Weekly Vulnerabilities Reports > July 16 to 22, 2007
Overview
109 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 102 products from 68 vendors including Oracle, Mozilla, Asterisk, Ipswitch, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Improper Input Validation", and "Use After Free".
- 104 reported vulnerabilities are remotely exploitables.
- 21 reported vulnerabilities have public exploit available.
- 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 96 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 18 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
19 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-21 | CVE-2007-3927 | Ipswitch | Buffer Overflow vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 (1) allow remote attackers to execute arbitrary code via unspecified vectors in Imailsec and (2) allow attackers to have an unknown impact via an unspecified vector related to "subscribe." | 10.0 |
2007-07-19 | CVE-2007-3907 | Ledgersmb | Authentication Bypass vulnerability in LedgerSMB Login.PL Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action. | 10.0 |
2007-07-17 | CVE-2007-3828 | Apple | Remote Code Execution vulnerability in Apple Mac OS X mDNSResponder Variant Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | 10.0 |
2007-07-17 | CVE-2007-3824 | Mehmet Zati Karahan | SQL Injection vulnerability in MzK Blog Katgoster.ASP SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter. | 10.0 |
2007-07-16 | CVE-2007-3803 | Clavister | Security Bypass vulnerability in Clavister Coreplus The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does not properly parse SMTP commands in certain circumstances, which allows remote attackers to bypass address blacklists. | 10.0 |
2007-07-16 | CVE-2007-3798 | Tcpdump Canonical Debian Slackware Freebsd Apple | Unchecked Return Value vulnerability in multiple products Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. | 9.8 |
2007-07-21 | CVE-2007-3935 | Phpbb | Remote Security vulnerability in PHPbb Supanav 1.0.0 PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 9.3 |
2007-07-21 | CVE-2007-3929 | Opera | Use After Free vulnerability in Opera Browser Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | 9.3 |
2007-07-18 | CVE-2007-3825 | Broadcom CA | Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures. | 9.3 |
2007-07-18 | CVE-2007-3762 | Asterisk | Remote Stack Buffer Overflow vulnerability in Asterisk IAX2 Channel Driver IAX2_Write Function Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. | 9.3 |
2007-07-18 | CVE-2007-3738 | Mozilla | Remote vulnerability in Mozilla Firefox 2.0.0.4 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | 9.3 |
2007-07-18 | CVE-2007-3737 | Mozilla | Remote vulnerability in Mozilla Firefox 2.0.0.4 Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | 9.3 |
2007-07-18 | CVE-2007-3735 | Mozilla | Remote vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | 9.3 |
2007-07-18 | CVE-2007-3734 | Mozilla | Remote vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | 9.3 |
2007-07-17 | CVE-2007-3832 | Cerulean Studios | Buffer Errors vulnerability in Cerulean Studios Trillian 3.1.6.0 Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ substring. | 9.3 |
2007-07-17 | CVE-2007-3831 | IBM | Remote Security vulnerability in IBM products PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 9.3 |
2007-07-17 | CVE-2007-3829 | Interactual Technologies Roxio | Remote Buffer Overflow vulnerability in InterActual Player IAMCE and IAKey Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey ActiveX Control (IAKey.dll). | 9.3 |
2007-07-17 | CVE-2007-3826 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 7 Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but before the onBeforeUnload function is called. | 9.3 |
2007-07-17 | CVE-2007-3841 | Pidgin | Remote Command Execution vulnerability in Pidgin 2.0.2 Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. | 9.0 |
38 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-21 | CVE-2007-3926 | Ipswitch | Denial-Of-Service vulnerability in Ipswitch Imail Server 2006.2 Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving an "overwritten destructor." | 7.8 |
2007-07-21 | CVE-2007-3923 | Cisco | Remote Denial of Service vulnerability in Cisco Wide Area Application Services CIFS The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. | 7.8 |
