Weekly Vulnerabilities Reports > July 9 to 15, 2007

Overview

159 new vulnerabilities reported during this period, including 25 critical vulnerabilities and 54 high severity vulnerabilities. This weekly summary report vulnerabilities in 154 products from 87 vendors including Microsoft, SUN, Apple, Squirrelmail, and Hitachi. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Information Exposure", and "Resource Management Errors".

  • 141 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 148 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

25 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-15 CVE-2007-3794 Microsoft
Hitachi
Linux
HP
IBM
SUN
Buffer Overflow vulnerability in Multiple Hitachi Products GIF Image

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.

10.0
2007-07-15 CVE-2006-5278 Cisco Heap Buffer Overflow vulnerability in Cisco products

Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.

10.0
2007-07-15 CVE-2007-2417 RSA
Progress
Buffer Overflow vulnerability in Progress and OpenEdge _mprosrv

Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets.

10.0
2007-07-11 CVE-2007-3695 Broadcom Unspecified vulnerability in Broadcom Erwin Process Modeler 7.1

Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly AllFusion Process Modeler) 7.1 allows attackers to execute arbitrary code via a long filename.

10.0
2007-07-10 CVE-2007-0040 Microsoft Remote Code Execution vulnerability in Microsoft Windows 2000 and Windows 2003 Server

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."

10.0
2007-07-10 CVE-2007-3647 Zoneo Soft Authentication Bypass vulnerability in Zoneo-Soft PHPtraffica 1.4/1.4.2/1.4.3

The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from third party information.

10.0
2007-07-10 CVE-2007-3643 AV Scripts Unspecified vulnerability in AV Scripts AV Arcade 2.1B

admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions.

10.0
2007-07-09 CVE-2007-3629 Levent Veysi Portal SQL Injection vulnerability in Levent Veysi Portal Levent Veysi Portal 1.0

SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

10.0
2007-07-09 CVE-2007-3624 SAP Remote Buffer Overflow vulnerability in SAP Message Server Group Parameter

Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.

10.0
2007-07-15 CVE-2007-3773 Generic Youtube Clone Script Code Injection vulnerability in Generic Youtube Clone Script Generic Youtube Clone Script

Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.

9.3
2007-07-15 CVE-2007-2397 Apple Code Execution vulnerability in Apple QuickTime

QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

9.3
2007-07-15 CVE-2007-2396 Apple Code Execution vulnerability in Apple QuickTime

The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.

9.3
2007-07-15 CVE-2007-2394 Apple Code Execution vulnerability in Apple QuickTime

Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.

9.3
2007-07-15 CVE-2007-2393 Apple Code Execution vulnerability in Apple QuickTime

The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.

9.3
2007-07-15 CVE-2007-2392 Apple Code Execution vulnerability in Apple QuickTime

Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.

9.3
2007-07-15 CVE-2006-5277 Cisco Heap Buffer Overflow vulnerability in Cisco products

Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.

9.3
2007-07-14 CVE-2007-3641 Freebsd Remote vulnerability in Freebsd Libarchive 2.2.3

archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.

9.3
2007-07-11 CVE-2007-3716 SUN Improper Input Validation vulnerability in SUN JDK and JRE

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

9.3
2007-07-11 CVE-2007-3715 SUN Improper Input Validation vulnerability in SUN products

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716.

9.3
2007-07-11 CVE-2007-3456 Adobe Numeric Errors vulnerability in Adobe Flash Player

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a (1) Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF file, related to an "input validation error," including a signed comparison of values that are assumed to be non-negative.

9.3
2007-07-10 CVE-2007-3029 Microsoft Remote Code Execution vulnerability in Microsoft Excel and Office

Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.

9.3
2007-07-10 CVE-2007-1756 Microsoft Remote Code Execution vulnerability in Microsoft Excel, Excel Viewer and Office

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".

9.3
2007-07-10 CVE-2007-1754 Microsoft Resource Management Errors vulnerability in Microsoft Publisher 2007

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".

