Code Execution vulnerability in Microsoft Windows 2000 and Windows 2003 Server The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes." | 10.0 |
2007-07-10 | CVE-2007-3647 | Zoneo Soft | Authentication Bypass vulnerability in Zoneo-Soft PHPtraffica 1.4/1.4.2/1.4.3 The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information. | 10.0 |
2007-07-10 | CVE-2007-3643 | AV Scripts | Unspecified vulnerability in AV Scripts AV Arcade 2.1B admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions. | 10.0 |
2007-07-09 | CVE-2007-3629 | Levent Veysi Portal | SQL Injection vulnerability in Levent Veysi Portal Levent Veysi Portal 1.0 SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 10.0 |
2007-07-09 | CVE-2007-3624 | SAP | Remote Buffer Overflow vulnerability in SAP Message Server Group Parameter Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group. | 10.0 |
2007-07-15 | CVE-2007-3773 | Generic Youtube Clone Script | Code Injection vulnerability in Generic Youtube Clone Script Generic Youtube Clone Script Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. | 9.3 |
2007-07-15 | CVE-2007-2397 | Apple | Code Execution vulnerability in Apple QuickTime QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. | 9.3 |
2007-07-15 | CVE-2007-2396 | Apple | Code Execution vulnerability in Apple QuickTime The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | 9.3 |
2007-07-15 | CVE-2007-2394 | Apple | Code Execution vulnerability in Apple QuickTime Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | 9.3 |
2007-07-15 | CVE-2007-2393 | Apple | Code Execution vulnerability in Apple QuickTime The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | 9.3 |
2007-07-15 | CVE-2007-2392 | Apple | Code Execution vulnerability in Apple QuickTime Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | 9.3 |
2007-07-15 | CVE-2006-5277 | Cisco | Heap Buffer Overflow vulnerability in Cisco products Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. | 9.3 |
2007-07-14 | CVE-2007-3641 | Freebsd | Remote vulnerability in Freebsd Libarchive 2.2.3 archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow. | 9.3 |
2007-07-11 | CVE-2007-3716 | SUN | Improper Input Validation vulnerability in SUN JDK and JRE The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. | 9.3 |
2007-07-11 | CVE-2007-3715 | SUN | Improper Input Validation vulnerability in SUN products Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716. | 9.3 |
2007-07-11 | CVE-2007-3456 | Adobe | Numeric Errors vulnerability in Adobe Flash Player Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative. | 9.3 |
2007-07-10 | CVE-2007-3029 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption. | 9.3 |
2007-07-10 | CVE-2007-1756 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel, Excel Viewer and Office Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability". | 9.3 |
2007-07-10 | CVE-2007-1754 | Microsoft | Resource Management Errors vulnerability in Microsoft Publisher 2007 PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability". | 9.3 |
2007-07-10 | CVE-2007-0043 | Microsoft | Buffer Errors vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability". | 9.3 |
2007-07-10 | CVE-2007-0041 | Microsoft | Buffer Errors vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow. | 9.3 |
54 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-15 | CVE-2007-3768 | Netwin | Denial-Of-Service vulnerability in SurgeFTP The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command. | 8.5 |
2007-07-15 | CVE-2007-3775 | Cisco | Unspecified vulnerability in Cisco products Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. | 7.8 |
2007-07-15 | CVE-2007-3774 | Dvbbs | Information Disclosure vulnerability in Dvbbs 7.1.0Sp1 Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. | 7.8 |
2007-07-15 | CVE-2007-3770 | OS Cillation | Remote Command Injection vulnerability in Os-Cillation Xfce Terminal 0.2.6 The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. | 7.8 |
2007-07-11 | CVE-2007-3698 | SUN | Denial Of Service vulnerability in SUN Jdk, JRE and SDK The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | 7.8 |