2007-07-17 | CVE-2007-3837 | Hydrairc | Denial-Of-Service vulnerability in Hydrairc 0.3.151 Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters. | 7.8 |
2007-07-17 | CVE-2007-3836 | Hydrairc | Denial-Of-Service vulnerability in Hydrairc 0.3.151 Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation. | 7.8 |
2007-07-17 | CVE-2007-3823 | Ipswitch | Denial-Of-Service vulnerability in Ipswitch WS FTP 7.5.29.0 The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. | 7.8 |
2007-07-21 | CVE-2007-3928 | Yahoo | Buffer Errors vulnerability in Yahoo Messenger 8.1 Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote authenticated users to execute arbitrary code via a long e-mail address in an address book entry. | 7.6 |
2007-07-21 | CVE-2007-3943 | Adaptive Business Design | SQL Injection vulnerability in Infinite Responder SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-07-21 | CVE-2007-3937 | A Shop | SQL Injection vulnerability in A-Shop Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2007-07-21 | CVE-2007-3934 | BBS | Remote File Include vulnerability in BBS E-Market P_Mode Parameter PHP remote file inclusion vulnerability in postscript/postscript.php in BBS E-Market allows remote attackers to execute arbitrary PHP code via a URL in the p_mode parameter. | 7.5 |
2007-07-21 | CVE-2007-3933 | Quickestore | SQL Injection vulnerability in Quickestore SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | 7.5 |
2007-07-21 | CVE-2007-3932 | Joomla | Unspecified vulnerability in Joomla Expose uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. | 7.5 |
2007-07-19 | CVE-2007-3909 | Bandersnatch | SQL Injection vulnerability in Bandersnatch 0.4 Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors. | 7.5 |
2007-07-19 | CVE-2007-3905 | Zoph | SQL Injection vulnerability in Zoph _Order SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php. | 7.5 |
2007-07-18 | CVE-2007-3889 | Insanely Simple Blog | SQL-Injection vulnerability in Insanely Simple Blog Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other unspecified vectors. | 7.5 |
2007-07-18 | CVE-2007-3884 | Aspindir | SQL Injection vulnerability in Aspindir Husrevforum 1.0.1/2.0.1 SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
2007-07-18 | CVE-2007-3882 | Popscript COM | SQL Injection vulnerability in Expert Advisor SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2007-07-18 | CVE-2007-3881 | Pictures Rating | SQL Injection vulnerability in Pictures Rating SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter. | 7.5 |
2007-07-18 | CVE-2007-3268 | IBM | Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2 The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error. | 7.5 |
2007-07-18 | CVE-2007-3869 | Oracle | Remote Security vulnerability in Peoplesoft Enterprise 8.9/9.0 Multiple unspecified vulnerabilities in the Customer Relationship Management Online Marketing component in Oracle PeopleSoft Enterprise 8.9 Bundle 26 and 9.0 Bundle 7 allow remote authenticated users to have an unknown impact, aka (1) PSE04 and (2) PSE05. | 7.5 |
2007-07-18 | CVE-2007-3867 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2 Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. | 7.5 |
2007-07-18 | CVE-2007-3866 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.1 Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables. | 7.5 |
2007-07-18 | CVE-2007-3865 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 12.0.1 Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01. | 7.5 |
2007-07-18 | CVE-2007-3864 | Oracle | Remote Security vulnerability in Oracle Collaboration Suite 10.1.2 Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02). | 7.5 |
2007-07-18 | CVE-2007-3863 | Oracle | Remote Security vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in Oracle JDeveloper for Application Server 10.1.2.2 and 10.1.3.1, and Collaboration Suite 10.1.2, allows context-dependent attackers to have an unknown impact via custom applications that use JBO.SERVER, aka JDEV02. | 7.5 |
2007-07-18 | CVE-2007-3862 | Oracle | Remote Security vulnerability in Oracle Application Server 10.1.2.0.2/9.0.4.3 Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01. | 7.5 |
2007-07-18 | CVE-2007-3861 | Oracle | Remote Security vulnerability in Oracle Application Server and Collaboration Suite Unspecified vulnerability in Oracle Jdeveloper in Oracle Application Server 10.1.2.2 and Collaboration Suite 10.1.2 allows context-dependent attackers to have an unknown impact via custom applications that use JBO.KEY, aka JDEV01. | 7.5 |