9.3
2007-07-10 CVE-2007-0043 Microsoft Buffer Errors vulnerability in Microsoft .Net Framework 1.0/1.1/2.0

The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".

9.3
2007-07-10 CVE-2007-0041 Microsoft Buffer Errors vulnerability in Microsoft .Net Framework 1.0/1.1/2.0

The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.

9.3

54 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-15 CVE-2007-3768 Netwin Denial-Of-Service vulnerability in SurgeFTP

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.

8.5
2007-07-15 CVE-2007-3775 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.

7.8
2007-07-15 CVE-2007-3774 Dvbbs Information Disclosure vulnerability in Dvbbs 7.1.0Sp1

Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb.

7.8
2007-07-15 CVE-2007-3770 OS Cillation Remote Command Injection vulnerability in Os-Cillation Xfce Terminal 0.2.6

The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.

7.8
2007-07-11 CVE-2007-3698 SUN Denial Of Service vulnerability in SUN Jdk, JRE and SDK

The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.

7.8
2007-07-11 CVE-2007-3696 Broadcom Unspecified vulnerability in Broadcom Erwin Data Model Validator

CA ERwin Data Model Validator (formerly AllFusion Data Model Validator) allows remote attackers to (1) cause a denial of service (application hang) via a malformed .EXP database file and (2) cause a denial of service (aaplication crash) via a crafted .EXP database file, which triggers a NULL dereference.

7.8
2007-07-11 CVE-2007-3692 Kddi Directory Traversal vulnerability in Kddi Ezfactory Download CGI 1.0

Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a ..

7.8
2007-07-11 CVE-2007-3690 Drupal Security Bypass vulnerability in Drupal

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

7.8
2007-07-11 CVE-2007-3689 Drupal Security Bypass vulnerability in Drupal

The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.

7.8
2007-07-10 CVE-2007-3038 Microsoft Unspecified vulnerability in Microsoft Windows Vista

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."

7.8
2007-07-10 CVE-2007-0042 Microsoft Information Exposure vulnerability in Microsoft .Net Framework 1.0/1.1/2.0

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

7.8
2007-07-10 CVE-2007-3671 Microsoft Remote Denial Of Service vulnerability in Microsoft Windows Vista Kernel

Unspecified vulnerability in the kernel in Microsoft Windows Vista has unspecified remote attack vectors and impact, as shown in the "0day IPO" presentation at SyScan'07.

7.8
2007-07-10 CVE-2006-7220 SAP Print Job Denial of Service vulnerability in SAPLPD/SAPSPRINT

Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request.

7.8
2007-07-09 CVE-2007-3626 IBM
Hitachi
SUN
Denial Of Service vulnerability in Hitachi TPBroker

Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request.

7.8
2007-07-15 CVE-2007-3788 Esoft Information Disclosure vulnerability in Esoft Instagate EX2 UTM Firmware3.1.20031001/Firmware3.1.20060921/Firmware3.1.20070605

The eSoft InstaGate EX2 UTM device stores the admin password within the settings HTML document, which might allow context-dependent attackers to obtain sensitive information by reading this document.

7.6
2007-07-12 CVE-2006-5274 Mcafee Memory Corruption vulnerability in Mcafee products

Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.

7.6
2007-07-12 CVE-2006-5273 Mcafee Memory Corruption vulnerability in Mcafee products

Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.

7.6
2007-07-12 CVE-2006-5271 Mcafee Memory Corruption vulnerability in Mcafee E-Business Server and Protectionpilot

Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.

7.6
2007-07-11 CVE-2007-3678 Quark Buffer Errors vulnerability in Quark Quarkxpress 7.2

Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code via a long font name.

7.6
2007-07-10 CVE-2007-3030 Microsoft Remote Code Execution vulnerability in Microsoft Excel Workspace Designation

Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".

7.6
2007-07-15 CVE-2007-3793 Hitachi SQL Injection vulnerability in Hitachi JP1/NETM/DM Manager Products

SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-07-15 CVE-2007-3791 Policyd Remote Buffer Overflow vulnerability in policyd W_Read Function

Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands.