2007-07-11 | CVE-2007-3696 | Broadcom | Unspecified vulnerability in Broadcom Erwin Data Model Validator CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference. | 7.8 |
2007-07-11 | CVE-2007-3692 | Kddi | Directory Traversal vulnerability in Kddi Ezfactory Download CGI 1.0 Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. | 7.8 |
2007-07-11 | CVE-2007-3690 | Drupal | Security Bypass vulnerability in Drupal The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | 7.8 |
2007-07-11 | CVE-2007-3689 | Drupal | Security Bypass vulnerability in Drupal The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments. | 7.8 |
2007-07-10 | CVE-2007-3038 | Microsoft | Unspecified vulnerability in Microsoft Windows Vista The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability." | 7.8 |
2007-07-10 | CVE-2007-0042 | Microsoft | Information Exposure vulnerability in Microsoft .Net Framework 1.0/1.1/2.0 Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability." | 7.8 |
2007-07-10 | CVE-2007-3671 | Microsoft | Remote Denial Of Service vulnerability in Microsoft Windows Vista Kernel Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07. | 7.8 |
2007-07-10 | CVE-2006-7220 | SAP | Print Job Denial of Service vulnerability in SAPLPD/SAPSPRINT Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. | 7.8 |
2007-07-09 | CVE-2007-3626 | IBM Hitachi SUN | Denial Of Service vulnerability in Hitachi TPBroker Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request. | 7.8 |
2007-07-15 | CVE-2007-3788 | Esoft | Information Disclosure vulnerability in Esoft Instagate EX2 UTM Firmware3.1.20031001/Firmware3.1.20060921/Firmware3.1.20070605 The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document. | 7.6 |
2007-07-12 | CVE-2006-5274 | Mcafee | Memory Corruption vulnerability in Mcafee products Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors. | 7.6 |
2007-07-12 | CVE-2006-5273 | Mcafee | Memory Corruption vulnerability in Mcafee products Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet. | 7.6 |
2007-07-12 | CVE-2006-5271 | Mcafee | Memory Corruption vulnerability in Mcafee E-Business Server and Protectionpilot Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption. | 7.6 |
2007-07-11 | CVE-2007-3678 | Quark | Buffer Errors vulnerability in Quark Quarkxpress 7.2 Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name. | 7.6 |
2007-07-10 | CVE-2007-3030 | Microsoft | Remote Code Execution vulnerability in Microsoft Excel Workspace Designation Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability". | 7.6 |
2007-07-15 | CVE-2007-3793 | Hitachi | SQL Injection vulnerability in Hitachi JP1/NETM/DM Manager Products SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-07-15 | CVE-2007-3791 | Policyd | Remote Buffer Overflow vulnerability in policyd W_Read Function Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands. | 7.5 |
2007-07-15 | CVE-2007-3789 | Inmostore | SQL Injection vulnerability in Inmostore 4.0 SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. | 7.5 |
2007-07-15 | CVE-2007-3787 | Esoft | Denial-Of-Service vulnerability in Esoft Instagate EX2 UTM Firmware3.1.20031001/Firmware3.1.20060921/Firmware3.1.20070605 The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks. | 7.5 |
2007-07-15 | CVE-2007-3783 | Envivosoft | SQL-Injection vulnerability in Envivo Cms SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. | 7.5 |
2007-07-15 | CVE-2007-3778 | Squirrelmail | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. | 7.5 |
2007-07-12 | CVE-2007-3727 | Valarsoft | Unspecified vulnerability in Valarsoft Webmatic 2.6/2.6.1/2.6.2 Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." | 7.5 |
2007-07-12 | CVE-2007-3718 | Apple | Multiple Unspecified vulnerability in Apple Safari 3.0 Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. | 7.5 |
2007-07-12 | CVE-2007-3509 | Symantec | Buffer Overflow vulnerability in Symantec Veritas Backup Exec 10.0/10D/11D Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests. | 7.5 |
2007-07-12 | CVE-2006-5272 | Mcafee | Memory Corruption vulnerability in Mcafee products Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet. | 7.5 |
