Weekly Vulnerabilities Reports > July 16 to 22, 2007

Overview

114 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 103 products from 70 vendors including Oracle, Mozilla, Microsoft, Asterisk, and Ipswitch. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 109 reported vulnerabilities are remotely exploitables.
  • 22 reported vulnerabilities have public exploit available.
  • 9 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 101 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 18 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

19 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-21 CVE-2007-3927 Ipswitch Buffer Overflow vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite

Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe."

10.0
2007-07-19 CVE-2007-3907 Ledgersmb Authentication Bypass vulnerability in LedgerSMB Login.PL

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.

10.0
2007-07-17 CVE-2007-3828 Apple Remote Code Execution vulnerability in Apple Mac OS X mDNSResponder Variant

Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.

10.0
2007-07-17 CVE-2007-3824 Mehmet Zati Karahan SQL Injection vulnerability in MzK Blog Katgoster.ASP

SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.

10.0
2007-07-16 CVE-2007-3803 Clavister Security Bypass vulnerability in Clavister Coreplus

The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists.

10.0
2007-07-21 CVE-2007-3935 Phpbb Remote Security vulnerability in PHPbb Supanav 1.0.0

PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

9.3
2007-07-21 CVE-2007-3929 Opera Software Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Opera Software Opera web Browser

Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object.

9.3
2007-07-21 CVE-2007-3924 Microsoft
Netscape
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670.
9.3
2007-07-18 CVE-2007-3825 Broadcom
CA
Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
9.3
2007-07-18 CVE-2007-3762 Asterisk Remote Stack Buffer Overflow vulnerability in Asterisk IAX2 Channel Driver IAX2_Write Function

Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.

9.3
2007-07-18 CVE-2007-3738 Mozilla Remote vulnerability in Mozilla Firefox 2.0.0.4

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

9.3
2007-07-18 CVE-2007-3737 Mozilla Remote vulnerability in Mozilla Firefox 2.0.0.4

Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

9.3
2007-07-18 CVE-2007-3735 Mozilla Remote vulnerability in Mozilla Firefox and Thunderbird

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

9.3
2007-07-18 CVE-2007-3734 Mozilla Remote vulnerability in Mozilla Firefox and Thunderbird

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

9.3
2007-07-17 CVE-2007-3832 Cerulean Studios Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.6.0

Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring.

9.3
2007-07-17 CVE-2007-3831 IBM Remote Security vulnerability in IBM products

PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

9.3
2007-07-17 CVE-2007-3829 Interactual Technologies
Roxio
Remote Buffer Overflow vulnerability in InterActual Player IAMCE and IAKey

Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll).

9.3
2007-07-17 CVE-2007-3826 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7

Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called.

9.3
2007-07-17 CVE-2007-3841 Pidgin Remote Command Execution vulnerability in Pidgin 2.0.2

Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035.

9.0

40 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-21 CVE-2007-3926 Ipswitch Denial-Of-Service vulnerability in Ipswitch Imail Server 2006.2

Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor."

7.8
2007-07-21 CVE-2007-3923 Cisco Remote Denial of Service vulnerability in Cisco Wide Area Application Services CIFS

The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445.

7.8
2007-07-17 CVE-2007-3837 Hydrairc Denial-Of-Service vulnerability in Hydrairc 0.3.151

Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.

7.8
2007-07-17 CVE-2007-3836 Hydrairc Denial-Of-Service vulnerability in Hydrairc 0.3.151

Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.

7.8
2007-07-17 CVE-2007-3823 Ipswitch Denial-Of-Service vulnerability in Ipswitch WS FTP 7.5.29.0

The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp.

7.8
2007-07-17 CVE-2007-3816 Brics Remote Denial Of Service vulnerability in RETIRED: Anders Møller JWIG Template

** DISPUTED ** JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates.

7.8
2007-07-21 CVE-2007-3928 Yahoo Buffer Errors vulnerability in Yahoo Messenger 8.1

Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry.

7.6
2007-07-17 CVE-2007-3796 Mailmarshal Unspecified vulnerability in Mailmarshal Smtp

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.