7.5
2007-07-15 CVE-2007-3789 Inmostore SQL Injection vulnerability in Inmostore 4.0

SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field.

7.5
2007-07-15 CVE-2007-3787 Esoft Denial-Of-Service vulnerability in Esoft Instagate EX2 UTM Firmware3.1.20031001/Firmware3.1.20060921/Firmware3.1.20070605

The eSoft InstaGate EX2 UTM device does not require entry of the old password when changing the admin password, which might allow remote attackers to gain privileges by conducting a CSRF attack, making a password change from an unattended workstation, or other attacks.

7.5
2007-07-15 CVE-2007-3783 Envivosoft SQL-Injection vulnerability in Envivo Cms

SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action.

7.5
2007-07-15 CVE-2007-3778 Squirrelmail Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in

The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php.

7.5
2007-07-12 CVE-2007-3727 Valarsoft Unspecified vulnerability in Valarsoft Webmatic 2.6/2.6.1/2.6.2

Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area."

7.5
2007-07-12 CVE-2007-3718 Apple Multiple Unspecified vulnerability in Apple Safari 3.0

Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact.

7.5
2007-07-12 CVE-2007-3509 Symantec Buffer Overflow vulnerability in Symantec Veritas Backup Exec 10.0/10D/11D

Heap-based buffer overflow in the RPC subsystem in Symantec Backup Exec for Windows Servers 10.0, 10d, and 11d allows remote attackers to cause a denial of service (process exit) and possibly execute arbitrary code via crafted ncacn_ip_tcp requests.

7.5
2007-07-12 CVE-2006-5272 Mcafee Memory Corruption vulnerability in Mcafee products

Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.

7.5
2007-07-11 CVE-2007-3713 Konst Remote Buffer Overflow vulnerability in CenterICQ

Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors.

7.5
2007-07-11 CVE-2007-3711 3Com Improper Input Validation vulnerability in 3Com Tippingpoint IPS TOS

Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.

7.5
2007-07-11 CVE-2007-3710 PHP Comet Server Remote Security vulnerability in Php Comet-Server

PHP remote file inclusion vulnerability in example/gamedemo/inc.functions.php in PHP Comet-Server allows remote attackers to execute arbitrary PHP code via a URL in the projectPath parameter.

7.5
2007-07-11 CVE-2007-3705 Fusetalk SQL Injection vulnerability in Fusetalk 2.0

SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.

7.5
2007-07-11 CVE-2007-3704 Entertainment CMS Authentication Bypass vulnerability in Entertainment CMS AdminLogged Cookie Parameter

Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator."

7.5
2007-07-11 CVE-2007-3701 Tippingpoint
3Com
Improper Input Validation vulnerability in multiple products

TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.

7.5
2007-07-11 CVE-2007-3697 Tufat Remote File Include vulnerability in FlashBB Sendmsg.PHP

PHP remote file inclusion vulnerability in phpbb/sendmsg.php in FlashBB 1.1.8 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.

7.5
2007-07-11 CVE-2007-3686 Masuga Design Input Validation vulnerability in Unobtrusive AJAX Star Rating Bar

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter.

7.5
2007-07-11 CVE-2007-3684 Masuga Design Input Validation vulnerability in Unobtrusive AJAX Star Rating Bar

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php.

7.5
2007-07-11 CVE-2007-3683 Aigaion SQL Injection vulnerability in Aigaion

SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.

7.5
2007-07-11 CVE-2007-3682 Openld SQL Injection vulnerability in Openld 1.1.9/1.1Modified3/1.2.2

SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-11 CVE-2007-3677 Maxsi SQL Injection vulnerability in Maxsi Evisit Analyst

Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl.

7.5
2007-07-10 CVE-2007-3666 Symantec RemoteCommand.DLL Buffer Overflow vulnerability in Symantec Norton Ghost 12.0

Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.

7.5
2007-07-10 CVE-2007-3660 Nonnoi Solutions Unspecified vulnerability in Nonnoi Solutions ASP Barcode

The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows remote attackers to overwrite arbitrary files via an argument to the SaveBarcode function.