2007-07-11 | CVE-2007-3713 | Konst | Remote Buffer Overflow vulnerability in CenterICQ Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2007-07-11 | CVE-2007-3711 | 3Com | Improper Input Validation vulnerability in 3Com Tippingpoint IPS TOS Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets. | 7.5 |
2007-07-11 | CVE-2007-3710 | PHP Comet Server | Remote Security vulnerability in Php Comet-Server PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter. | 7.5 |
2007-07-11 | CVE-2007-3705 | Fusetalk | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | 7.5 |
2007-07-11 | CVE-2007-3704 | Entertainment CMS | Authentication Bypass vulnerability in Entertainment CMS AdminLogged Cookie Parameter Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator." | 7.5 |
2007-07-11 | CVE-2007-3701 | Tippingpoint 3Com | Improper Input Validation vulnerability in multiple products TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack. | 7.5 |
2007-07-11 | CVE-2007-3697 | Tufat | Remote File Include vulnerability in FlashBB Sendmsg.PHP PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter. | 7.5 |
2007-07-11 | CVE-2007-3686 | Masuga Design | Input Validation vulnerability in Unobtrusive AJAX Star Rating Bar CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. | 7.5 |
2007-07-11 | CVE-2007-3684 | Masuga Design | Input Validation vulnerability in Unobtrusive AJAX Star Rating Bar Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. | 7.5 |
2007-07-11 | CVE-2007-3683 | Aigaion | SQL Injection vulnerability in Aigaion SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. | 7.5 |
2007-07-11 | CVE-2007-3682 | Openld | SQL Injection vulnerability in Openld 1.1.9/1.1Modified3/1.2.2 SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-11 | CVE-2007-3677 | Maxsi | SQL Injection vulnerability in Maxsi Evisit Analyst Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. | 7.5 |
2007-07-10 | CVE-2007-3666 | Symantec | RemoteCommand.DLL Buffer Overflow vulnerability in Symantec Norton Ghost 12.0 Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function. | 7.5 |
2007-07-10 | CVE-2007-3660 | Nonnoi Solutions | Unspecified vulnerability in Nonnoi Solutions ASP Barcode The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function. | 7.5 |
2007-07-10 | CVE-2007-3648 | Valarsoft | SQL Injection vulnerability in Valarsoft Webmatic 2.6.1 SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php. | 7.5 |
2007-07-10 | CVE-2007-3646 | Flashgamescript | SQL Injection vulnerability in Flashgamescript 1.5.4/1.7 SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action. | 7.5 |
2007-07-10 | CVE-2007-3637 | Mkportal | SQL Injection vulnerability in Mkportal 1.1.1 SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. | 7.5 |
2007-07-10 | CVE-2007-3636 | Squirrelmail | Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
2007-07-10 | CVE-2007-3631 | Gamesitescript | SQL Injection vulnerability in GameSiteScript SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field. | 7.5 |
2007-07-09 | CVE-2007-3627 | PHP Lite | SQL Injection vulnerability in PHP Lite Calendar Express 2.2 Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php. | 7.5 |
2007-07-09 | CVE-2007-3621 | Asteridex | Remote Command Execution vulnerability in AsteriDex CallBoth.PHP Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters. | 7.5 |
2007-07-15 | CVE-2007-3777 | Grisoft | Local Privilege Escalation vulnerability in Grisoft AVG Antivirus 7.5.446/7.5.448 avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler. | 7.2 |
2007-07-11 | CVE-2007-3680 | IBM | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3.0 Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. | 7.2 |
2007-07-15 | CVE-2007-3795 | Hitachi | Denial Of Service vulnerability in Hitachi TP1/Server Base Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port. | 7.1 |
67 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-15 | CVE-2007-3673 | Symantec | Local Privilege Escalation vulnerability in Symantec Device Driver SYMTDI.SYS Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. | 6.9 |
2007-07-12 | CVE-2007-3717 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.8/5.9 rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. | 6.9 |