2007-07-18 | CVE-2007-3860 | Oracle | SQL-Injection vulnerability in Apex Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. | 7.5 |
2007-07-18 | CVE-2007-3859 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Oracle Internet Directory component for Oracle Database 9.2.0.8 and 9.2.0.8DV; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka OID01. | 7.5 |
2007-07-18 | CVE-2007-3858 | Oracle | Remote Security vulnerability in Oracle Database Server 10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow remote authenticated users to have an unknown impact via (1) EXFSYS.DBMS_RLMGR_UTL in Rules Manager (DB11) and (2) Program Interface (DB13). | 7.5 |
2007-07-18 | CVE-2007-3564 | Libcurl | Unspecified vulnerability in Libcurl libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. | 7.5 |
2007-07-17 | CVE-2007-3840 | Sitetrafficstats | SQL Injection vulnerability in SiteTrafficStats ReferralURL.PHP SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter. | 7.5 |
2007-07-17 | CVE-2007-3821 | Citadel | Input Validation vulnerability in Citadel Webcit 7.10 Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. | 7.5 |
2007-07-17 | CVE-2007-3814 | Mkportal | SQL Injection vulnerability in Mkportal 1.1.1 Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors. | 7.5 |
2007-07-17 | CVE-2007-3812 | Cmscout | SQL Injection vulnerability in CMScout Forums.PHP SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php. | 7.5 |
2007-07-17 | CVE-2007-3811 | Esyndicat | SQL Injection vulnerability in Esyndicat Directory 1.6 Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php. | 7.5 |
2007-07-17 | CVE-2007-3810 | It747 | SQL Injection vulnerability in REALTOR 747 SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | 7.5 |
2007-07-17 | CVE-2007-3809 | Prozilla | SQL Injection vulnerability in Prozilla Directory.PHP Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unspecified vectors. | 7.5 |
2007-07-17 | CVE-2007-3808 | PHP Arena | SQL Injection vulnerability in PHP Arena Pafiledb 3.6 SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a different vector than CVE-2005-2000. | 7.5 |
45 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-21 | CVE-2007-3939 | Spoonlabs | SQL Injection vulnerability in SpoonLabs Vivvo CMS SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | 6.8 |
2007-07-21 | CVE-2007-3922 | SUN | Unspecified vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | 6.8 |
2007-07-18 | CVE-2006-4183 | Microsoft | Buffer Errors vulnerability in Microsoft Directx SDK February2006 Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding. | 6.8 |
2007-07-17 | CVE-2007-3806 | PHP | Improper Input Validation vulnerability in PHP 5.2.3 The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure. | 6.8 |
2007-07-21 | CVE-2007-3925 | Ipswitch | Buffer Errors vulnerability in Ipswitch Imail Server and Ipswitch Collaboration Suite Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command. | 6.5 |
2007-07-18 | CVE-2007-3868 | Oracle | Remote Security vulnerability in Peoplesoft Enterprise Multiple unspecified vulnerabilities in PeopleTools in Oracle PeopleSoft Enterprise 8.22.15, 8.47.13, 8.48.10, and 8.49.02 allows remote authenticated users or attackers to have an unknown impact via multiple vectors, aka (1) PSE01, (2) PSE02, and (3) PSE03. | 6.5 |
2007-07-18 | CVE-2007-3857 | Oracle | Remote Security vulnerability in Oracle Database Server 10.1.0.5 Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow remote authenticated users to have an unknown impact via (a) the Oracle Text component, including (1) unspecified vectors (DB05), (2) CTXSYS.DRVXMD (DB06), (3) CTXSYS.DRI_MOVE_CTXSYS (DB07), (4) CTXSYS.DRVXMD (DB08), and (b) JavaVM (DB14). | 6.5 |
2007-07-18 | CVE-2007-3856 | Oracle | Unspecified vulnerability in Oracle Database Server and Oracle10G Unspecified vulnerability in the Oracle Data Mining component for Oracle Database 10g Release 2 10.2.0.2 and 10.2.0.3, 10g 10.1.0.5, and Oracle9i Database Release 2 9.2.0.7, 9.2.0.8, and 9.2.0.8DV has unknown impact and remote authenticated attack vectors related to DMSYS.DMP_SYS, aka DB04. | 6.5 |
2007-07-18 | CVE-2007-3855 | Oracle | Unspecified vulnerability in Oracle Database Server Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). | 6.5 |