7.5
2007-07-10 CVE-2007-3648 Valarsoft SQL Injection vulnerability in Valarsoft Webmatic 2.6.1

SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to admin/admin_album.php and admin/admin_downloads.php.

7.5
2007-07-10 CVE-2007-3646 Flashgamescript SQL Injection vulnerability in Flashgamescript 1.5.4/1.7

SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.

7.5
2007-07-10 CVE-2007-3637 Mkportal SQL Injection vulnerability in Mkportal 1.1.1

SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008.

7.5
2007-07-10 CVE-2007-3636 Squirrelmail Remote Command Execution vulnerability in Squirrelmail GPG Plugin and Squirrelmail

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors.

7.5
2007-07-10 CVE-2007-3631 Gamesitescript SQL Injection vulnerability in GameSiteScript

SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validation of the id field.

7.5
2007-07-09 CVE-2007-3627 PHP Lite SQL Injection vulnerability in PHP Lite Calendar Express 2.2

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscribe.php.

7.5
2007-07-09 CVE-2007-3621 Asteridex Remote Command Execution vulnerability in AsteriDex CallBoth.PHP

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.

7.5
2007-07-15 CVE-2007-3777 Grisoft Local Privilege Escalation vulnerability in Grisoft AVG Antivirus 7.5.446/7.5.448

avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to a function provided by the 0x5348E004 IOCTL for the generic DeviceIoControl handler.

7.2
2007-07-11 CVE-2007-3680 IBM Buffer Errors vulnerability in IBM AIX 5.2.0/5.3.0

Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.

7.2
2007-07-15 CVE-2007-3795 Hitachi Denial Of Service vulnerability in Hitachi TP1/Server Base

Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port.

7.1

67 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-15 CVE-2007-3673 Symantec Local Privilege Escalation vulnerability in Symantec Device Driver SYMTDI.SYS

Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.

6.9
2007-07-12 CVE-2007-3717 SUN Local Security vulnerability in SUN Sunos 5.10/5.8/5.9

rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.

6.9
2007-07-11 CVE-2007-3703 Zenturi Buffer Overflow vulnerability in Zenturi Programchecker 1.5.531

Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method.

6.8
2007-07-11 CVE-2007-3691 AV Scripts SQL-Injection vulnerability in AV Scripts AV Tutorial Script 1.0

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different issue than CVE-2007-3630.

6.8
2007-07-10 CVE-2007-3663 Media Player Classic Denial-Of-Service vulnerability in Media Player Classic Media Player Classic 6.4.9.0

Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MPA file.

6.8
2007-07-10 CVE-2007-3662 Media Player Classic Remote Denial Of Service vulnerability in Media Player Classic Media Player Classic 6.4.9.0

Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FLV file.

6.8
2007-07-10 CVE-2007-3656 Mozilla Information Exposure vulnerability in Mozilla Firefox

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs.

6.8
2007-07-10 CVE-2007-3655 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN JRE 1.5.0/1.6.0

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

6.8
2007-07-10 CVE-2006-4519 Gimp Integer Overflow or Wraparound vulnerability in Gimp

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.

6.8
2007-07-10 CVE-2007-3649 HP Unspecified vulnerability in HP Photo Digital Imaging Activex Control 2.1.0.556

Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.

6.8
2007-07-10 CVE-2007-3632 Limesurvey Remote Security vulnerability in Limesurvey 1.49Rc2

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.

6.8
2007-07-11 CVE-2007-3681 Winpcap Local Privilege Escalation vulnerability in Winpcap 3.1/4.0

The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.

6.6
2007-07-15 CVE-2007-3013 Activeweb SQL Injection vulnerability in ActiveWeb Contentserver Picture_Real_Edit.ASP

SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.

6.5
2007-07-11 CVE-2007-3687 Infernotechnologies SQL Injection vulnerability in Infernotechnologies RPG Inferno

SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.