2007-07-11 | CVE-2007-3703 | Zenturi | Buffer Overflow vulnerability in Zenturi Programchecker 1.5.531 Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. | 6.8 |
2007-07-11 | CVE-2007-3691 | AV Scripts | SQL-Injection vulnerability in AV Scripts AV Tutorial Script 1.0 Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630. | 6.8 |
2007-07-10 | CVE-2007-3663 | Media Player Classic | Denial-Of-Service vulnerability in Media Player Classic Media Player Classic 6.4.9.0 Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file. | 6.8 |
2007-07-10 | CVE-2007-3662 | Media Player Classic | Remote Denial Of Service vulnerability in Media Player Classic Media Player Classic 6.4.9.0 Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file. | 6.8 |
2007-07-10 | CVE-2007-3656 | Mozilla | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. | 6.8 |
2007-07-10 | CVE-2007-3655 | SUN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN JRE 1.5.0/1.6.0 Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. | 6.8 |
2007-07-10 | CVE-2006-4519 | Gimp | Integer Overflow or Wraparound vulnerability in Gimp Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. | 6.8 |
2007-07-10 | CVE-2007-3649 | HP | Unspecified vulnerability in HP Photo Digital Imaging Activex Control 2.1.0.556 Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method. | 6.8 |
2007-07-10 | CVE-2007-3632 | Limesurvey | Remote Security vulnerability in Limesurvey 1.49Rc2 Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | 6.8 |
2007-07-11 | CVE-2007-3681 | Winpcap | Local Privilege Escalation vulnerability in Winpcap 3.1/4.0 The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. | 6.6 |
2007-07-15 | CVE-2007-3013 | Activeweb | SQL Injection vulnerability in ActiveWeb Contentserver Picture_Real_Edit.ASP SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors. | 6.5 |
2007-07-11 | CVE-2007-3687 | Infernotechnologies | SQL Injection vulnerability in Infernotechnologies RPG Inferno SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | 6.5 |
2007-07-10 | CVE-2007-3634 | Squirrelmail | Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0 Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004. | 6.5 |
2007-07-15 | CVE-2007-3772 | Psnews | File-Upload vulnerability in Psnews 1.1 Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2007-07-10 | CVE-2007-3633 | Chilkat Software | Arbitrary File Overwrite vulnerability in Chilkat Software Chilkat ZIP Activex Control 12.4.2.0 Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method. | 6.4 |
2007-07-10 | CVE-2007-3630 | AV Scripts | Unspecified vulnerability in AV Scripts AV Tutorial Script 1.0 changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter. | 6.4 |
2007-07-15 | CVE-2007-3103 | Fedoraproject Redhat | Link Following vulnerability in multiple products The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. | 6.2 |
2007-07-10 | CVE-2007-3638 | Yahoo | Buffer Errors vulnerability in Yahoo Messenger 8.1 Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005. | 6.0 |
2007-07-15 | CVE-2007-3790 | PHP | Denial-Of-Service vulnerability in PHP 5.2.3 The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument. | 5.8 |
2007-07-15 | CVE-2007-3769 | Netwin | Cross-Site Scripting vulnerability in SurgeFTP Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. | 5.8 |
2007-07-15 | CVE-2006-4169 | Squirrelmail | Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. | 5.5 |
2007-07-15 | CVE-2007-3780 | Mysql | Improper Input Validation vulnerability in Mysql Community Server 5.0.41 MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. | 5.0 |
2007-07-15 | CVE-2007-3776 | Cisco | Unspecified vulnerability in Cisco products Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. | 5.0 |
2007-07-12 | CVE-2007-3730 | HP | Unspecified vulnerability in HP Openvms 8.3 The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification. | 5.0 |
2007-07-12 | CVE-2007-3729 | HP | Unspecified vulnerability in HP Openvms 8.3 The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames. | 5.0 |
2007-07-12 | CVE-2007-3728 | Silc | Remote Buffer Overflow vulnerability in Silc Client and Silc Toolkit Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications. | 5.0 |