7.6
2007-07-21 CVE-2007-3943 Adaptive Business Design SQL Injection vulnerability in Infinite Responder

SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-07-21 CVE-2007-3938 Maxdev SQL Injection vulnerability in Maxdev Mdpro

SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.

7.5
2007-07-21 CVE-2007-3937 A Shop SQL Injection vulnerability in A-Shop

Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2007-07-21 CVE-2007-3934 BBS Remote File Include vulnerability in BBS E-Market P_Mode Parameter

PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter.

7.5
2007-07-21 CVE-2007-3933 Quickestore SQL Injection vulnerability in Quickestore

SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.

7.5
2007-07-21 CVE-2007-3932 Joomla Unspecified vulnerability in Joomla Expose

uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.

7.5
2007-07-19 CVE-2007-3909 Bandersnatch SQL Injection vulnerability in Bandersnatch 0.4

Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.

7.5
2007-07-19 CVE-2007-3905 Zoph SQL Injection vulnerability in Zoph _Order

SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.

7.5
2007-07-18 CVE-2007-3889 Insanely Simple Blog SQL-Injection vulnerability in Insanely Simple Blog

Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors.

7.5
2007-07-18 CVE-2007-3884 Aspindir SQL Injection vulnerability in Aspindir Husrevforum 1.0.1/2.0.1

SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

7.5
2007-07-18 CVE-2007-3882 Popscript COM SQL Injection vulnerability in Expert Advisor

SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2007-07-18 CVE-2007-3881 Pictures Rating SQL Injection vulnerability in Pictures Rating

SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

7.5
2007-07-18 CVE-2007-3869 Oracle Remote Security vulnerability in Peoplesoft Enterprise 8.9/9.0

Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05.

7.5
2007-07-18 CVE-2007-3867 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.

7.5
2007-07-18 CVE-2007-3866 Oracle Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.1

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.

7.5
2007-07-18 CVE-2007-3865 Oracle Unspecified vulnerability in Oracle E-Business Suite 12.0.1

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.

7.5
2007-07-18 CVE-2007-3864 Oracle Remote Security vulnerability in Oracle Collaboration Suite 10.1.2

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02).

7.5
2007-07-18 CVE-2007-3863 Oracle Remote Security vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02.

7.5
2007-07-18 CVE-2007-3862 Oracle Remote Security vulnerability in Oracle Application Server 10.1.2.0.2/9.0.4.3

Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.

7.5
2007-07-18 CVE-2007-3861 Oracle Remote Security vulnerability in Oracle Application Server and Collaboration Suite

Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01.

7.5
2007-07-18 CVE-2007-3860 Oracle SQL-Injection vulnerability in Apex

Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01.

7.5
2007-07-18 CVE-2007-3859 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01.

7.5
2007-07-18 CVE-2007-3858 Oracle Remote Security vulnerability in Oracle Database Server 10.2.0.3

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13).

7.5
2007-07-18 CVE-2007-3564 Libcurl Unspecified vulnerability in Libcurl

libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.

7.5
2007-07-17 CVE-2007-3840 Sitetrafficstats SQL Injection vulnerability in SiteTrafficStats ReferralURL.PHP

SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.

7.5
2007-07-17 CVE-2007-3821 Citadel Input Validation vulnerability in Citadel Webcit 7.10

Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.

7.5
2007-07-17 CVE-2007-3814 Mkportal SQL Injection vulnerability in Mkportal 1.1.1

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.

7.5
2007-07-17 CVE-2007-3812 Cmscout SQL Injection vulnerability in CMScout Forums.PHP

SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.

7.5
2007-07-17 CVE-2007-3811 Esyndicat SQL Injection vulnerability in Esyndicat Directory 1.6

Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.

7.5
2007-07-17 CVE-2007-3810 It747 SQL Injection vulnerability in REALTOR 747

SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

7.5
2007-07-17 CVE-2007-3809 Prozilla SQL Injection vulnerability in Prozilla Directory.PHP

Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors.