6.5
2007-07-10 CVE-2007-3634 Squirrelmail Remote Command Execution vulnerability in Squirrelmail GPG Plugin 2.0

Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function, aka ZD-00000004.

6.5
2007-07-15 CVE-2007-3772 Psnews File-Upload vulnerability in Psnews 1.1

Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a ..

6.4
2007-07-10 CVE-2007-3633 Chilkat Software Arbitrary File Overwrite vulnerability in Chilkat Software Chilkat ZIP Activex Control 12.4.2.0

Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.

6.4
2007-07-10 CVE-2007-3630 AV Scripts Unspecified vulnerability in AV Scripts AV Tutorial Script 1.0

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

6.4
2007-07-15 CVE-2007-3103 Fedoraproject
Redhat
Link Following vulnerability in multiple products

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

6.2
2007-07-10 CVE-2007-3638 Yahoo Buffer Errors vulnerability in Yahoo Messenger 8.1

Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users, who are listed in an address book, to execute arbitrary code via unspecified vectors, aka ZD-00000005.

6.0
2007-07-15 CVE-2007-3790 PHP Denial-Of-Service vulnerability in PHP 5.2.3

The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.

5.8
2007-07-15 CVE-2007-3769 Netwin Cross-Site Scripting vulnerability in SurgeFTP

Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message.

5.8
2007-07-15 CVE-2006-4169 Squirrelmail Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in

Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a ..

5.5
2007-07-15 CVE-2007-3780 Mysql Improper Input Validation vulnerability in Mysql Community Server 5.0.41

MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.

5.0
2007-07-15 CVE-2007-3776 Cisco Unspecified vulnerability in Cisco products

Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.

5.0
2007-07-12 CVE-2007-3730 HP Unspecified vulnerability in HP Openvms 8.3

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 does not log the source IP address or attempted username for login attempts, which might help remote attackers to avoid identification.

5.0
2007-07-12 CVE-2007-3729 HP Unspecified vulnerability in HP Openvms 8.3

The default configuration of the POP server in TCP/IP Services 5.6 for HP OpenVMS 8.3 generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid POP usernames.

5.0
2007-07-12 CVE-2007-3728 Silc Remote Buffer Overflow vulnerability in Silc Client and Silc Toolkit

Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.

5.0
2007-07-11 CVE-2007-3714 ADA Local File Include vulnerability in ADA Imgsvr 0.6.5

Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a ..

5.0
2007-07-11 CVE-2007-3709 Codeigniter Remote Security vulnerability in Codeigniter 1.5.3

CRLF injection vulnerability in the redirect function in url_helper.php in CodeIgniter 1.5.3 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in an unspecified parameter, as demonstrated by a Set-Cookie header.

5.0
2007-07-11 CVE-2007-3707 Codeigniter Directory Traversal vulnerability in Codeigniter 1.5.3

Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 before 20070628, when enable_query_strings is true, allows remote attackers to read arbitrary files via a ..

5.0
2007-07-11 CVE-2007-3702 Mail Machine Local File Include vulnerability in Mike's World Mail Machine Mailmachine.CGI

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2007-07-10 CVE-2007-3028 Microsoft Remote Denial Of Service vulnerability in Microsoft Windows Active Directory LDAP Request Validation

The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability".

5.0
2007-07-10 CVE-2007-3668 Numedia Soft INC Denial of Service vulnerability in Numedia Soft INC Nmsdvdx DVD Burning SDK 1.008

Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia NMSDVDX allow remote attackers to cause a denial of service via "improperly initialized" (1) LoadSegmentWord, (2) PartitionType, (3) SectorCount, and (4) BootFilePath variables.

5.0
2007-07-10 CVE-2007-3667 Activereportsexcelreport Denial of Service vulnerability in Data Dynamics ActiveReports DDRow EXCLEXPT.DLL ActiveX Control

Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport allows remote attackers to cause a denial of service via the DDRow Height variable.

5.0
2007-07-10 CVE-2007-3665 Symantec Denial of Service vulnerability in Symantec Norton Ghost 12.0

Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec Norton Ghost 12.0 allow remote attackers to cause a denial of service via unspecified vectors involving the UpdateCatalog and other functions.