2007-07-11 | CVE-2007-3714 | ADA | Local File Include vulnerability in ADA Imgsvr 0.6.5 Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-07-11 | CVE-2007-3709 | Codeigniter | Remote Security vulnerability in Codeigniter 1.5.3 CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header. | 5.0 |
2007-07-11 | CVE-2007-3707 | Codeigniter | Directory Traversal vulnerability in Codeigniter 1.5.3 Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-07-11 | CVE-2007-3702 | Mail Machine | Local File Include vulnerability in Mike's World Mail Machine Mailmachine.CGI Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-07-10 | CVE-2007-3028 | Microsoft | Remote Denial Of Service vulnerability in Microsoft Windows Active Directory LDAP Request Validation The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". | 5.0 |
2007-07-10 | CVE-2007-3668 | Numedia Soft INC | Denial of Service vulnerability in Numedia Soft INC Nmsdvdx DVD Burning SDK 1.008 Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables. | 5.0 |
2007-07-10 | CVE-2007-3667 | Activereportsexcelreport | Denial of Service vulnerability in Data Dynamics ActiveReports DDRow EXCLEXPT.DLL ActiveX Control Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable. | 5.0 |
2007-07-10 | CVE-2007-3665 | Symantec | Denial of Service vulnerability in Symantec Norton Ghost 12.0 Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions. | 5.0 |
2007-07-10 | CVE-2007-3664 | Eltima Software | Denial-Of-Service vulnerability in Runservice Multiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine. | 5.0 |
2007-07-10 | CVE-2007-3661 | Eltima Software | Denial of Service vulnerability in Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions. | 5.0 |
2007-07-10 | CVE-2007-3658 | Microsoft | Denial-Of-Service vulnerability in Register Server Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library. | 5.0 |
2007-07-09 | CVE-2007-3628 | Pear | Remote Security vulnerability in Structures Datagrid Datasource Mdb2 Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries." | 5.0 |
2007-07-09 | CVE-2007-3625 | Citrix | Denial Of Service vulnerability in Citrix Presentation Server Client Content-Redirection The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | 5.0 |
2007-07-09 | CVE-2007-3620 | Maia Mailguard | Directory Traversal vulnerability in Maia Mailguard Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. | 5.0 |
2007-07-09 | CVE-2007-3619 | Maia Mailguard | Local File Include vulnerability in Maia Mailguard Login.PHP Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2007-07-15 | CVE-2007-3771 | Symantec | Stack Overflow vulnerability in Symantec Client Security and Norton Antivirus Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. | 4.6 |
2007-07-10 | CVE-2007-3659 | Freewrl | Local Security vulnerability in Freewrl 1.19.3 Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. | 4.6 |
2007-07-15 | CVE-2007-3792 | Azerbaijan Development Group | Remote File Include vulnerability in Azerbaijan Development Group Azdgdating 3.0.5 Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/. | 4.3 |
2007-07-15 | CVE-2007-3784 | Belkin | HTML Injection vulnerability in Belkin F5D7231-4 Firmware4.05.03 Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. | 4.3 |
2007-07-15 | CVE-2007-3014 | Activeweb | Cross-Site Scripting vulnerability in ActiveWeb Contentserver Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype). | 4.3 |
2007-07-15 | CVE-2007-3779 | Squirrelmail | File-Upload vulnerability in Squirrelmail GPG Plugin 2.1 PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. | 4.3 |
2007-07-15 | CVE-2007-3645 | Freebsd | Remote vulnerability in Freebsd Libarchive 2.2.3 archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644. | 4.3 |
2007-07-15 | CVE-2007-2402 | Apple | Information Exposure vulnerability in Apple Quicktime QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. | 4.3 |
2007-07-14 | CVE-2007-3644 | Freebsd | Remote vulnerability in Freebsd Libarchive 2.2.3 archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive. | 4.3 |
2007-07-12 | CVE-2007-3726 | Rarlab | Denial-Of-Service vulnerability in Rarlab Unrar 3.70Beta3 Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. | 4.3 |