7.5
2007-07-17 CVE-2007-3808 PHP Arena SQL Injection vulnerability in PHP Arena Pafiledb 3.6

SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000.

7.5

48 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-21 CVE-2007-3939 Spoonlabs SQL Injection vulnerability in SpoonLabs Vivvo CMS

SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

6.8
2007-07-21 CVE-2007-3922 SUN Unspecified vulnerability in SUN Jdk, JRE and SDK

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

6.8
2007-07-18 CVE-2006-4183 Microsoft Buffer Errors vulnerability in Microsoft Directx SDK February2006

Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.

6.8
2007-07-17 CVE-2007-3806 PHP Improper Input Validation vulnerability in PHP 5.2.3

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

6.8
2007-07-16 CVE-2007-3798 Tcpdump Numeric Errors vulnerability in Tcpdump

Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.

6.8
2007-07-21 CVE-2007-3925 Ipswitch Buffer Errors vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite

Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.

6.5
2007-07-18 CVE-2007-3868 Oracle Remote Security vulnerability in Peoplesoft Enterprise

Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03.

6.5
2007-07-18 CVE-2007-3857 Oracle Remote Security vulnerability in Oracle Database Server 10.1.0.5

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14).

6.5
2007-07-18 CVE-2007-3856 Oracle Unspecified vulnerability in Oracle Database Server and Oracle10G

Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04.

6.5
2007-07-18 CVE-2007-3855 Oracle Unspecified vulnerability in Oracle Database Server

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17).

6.5
2007-07-18 CVE-2007-3853 Oracle Unspecified vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15).

6.5
2007-07-21 CVE-2007-3936 A Shop Path Traversal vulnerability in A-Shop

Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.

6.4
2007-07-16 CVE-2007-3800 Symantec Local Privilege Escalation vulnerability in Symantec Client Security and Norton Antivirus

Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.

6.0
2007-07-21 CVE-2007-3942 Simple Machines Unspecified vulnerability in Simple Machines Simple Machines Forum 1.1.3

** DISPUTED ** Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash.

5.8
2007-07-18 CVE-2007-3854 Oracle Unspecified vulnerability in Oracle products

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).

5.5
2007-07-16 CVE-2007-3805 Clavister Cryptographic Issues vulnerability in Clavister Coreplus 8.81.00

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates.

5.4
2007-07-18 CVE-2007-3883 Datadynamics Insecure Methods vulnerability in Data Dynamics ActiveBar Actbar3.OCX ActiveX Control

The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.

5.1
2007-07-20 CVE-2007-3380 Linux Configuration vulnerability in Linux Kernel 2.6.15

The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service.

5.0
2007-07-19 CVE-2007-3906 Kaspersky LAB Denial of Service vulnerability in Kaspersky Anti-Virus 5.5 for Check Point Firewall-1

Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors.

5.0
2007-07-18 CVE-2007-3268 IBM Denial of Service vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2

The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.

5.0
2007-07-18 CVE-2007-3765 Asterisk Remote Denial of Service vulnerability in Asterisk

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.

5.0
2007-07-18 CVE-2007-3764 Asterisk Remote Denial of Service vulnerability in Asterisk

The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."

5.0
2007-07-18 CVE-2007-3763 Asterisk Remote Denial of Service vulnerability in Asterisk

The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

5.0
2007-07-17 CVE-2007-3833 Cerulean Studios Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0

The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field.

5.0
2007-07-17 CVE-2007-3827 Mozilla Remote Security vulnerability in Firefox

Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.

5.0
2007-07-17 CVE-2007-3819 Opera Unspecified vulnerability in Opera Browser 9.21

Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

5.0
2007-07-16 CVE-2007-3804 Clavister Permissions, Privileges, and Access Controls vulnerability in Clavister Coreplus

The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files.

5.0
2007-07-17 CVE-2007-3815 Republike Slovenije Denial-Of-Service vulnerability in Republike Slovenije Pirs 2007

Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI.