5.0
2007-07-10 CVE-2007-3664 Eltima Software Denial-Of-Service vulnerability in Runservice

Multiple unspecified vulnerabilities in Eltima Software RunService ActiveX control (RunService.dll) allow remote attackers to cause a denial of service via certain functions when "improperly used", as demonstrated by the AcceptControls subroutine.

5.0
2007-07-10 CVE-2007-3661 Eltima Software Denial of Service vulnerability in Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control

Eltima Software Virtual Serial Port (VSPAX) ActiveX control (VSPort.DLL) allows remote attackers to cause a denial of service via certain function calls, as demonstrated via the (1) Attach, (2) Write, and (3) WriteStr functions.

5.0
2007-07-10 CVE-2007-3658 Microsoft Denial-Of-Service vulnerability in Register Server

Unspecified vulnerability in Microsoft Register Server (REGSVR) allows attackers to cause a denial of service via a crafted DLL library.

5.0
2007-07-09 CVE-2007-3628 Pear Remote Security vulnerability in Structures Datagrid Datasource Mdb2

Unspecified vulnerability in the fetch function in MDB2.php in PEAR Structures-DataGrid-DataSource-MDB2 0.1.9 and earlier allows attackers to "manipulate the generated sorting queries."

5.0
2007-07-09 CVE-2007-3625 Citrix Denial Of Service vulnerability in Citrix Presentation Server Client Content-Redirection

The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname.

5.0
2007-07-09 CVE-2007-3620 Maia Mailguard Directory Traversal vulnerability in Maia Mailguard

Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a ..

5.0
2007-07-09 CVE-2007-3619 Maia Mailguard Local File Include vulnerability in Maia Mailguard Login.PHP

Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2007-07-15 CVE-2007-3771 Symantec Stack Overflow vulnerability in Symantec Client Security and Norton Antivirus

Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message.

4.6
2007-07-10 CVE-2007-3659 Freewrl Local Security vulnerability in Freewrl 1.19.3

Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable.

4.6
2007-07-15 CVE-2007-3792 Azerbaijan Development Group Remote File Include vulnerability in Azerbaijan Development Group Azdgdating 3.0.5

Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold 3.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the int_path parameter to (1) header.php, (2) footer.php, or (3) secure.admin.php in templates/.

4.3
2007-07-15 CVE-2007-3784 Belkin HTML Injection vulnerability in Belkin F5D7231-4 Firmware4.05.03

Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client.

4.3
2007-07-15 CVE-2007-3014 Activeweb Cross-Site Scripting vulnerability in ActiveWeb Contentserver

Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).

4.3
2007-07-15 CVE-2007-3779 Squirrelmail File-Upload vulnerability in Squirrelmail GPG Plugin 2.1

PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter.

4.3
2007-07-15 CVE-2007-3645 Freebsd Remote vulnerability in Freebsd Libarchive 2.2.3

archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.

4.3
2007-07-15 CVE-2007-2402 Apple Information Exposure vulnerability in Apple Quicktime

QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.

4.3
2007-07-14 CVE-2007-3644 Freebsd Remote vulnerability in Freebsd Libarchive 2.2.3

archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.

4.3
2007-07-12 CVE-2007-3726 Rarlab Denial-Of-Service vulnerability in Rarlab Unrar 3.70Beta3

Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

4.3
2007-07-12 CVE-2007-3725 Clam Anti Virus Unspecified vulnerability in Clam Anti-Virus Clamav

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

4.3
2007-07-11 CVE-2007-3712 Hiddenchest HTML Injection vulnerability in Yb Ve Bayi Babvuru Formu

Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ve Bayi Basvuru Formu" (Yb ve Bayi Babvuru Formu) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-11 CVE-2007-3708 Codeigniter Cross-Site Scripting vulnerability in Codeigniter 1.5.3

Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before 20070626 allows remote attackers to inject arbitrary web script or HTML via (1) String.fromCharCode and (2) malformed nested tag manipulations in an unspecified component, related to insufficient sanitization by the xss_clean function.