2007-07-18 | CVE-2007-3853 | Oracle | Unspecified vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle Text component (DB09), and (3) MDSYS.SDO_GEOR_INT in the Spatial component (DB15). | 6.5 |
2007-07-21 | CVE-2007-3936 | A Shop | Path Traversal vulnerability in A-Shop Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter. | 6.4 |
2007-07-16 | CVE-2007-3800 | Symantec | Local Privilege Escalation vulnerability in Symantec Client Security and Norton Antivirus Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. | 6.0 |
2007-07-18 | CVE-2007-3854 | Oracle | Unspecified vulnerability in Oracle products Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). | 5.5 |
2007-07-16 | CVE-2007-3805 | Clavister | Cryptographic Issues vulnerability in Clavister Coreplus 8.81.00 The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service (gateway stop) via certain certificates. | 5.4 |
2007-07-18 | CVE-2007-3883 | Datadynamics | Insecure Methods vulnerability in Data Dynamics ActiveBar Actbar3.OCX ActiveX Control The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method. | 5.1 |
2007-07-20 | CVE-2007-3380 | Linux | Configuration vulnerability in Linux Kernel 2.6.15 The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the service. | 5.0 |
2007-07-19 | CVE-2007-3906 | Kaspersky LAB | Denial of Service vulnerability in Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. | 5.0 |
2007-07-18 | CVE-2007-3765 | Asterisk | Remote Denial of Service vulnerability in Asterisk The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. | 5.0 |
2007-07-18 | CVE-2007-3764 | Asterisk | Remote Denial of Service vulnerability in Asterisk The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." | 5.0 |
2007-07-18 | CVE-2007-3763 | Asterisk | Remote Denial of Service vulnerability in Asterisk The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. | 5.0 |
2007-07-17 | CVE-2007-3833 | Cerulean Studios | Remote Code Execution vulnerability in Cerulean Studios Trillian 3.1.6.0 The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and contains a full pathname in the ini field. | 5.0 |
2007-07-17 | CVE-2007-3827 | Mozilla | Remote Security vulnerability in Firefox Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | 5.0 |
2007-07-17 | CVE-2007-3819 | Opera | Unspecified vulnerability in Opera Browser 9.21 Opera 9.21 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | 5.0 |
2007-07-16 | CVE-2007-3804 | Clavister | Permissions, Privileges, and Access Controls vulnerability in Clavister Coreplus The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before 8.81.00 and 8.80.03 might allow remote attackers to bypass scanning via small files. | 5.0 |
2007-07-17 | CVE-2007-3815 | Republike Slovenije | Denial-Of-Service vulnerability in Republike Slovenije Pirs 2007 Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije (PIRS) 2007 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long search string in certain fields in the GUI. | 4.9 |
2007-07-19 | CVE-2007-3908 | HP | Local Privilege Escalation vulnerability in HP Serviceguard for Linux Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat Enterprise Linux (RHEL) 2.1 SG A.11.14.04 through A.11.14.06; RHEL 3.0 SG A.11.16.04 through A.11.16.10; and ServiceGuard Cluster Object Manager B.03.01.02 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2007-0980. | 4.6 |
2007-07-18 | CVE-2007-3870 | Oracle | Local Security vulnerability in Oracle Peoplesoft Enterprise 8.9 Multiple unspecified vulnerabilities in the Human Capital Management component in Oracle PeopleSoft Enterprise 8.9 Bundle 11 allow local users to have unknown impact via unknown vectors, aka (1) PSE06 and (2) PSE07. | 4.6 |
2007-07-21 | CVE-2007-3931 | Samsung | Local Privilege Escalation vulnerability in Samsung Scx-4200 Driver 2.00.95 The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges. | 4.4 |
2007-07-21 | CVE-2007-3941 | Jasmine | HTML Injection vulnerability in Jasmine CMS 1.01 Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS 1.0_1 allows remote authenticated users to inject arbitrary web script or HTML via the profile_email parameter. | 4.3 |
2007-07-21 | CVE-2007-3940 | Quickersite | Cross-Site Scripting vulnerability in Quickersite 1.7.2 Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. | 4.3 |