4.9
2007-07-19 CVE-2007-3908 HP Local Privilege Escalation vulnerability in HP Serviceguard for Linux

Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Object Manager B.03.01.02 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2007-0980.

4.6
2007-07-18 CVE-2007-3870 Oracle Local Security vulnerability in Oracle Peoplesoft Enterprise 8.9

Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07.

4.6
2007-07-21 CVE-2007-3931 Samsung Local Privilege Escalation vulnerability in Samsung Scx-4200 Driver 2.00.95

The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.

4.4
2007-07-21 CVE-2007-3941 Jasmine HTML Injection vulnerability in Jasmine CMS 1.01

Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter.

4.3
2007-07-21 CVE-2007-3940 Quickersite Cross-Site Scripting vulnerability in Quickersite 1.7.2

Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action.

4.3
2007-07-21 CVE-2007-3930 Wiki
Microsoft
Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
4.3
2007-07-19 CVE-2007-3910 Bandersnatch Cross-Site Scripting vulnerability in Bandersnatch 0.4

Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs.

4.3
2007-07-18 CVE-2007-3888 Insanely Simple Blog Input Validation vulnerability in Insanely Simple Blog

Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements.

4.3
2007-07-18 CVE-2007-3887 ASP Ziyaretci Defteri Cross-Site Scripting vulnerability in ASP Ziyaretci Defteri ASP Ziyaretci Defteri 1.1

Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields.

4.3
2007-07-18 CVE-2007-3886 Netimage Media Cross-Site Scripting vulnerability in ElementCMS S Parameter

Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action.

4.3
2007-07-18 CVE-2007-3885 Aspindir Unspecified vulnerability in Aspindir Husrevforum 1.0.1

Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

4.3
2007-07-18 CVE-2007-3736 Mozilla Remote vulnerability in Mozilla Firefox 2.0.0.4

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed.

4.3
2007-07-17 CVE-2007-3842 8E6 Cross-Site Scripting vulnerability in 8E6 R3000 Enterprise Filter 2.0.00

Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2007-07-17 CVE-2007-3834 Exlibris Group Cross-Site Scripting vulnerability in Exlibris Group Aleph 3.12

Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search.

4.3
2007-07-17 CVE-2007-3817 Drupal HTML Injection vulnerability in Drupal LoginToboggan Module Username

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username.

4.3
2007-07-17 CVE-2007-3813 Mkportal Remote Security vulnerability in Mkportal Noboard Module Beta

PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter.

4.3
2007-07-16 CVE-2007-3799 PHP Improper Input Validation vulnerability in PHP

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

4.3
2007-07-17 CVE-2007-3839 Tbdev NET Cross-Site Scripting vulnerability in Tbdev.Net DR 010306/111005Betasf11/161205Beta1161

Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter.

4.0
2007-07-17 CVE-2007-3018 Activeweb Unspecified vulnerability in Activeweb Contentserver

activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.

4.0
2007-07-17 CVE-2007-3017 Activeweb Unspecified vulnerability in Activeweb Contentserver

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.

4.0

7 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2007-07-17 CVE-2007-3830 IBM Cross-Site Scripting vulnerability in IBM products

Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.

3.5
2007-07-17 CVE-2007-3818 Drupal Cross-Site Scripting vulnerability in Logintoboggan Module

Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."

3.5
2007-07-17 CVE-2007-3838 Tbdev NET HTML Injection vulnerability in Tbdev.Net DR 010306/111005Betasf11/161205Beta1161

Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter.

2.6
2007-07-17 CVE-2007-3835 Exlibris Group Cross-Site Scripting vulnerability in Multiple Ex Libris Products Keyword Searches

Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.

2.6
2007-07-17 CVE-2007-3822 Citadel Cross-Site Scripting vulnerability in Citadel Webcit 7.10

Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.

2.6
2007-07-17 CVE-2007-3820 KDE Unspecified vulnerability in KDE Konqueror 3.5.7

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

2.6
2007-07-17 CVE-2007-3807 Sitescape Cross-Site Scripting vulnerability in SiteScape Forum

Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.

2.6