4.3
2007-07-11 CVE-2007-3693 Gobi AND Helma Cross-Site Scripting vulnerability in Helma Search Script

Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.

4.3
2007-07-11 CVE-2007-3457 Adobe Cross-Site Request Forgery (CSRF) vulnerability in Adobe Flash Player

Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP Referer headers, which might allow remote attackers to conduct a CSRF attack via a crafted SWF file.

4.3
2007-07-10 CVE-2007-3672 Dotclear Cross-Site Scripting vulnerability in Dotclear 1.2.6

Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.

4.3
2007-07-10 CVE-2007-3670 Microsoft
Mozilla
Cross-Site Scripting vulnerability in multiple products

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe.

4.3
2007-07-10 CVE-2007-3669 Innovasys Denial of Service vulnerability in Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control

Multiple unspecified vulnerabilities in the Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control have unspecified attack vectors and impact, including a denial of service via "improper use" of the SaveToFile function.

4.3
2007-07-10 CVE-2007-3640 Adobe Cross-Site Scripting vulnerability in Adobe AIR

Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent attackers to modify arbitrary files within an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that uses an APPEND open operation and the writeUTFBytes function.

4.3
2007-07-10 CVE-2007-3635 Squirrelmail Local Security vulnerability in Squirrelmail GPG Plugin and Squirrelmail

Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors.

4.3
2007-07-09 CVE-2007-3623 Hitachi Cross-Site Scripting vulnerability in JP1/HiCommand Series Products

Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand Device Manager, Tiered Storage Manager, Replication Monitor, and GlobalLink Availability Manager before 20070528 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header.

4.3
2007-07-15 CVE-2007-3785 Eldos Corporation Unspecified vulnerability in Eldos Corporation Secureblackbox 5.1.0.112

Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method.

4.0
2007-07-15 CVE-2007-3781 Mysql Denial of Service vulnerability in Mysql Community Server 5.0.41/5.0.44

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.

4.0
2007-07-10 CVE-2007-3639 Wordpress Information Disclosure vulnerability in WordPress

WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

4.0

13 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-15 CVE-2007-3782 Mysql Permissions, Privileges, and Access Controls vulnerability in Mysql Community Server 5.0.41/5.0.44

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.

3.5
2007-07-11 CVE-2007-3688 Dotclear Cross-Site Request Forgery vulnerability in Dotclear 1.2.6

Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/redacteur.php, and (5) ecrire/user_prefs.php pages.

2.6
2007-07-11 CVE-2007-3685 Masuga Design Cross-Site Scripting vulnerability in Unobtrusive AJAX Star Rating Bar

Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

2.6
2007-07-09 CVE-2007-3622 ALT N Denial Of Service vulnerability in MDaemon Server DomainPOP Messages

Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.

2.6
2007-07-12 CVE-2007-3724 Microsoft Denial-Of-Service vulnerability in Windows XP Gold

The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-12 CVE-2007-3723 SUN Denial-Of-Service vulnerability in Sun Solaris

The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-12 CVE-2007-3722 Freebsd Denial-Of-Service vulnerability in FreeBSD

The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-12 CVE-2007-3721 Freebsd Denial-Of-Service vulnerability in FreeBSD

The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-12 CVE-2007-3720 Linux Denial-Of-Service vulnerability in Linux Kernel 2.4.0

The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that result in the process not being active during a clock interrupt, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-12 CVE-2007-3719 Linux Denial-Of-Service vulnerability in Linux Kernel 2.6.16

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

2.1
2007-07-11 CVE-2007-3706 Codeigniter Local Security vulnerability in Codeigniter 1.5.3

The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.

2.1
2007-07-10 CVE-2007-3107 Linux Local Denial of Service vulnerability in Linux PowerPC Kernel Restore_Sigcontext

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits.

2.1
2007-07-11 CVE-2007-3700 SUN Unspecified vulnerability in SUN Java System Access Manager

Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth.

1.7