2007-07-21 | CVE-2007-3930 | Wiki Microsoft | Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain. | 4.3 |
2007-07-19 | CVE-2007-3910 | Bandersnatch | Cross-Site Scripting vulnerability in Bandersnatch 0.4 Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs. | 4.3 |
2007-07-18 | CVE-2007-3888 | Insanely Simple Blog | Input Validation vulnerability in Insanely Simple Blog Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the search action, possibly related to the term parameter to index.php; or (2) an anonymous blog entry, possibly involving the (a) posted_by, (b) subject, and (c) content parameters to index.php; as demonstrated by the onmouseover attribute of certain elements. | 4.3 |
2007-07-18 | CVE-2007-3887 | ASP Ziyaretci Defteri | Cross-Site Scripting vulnerability in ASP Ziyaretci Defteri ASP Ziyaretci Defteri 1.1 Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. | 4.3 |
2007-07-18 | CVE-2007-3886 | Netimage Media | Cross-Site Scripting vulnerability in ElementCMS S Parameter Cross-site scripting (XSS) vulnerability in default.asp in Element CMS allows remote attackers to inject arbitrary web script or HTML via the s parameter in a search pID action. | 4.3 |
2007-07-18 | CVE-2007-3885 | Aspindir | Unspecified vulnerability in Aspindir Husrevforum 1.0.1 Cross-site scripting (XSS) vulnerability in philboard_search.asp in husrevforum 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. | 4.3 |
2007-07-18 | CVE-2007-3736 | Mozilla | Remote vulnerability in Mozilla Firefox 2.0.0.4 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. | 4.3 |
2007-07-17 | CVE-2007-3842 | 8E6 | Cross-Site Scripting vulnerability in 8E6 R3000 Enterprise Filter 2.0.00 Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-07-17 | CVE-2007-3834 | Exlibris Group | Cross-Site Scripting vulnerability in Exlibris Group Aleph 3.12 Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. | 4.3 |
2007-07-17 | CVE-2007-3817 | Drupal | HTML Injection vulnerability in Drupal LoginToboggan Module Username Cross-site scripting (XSS) vulnerability in the LoginToboggan module 4.7.x-1.0, 4.7.x-1.x-dev, and 5.x-1.x-dev before 20070712 for Drupal, when configured to display a "Log out" link, allows remote attackers to inject arbitrary web script or HTML via a crafted username. | 4.3 |
2007-07-17 | CVE-2007-3813 | Mkportal | Remote Security vulnerability in Mkportal Noboard Module Beta PHP remote file inclusion vulnerability in include/user.php in the NoBoard BETA module for MKPortal allows remote attackers to execute arbitrary PHP code via a URL in the MK_PATH parameter. | 4.3 |
2007-07-16 | CVE-2007-3799 | PHP | Improper Input Validation vulnerability in PHP The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. | 4.3 |
2007-07-17 | CVE-2007-3839 | Tbdev NET | Cross-Site Scripting vulnerability in Tbdev.Net DR 010306/111005Betasf11/161205Beta1161 Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. | 4.0 |
2007-07-17 | CVE-2007-3018 | Activeweb | Unspecified vulnerability in Activeweb Contentserver activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories. | 4.0 |
2007-07-17 | CVE-2007-3017 | Activeweb | Unspecified vulnerability in Activeweb Contentserver The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp. | 4.0 |
7 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2007-07-17 | CVE-2007-3830 | IBM | Cross-Site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | 3.5 |
2007-07-17 | CVE-2007-3818 | Drupal | Cross-Site Scripting vulnerability in Logintoboggan Module Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block." | 3.5 |
2007-07-17 | CVE-2007-3838 | Tbdev NET | HTML Injection vulnerability in Tbdev.Net DR 010306/111005Betasf11/161205Beta1161 Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. | 2.6 |
2007-07-17 | CVE-2007-3835 | Exlibris Group | Cross-Site Scripting vulnerability in Multiple Ex Libris Products Keyword Searches Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search. | 2.6 |
2007-07-17 | CVE-2007-3822 | Citadel | Cross-Site Scripting vulnerability in Citadel Webcit 7.10 Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. | 2.6 |
2007-07-17 | CVE-2007-3820 | KDE | Unspecified vulnerability in KDE Konqueror 3.5.7 konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | 2.6 |
2007-07-17 | CVE-2007-3807 | Sitescape | Cross-Site Scripting vulnerability in SiteScape Forum Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors. | 2.6 |