2007-07-12 | CVE-2007-3725 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. | 4.3 |
2007-07-11 | CVE-2007-3712 | Hiddenchest | HTML Injection vulnerability in Yb Ve Bayi Babvuru Formu Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-11 | CVE-2007-3708 | Codeigniter | Cross-Site Scripting vulnerability in Codeigniter 1.5.3 Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function. | 4.3 |
2007-07-11 | CVE-2007-3693 | Gobi AND Helma | Cross-Site Scripting vulnerability in Helma Search Script Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function. | 4.3 |
2007-07-11 | CVE-2007-3457 | Adobe | Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file. | 4.3 |
2007-07-10 | CVE-2007-3672 | Dotclear | Cross-Site Scripting vulnerability in Dotclear 1.2.6 Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page. | 4.3 |
2007-07-10 | CVE-2007-3670 | Microsoft Mozilla | Cross-Site Scripting vulnerability in multiple products Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. | 4.3 |
2007-07-10 | CVE-2007-3669 | Innovasys | Denial of Service vulnerability in Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function. | 4.3 |
2007-07-10 | CVE-2007-3640 | Adobe | Cross-Site Scripting vulnerability in Adobe AIR Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function. | 4.3 |
2007-07-10 | CVE-2007-3635 | Squirrelmail | Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. | 4.3 |
2007-07-09 | CVE-2007-3623 | Hitachi | Cross-Site Scripting vulnerability in JP1/HiCommand Series Products Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. | 4.3 |
2007-07-15 | CVE-2007-3785 | Eldos Corporation | Unspecified vulnerability in Eldos Corporation Secureblackbox 5.1.0.112 Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. | 4.0 |
2007-07-15 | CVE-2007-3781 | Mysql | Denial of Service vulnerability in Mysql Community Server 5.0.41/5.0.44 MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. | 4.0 |
2007-07-10 | CVE-2007-3639 | Wordpress | Information Disclosure vulnerability in WordPress WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php. | 4.0 |
13 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-15 | CVE-2007-3782 | Mysql | Permissions, Privileges, and Access Controls vulnerability in Mysql Community Server 5.0.41/5.0.44 MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. | 3.5 |
2007-07-11 | CVE-2007-3688 | Dotclear | Cross-Site Request Forgery vulnerability in Dotclear 1.2.6 Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages. | 2.6 |
2007-07-11 | CVE-2007-3685 | Masuga Design | Cross-Site Scripting vulnerability in Unobtrusive AJAX Star Rating Bar Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 2.6 |
2007-07-09 | CVE-2007-3622 | ALT N | Denial Of Service vulnerability in MDaemon Server DomainPOP Messages Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages. | 2.6 |
2007-07-12 | CVE-2007-3724 | Microsoft | Denial-Of-Service vulnerability in Windows XP Gold The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-12 | CVE-2007-3723 | SUN | Denial-Of-Service vulnerability in Sun Solaris The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-12 | CVE-2007-3722 | Freebsd | Denial-Of-Service vulnerability in FreeBSD The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-12 | CVE-2007-3721 | Freebsd | Denial-Of-Service vulnerability in FreeBSD The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-12 | CVE-2007-3720 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.4.0 The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-12 | CVE-2007-3719 | Linux | Denial-Of-Service vulnerability in Linux Kernel 2.6.16 The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
2007-07-11 | CVE-2007-3706 | Codeigniter | Local Security vulnerability in Codeigniter 1.5.3 The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie. | 2.1 |
2007-07-10 | CVE-2007-3107 | Linux | Local Denial of Service vulnerability in Linux PowerPC Kernel Restore_Sigcontext The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits. | 2.1 |
2007-07-11 | CVE-2007-3700 | SUN | Unspecified vulnerability in SUN Java System Access Manager Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. | 1.7 |